Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infections - SillyFDC-AW plus others


  • This topic is locked This topic is locked
17 replies to this topic

#1 amt36

amt36

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 May 2011 - 12:20 PM

My computer became infected shortly after upgrading to Kaspersky Pure from Kaspersky Internet Security. Kaspersky was up to date, no problems detected. I also run a paid copy of Malwarebytes that was up to date and it didn't find anything. System is really slow and unresponsive. Many functions are blocked/disabled. From searching your site it seems that my USB drive might be infected?? Below is the output you requested. Thank you in advance for your help.



.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Aldona at 10:22:01.89 on Mon 05/09/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1502 [GMT -4:00]
.
AV: Kaspersky PURE *Enabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
F:\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
StartupFolder: c:\users\aldona\appdata\roaming\micros~1\windows\startm~1\programs\startup\cnette~1.lnk - c:\users\aldona\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe
StartupFolder: c:\users\aldona\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\aldona\desktop\virus removal tool\setup_9.0.0.722_04.05.2011_03-40\startup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aldona\appdata\roaming\mozilla\firefox\profiles\arg5i94x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 31047822;31047822 Boot Guard Driver;c:\windows\system32\drivers\31047822.sys [2011-5-3 37392]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2011-4-25 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S1 31047821;31047821;c:\windows\system32\drivers\31047821.sys [2011-5-3 128016]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2011-4-25 39352]
S2 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-14 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-3 363344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-10 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-26 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-14 136176]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-3 20952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-14 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-05-07 19:06:15 162392 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-05-07 19:05:57 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-07 19:05:57 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-07 18:35:23 -------- d--h--w- C:\kleaner.tmp
2011-05-06 15:40:51 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f26ec64b-732b-4fd6-ab2f-4b19ac250fa1}\mpengine.dll
2011-05-04 14:40:12 -------- d-----w- c:\windows\system32\SPReview
2011-05-04 14:24:35 -------- d-----w- c:\windows\system32\EventProviders
2011-05-04 13:43:24 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-04 13:43:17 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-05-04 13:43:17 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-05-04 13:43:16 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-05-04 13:43:10 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-05-04 13:43:10 1171456 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-04 13:43:09 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-05-04 13:43:07 1159168 ----a-w- c:\windows\system32\sysmain.dll
2011-05-04 13:43:05 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2011-05-04 13:43:03 327168 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-05-04 13:43:02 428032 ----a-w- c:\windows\system32\secproc.dll
2011-05-04 13:41:59 81920 ----a-w- c:\windows\system32\userenv.dll
2011-05-04 13:40:59 66560 ----a-w- c:\windows\system32\hbaapi.dll
2011-05-04 13:39:59 68608 ----a-w- c:\windows\system32\WSTPager.ax
2011-05-04 13:38:59 94208 ----a-w- c:\windows\system32\eappgnui.dll
2011-05-04 13:35:22 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-04 13:35:22 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-05-04 13:35:22 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-04 13:35:22 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-04 13:34:28 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-04 13:33:48 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-04 13:33:48 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-05-04 13:28:35 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-05-04 13:28:33 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-04 11:48:05 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-04 11:48:04 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-04 01:25:46 37392 ----a-w- c:\windows\system32\drivers\31047822.sys
2011-05-04 01:25:46 128016 ----a-w- c:\windows\system32\drivers\31047821.sys
2011-05-03 15:10:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-03 15:10:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 15:10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-26 02:02:00 -------- d-----w- c:\users\aldona\appdata\roaming\Kaspersky Lab
2011-04-25 23:25:06 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-04-25 23:25:06 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-04-25 23:23:45 -------- d-----w- c:\program files\common files\InfoWatch
2011-04-25 23:23:43 -------- d-----w- c:\program files\Kaspersky Lab
2011-04-25 15:57:01 -------- d-----w- c:\program files\iPod
2011-04-25 15:57:00 -------- d-----w- c:\program files\iTunes
2011-04-25 15:50:27 -------- d-----w- c:\program files\Bonjour
2011-04-21 22:15:21 -------- d-----w- c:\program files\Microsoft Analysis Services
.
==================== Find3M ====================
.
2011-05-04 18:12:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 05:30:54 2616320 ----a-w- c:\windows\explorer.exe
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 05:39:44 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-02-12 05:35:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
.
============= FINISH: 10:23:17.30 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/13/2010 9:39:20 PM
System Uptime: 5/8/2011 12:57:09 PM (22 hours ago)
.
Motherboard: Gateway | |
Processor: Intel® Core™2 CPU T5200 @ 1.60GHz | uFCPGA2 | 1596/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 68.201 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.739 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: kl1
Device ID: ROOT\LEGACY_KL1\0000
Manufacturer:
Name: kl1
PNP Device ID: ROOT\LEGACY_KL1\0000
Service: kl1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_0366107B&REV_00\4&315A142C&0&4AF0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_0366107B&REV_00\4&315A142C&0&4AF0
Service:
.
==== System Restore Points ===================
.
RP166: 5/4/2011 10:36:18 AM - Windows 7 Service Pack 1
RP167: 5/5/2011 3:00:18 AM - Windows Update
RP168: 5/7/2011 2:53:57 PM - Installed Kaspersky PURE.
RP169: 5/7/2011 3:02:36 PM - Installed Kaspersky PURE.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
5600
5600_Help
5600Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
BufferChm
CNET TechTracker
Copy
Coupon Printer for Windows
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DeviceDiscovery
DocProc
ExamView Player
ExamView Pro
Fax
Garmin Communicator Plugin
Garmin USB Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
Kaspersky PURE
LG USB Modem driver
Malwarebytes' Anti-Malware
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
QuickTime
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.4
Status
Toolbox
TrayApp
Uniblue RegistryBooster
Uniblue SystemTweaker
UnloadSupport
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 2:36:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/9/2011 10:15:25 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
5/8/2011 12:59:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2011 12:59:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2011 12:58:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/8/2011 12:58:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/8/2011 12:58:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/8/2011 12:58:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/8/2011 12:57:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
5/8/2011 12:55:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2011 1:13:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
5/7/2011 5:53:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CSObjectsSrv with arguments "" in order to run the server: {D7B356D0-0DA4-11DB-8993-005056C00008}
5/7/2011 5:05:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
5/7/2011 3:48:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/7/2011 3:48:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2011 3:48:13 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2011 2:35:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/7/2011 1:10:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/4/2011 2:26:10 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/3682725100/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
5/4/2011 2:26:10 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2555231479/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
5/4/2011 2:26:10 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
5/3/2011 10:13:19 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.140. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
5/2/2011 8:29:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CSVirtualDiskDrv discache kl1 KLIF spldr Wanarpv6
5/2/2011 10:44:55 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.133. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
31047821 CSVirtualDiskDrv discache kl1 KLIF spldr Wanarpv6
31047821 CSVirtualDiskDrv discache kl1 KLIF setup_9.0.0.722_04.05.2011_03-40drv spldr Wanarpv6
31047821 AFD CSVirtualDiskDrv DfsC discache kl1 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
.
==== End Of File ===========================


Attached File  Attach.txt   13.73KB   0 downloadsAttached File  ark.txt   11.96KB   3 downloads

Please help! Multiple computers are now infected. Thanks in advance!!!!!

EDIT: Posts merged ~Budapest

Edited by Budapest, 10 May 2011 - 02:08 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:43 PM

Posted 20 May 2011 - 07:21 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 amt36

amt36
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 21 May 2011 - 02:09 PM

I'm here and waiting for your instructions.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:43 PM

Posted 21 May 2011 - 06:01 PM

I have to go down the obvious route here and ask if you have considered uninstalling Kaspersky and checking whether the symptoms are still there?
Posted Image
m0le is a proud member of UNITE

#5 amt36

amt36
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 21 May 2011 - 10:15 PM

I've uninstalled Kaspersky Pure and Malwarebytes more times than I can count. I used the uninstall tools for both, rebooted, basically followed all the steps. Since I posted I documented specific symptoms. At one point I thought it was removed then it reappeared and took over again. Here are the symptoms:

- Windows firewall disabled.
- Windows update is disabled.
- Runs really slowly and hangs. Opening Win task manager sometimes gets it moving again.
- Makes a weird error sound that is not part of the Windows 7 sounds
- Malwarebytes proactive defense is disabled (I have a purchased copy) "enable malware protection <start service> failed to run".
- Most aspects of Kaspersky Pure disabled.
- Tried to launch MS Safety Scanner and got "This version of MS safety scanner has expired and will no longer run on this computer".
- Kaspersky Virus Removal Tool stops immediately after launch.
- Tried to delete one of 2 user accounts and it would not let me.
- testtesttesttest in the search box.
- Many password protected files
- Kaspersky and Malwarebytes never find malware


Let me know what to do next.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:43 PM

Posted 22 May 2011 - 08:16 AM

Okay, I needed to check.

Please run TDSSKiller and aswMBR - we are now looking for a rootkit

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 amt36

amt36
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 22 May 2011 - 08:17 PM

I ran TDSSKiller as instructed and no malicious objects were found. The report follows.


2011/05/22 21:03:44.0578 6652 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 21:03:45.0414 6652 ================================================================================
2011/05/22 21:03:45.0414 6652 SystemInfo:
2011/05/22 21:03:45.0415 6652
2011/05/22 21:03:45.0415 6652 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/22 21:03:45.0415 6652 Product type: Workstation
2011/05/22 21:03:45.0415 6652 ComputerName: GATEWAYLAPTOP
2011/05/22 21:03:45.0416 6652 UserName: Aldona
2011/05/22 21:03:45.0416 6652 Windows directory: C:\Windows
2011/05/22 21:03:45.0416 6652 System windows directory: C:\Windows
2011/05/22 21:03:45.0416 6652 Processor architecture: Intel x86
2011/05/22 21:03:45.0416 6652 Number of processors: 2
2011/05/22 21:03:45.0416 6652 Page size: 0x1000
2011/05/22 21:03:45.0416 6652 Boot type: Normal boot
2011/05/22 21:03:45.0416 6652 ================================================================================
2011/05/22 21:03:49.0701 6652 Initialize success
2011/05/22 21:03:54.0906 6256 ================================================================================
2011/05/22 21:03:54.0906 6256 Scan started
2011/05/22 21:03:54.0906 6256 Mode: Manual;
2011/05/22 21:03:54.0906 6256 ================================================================================
2011/05/22 21:03:57.0984 6256 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/05/22 21:03:58.0802 6256 94041881 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\94041881.sys
2011/05/22 21:03:58.0947 6256 94041882 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\94041882.sys
2011/05/22 21:03:59.0361 6256 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/05/22 21:03:59.0701 6256 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/05/22 21:04:00.0065 6256 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/22 21:04:00.0325 6256 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/22 21:04:00.0454 6256 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/22 21:04:00.0700 6256 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/05/22 21:04:01.0011 6256 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/05/22 21:04:01.0246 6256 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/22 21:04:01.0378 6256 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/05/22 21:04:01.0440 6256 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/05/22 21:04:01.0629 6256 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/05/22 21:04:01.0733 6256 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/22 21:04:02.0032 6256 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/22 21:04:02.0130 6256 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/05/22 21:04:02.0309 6256 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/22 21:04:02.0511 6256 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/05/22 21:04:02.0648 6256 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/05/22 21:04:02.0811 6256 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/22 21:04:02.0920 6256 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/22 21:04:03.0106 6256 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/22 21:04:03.0215 6256 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/05/22 21:04:03.0366 6256 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/22 21:04:03.0680 6256 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/22 21:04:03.0980 6256 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/22 21:04:04.0090 6256 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/22 21:04:04.0349 6256 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/22 21:04:04.0493 6256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/22 21:04:04.0849 6256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/22 21:04:05.0280 6256 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/22 21:04:05.0947 6256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/22 21:04:06.0094 6256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/22 21:04:06.0388 6256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/22 21:04:06.0544 6256 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/22 21:04:06.0696 6256 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/22 21:04:06.0965 6256 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/05/22 21:04:07.0152 6256 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/22 21:04:07.0321 6256 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/22 21:04:07.0649 6256 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/22 21:04:07.0795 6256 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/05/22 21:04:07.0934 6256 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/22 21:04:08.0281 6256 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/22 21:04:08.0441 6256 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/22 21:04:08.0532 6256 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/22 21:04:08.0727 6256 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\Windows\system32\DRIVERS\CSCrySec.sys
2011/05/22 21:04:08.0919 6256 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
2011/05/22 21:04:09.0017 6256 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/05/22 21:04:09.0106 6256 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/22 21:04:09.0164 6256 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/22 21:04:09.0251 6256 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/22 21:04:09.0308 6256 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
2011/05/22 21:04:09.0412 6256 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/22 21:04:09.0481 6256 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/22 21:04:09.0559 6256 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/22 21:04:09.0749 6256 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/22 21:04:09.0975 6256 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/22 21:04:10.0096 6256 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/05/22 21:04:10.0209 6256 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/22 21:04:10.0286 6256 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/22 21:04:10.0392 6256 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/22 21:04:10.0550 6256 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/22 21:04:10.0618 6256 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/22 21:04:10.0782 6256 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/22 21:04:10.0900 6256 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/22 21:04:11.0029 6256 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/22 21:04:11.0154 6256 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/22 21:04:11.0234 6256 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/22 21:04:11.0359 6256 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/22 21:04:11.0423 6256 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/22 21:04:11.0544 6256 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/22 21:04:11.0652 6256 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/22 21:04:11.0781 6256 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/05/22 21:04:11.0854 6256 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/22 21:04:11.0925 6256 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/22 21:04:11.0969 6256 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/22 21:04:12.0123 6256 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/22 21:04:12.0216 6256 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/05/22 21:04:12.0362 6256 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/22 21:04:12.0477 6256 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/05/22 21:04:12.0582 6256 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/22 21:04:12.0640 6256 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/05/22 21:04:12.0761 6256 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/05/22 21:04:13.0029 6256 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/22 21:04:13.0379 6256 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/22 21:04:13.0498 6256 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/05/22 21:04:13.0583 6256 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/22 21:04:13.0691 6256 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/22 21:04:13.0866 6256 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/22 21:04:14.0229 6256 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/22 21:04:14.0420 6256 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/22 21:04:14.0521 6256 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/05/22 21:04:14.0620 6256 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/05/22 21:04:14.0700 6256 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/05/22 21:04:14.0820 6256 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/05/22 21:04:14.0905 6256 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
2011/05/22 21:04:14.0969 6256 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\DRIVERS\klbg.sys
2011/05/22 21:04:15.0060 6256 KLIF (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys
2011/05/22 21:04:15.0153 6256 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
2011/05/22 21:04:15.0299 6256 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/05/22 21:04:15.0396 6256 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/22 21:04:15.0479 6256 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/22 21:04:15.0732 6256 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/22 21:04:15.0852 6256 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/22 21:04:15.0947 6256 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/22 21:04:16.0136 6256 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/22 21:04:16.0279 6256 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/22 21:04:16.0537 6256 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/22 21:04:16.0712 6256 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
2011/05/22 21:04:16.0827 6256 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/22 21:04:16.0940 6256 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/22 21:04:17.0133 6256 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/22 21:04:17.0222 6256 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
2011/05/22 21:04:17.0377 6256 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/22 21:04:17.0508 6256 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/05/22 21:04:17.0849 6256 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/22 21:04:18.0008 6256 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/22 21:04:18.0137 6256 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/05/22 21:04:18.0233 6256 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/22 21:04:18.0358 6256 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/05/22 21:04:18.0526 6256 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/22 21:04:18.0848 6256 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/22 21:04:18.0917 6256 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/22 21:04:18.0985 6256 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/05/22 21:04:19.0075 6256 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/05/22 21:04:19.0214 6256 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/22 21:04:19.0355 6256 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/22 21:04:19.0571 6256 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/05/22 21:04:19.0678 6256 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/22 21:04:20.0066 6256 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/22 21:04:20.0202 6256 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/22 21:04:20.0309 6256 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/22 21:04:20.0415 6256 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/05/22 21:04:20.0577 6256 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/22 21:04:20.0735 6256 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/22 21:04:20.0829 6256 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/22 21:04:21.0042 6256 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/22 21:04:21.0165 6256 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/05/22 21:04:21.0391 6256 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/22 21:04:21.0592 6256 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/22 21:04:21.0799 6256 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/22 21:04:21.0934 6256 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/22 21:04:22.0042 6256 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/05/22 21:04:22.0152 6256 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/22 21:04:22.0435 6256 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/22 21:04:22.0806 6256 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/05/22 21:04:23.0071 6256 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/22 21:04:23.0171 6256 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/22 21:04:23.0444 6256 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/22 21:04:23.0720 6256 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/05/22 21:04:24.0226 6256 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/22 21:04:24.0395 6256 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/05/22 21:04:24.0538 6256 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/05/22 21:04:24.0787 6256 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/05/22 21:04:24.0963 6256 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/05/22 21:04:25.0371 6256 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/22 21:04:25.0460 6256 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/05/22 21:04:25.0551 6256 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/22 21:04:25.0656 6256 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/05/22 21:04:25.0769 6256 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/05/22 21:04:25.0869 6256 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/22 21:04:25.0986 6256 PCTCore (2d5c059c1a12babf336f319f45c161d3) C:\Windows\system32\drivers\PCTCore.sys
2011/05/22 21:04:26.0048 6256 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/05/22 21:04:26.0139 6256 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\Windows\system32\Drivers\PCTSD.sys
2011/05/22 21:04:26.0212 6256 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/22 21:04:26.0281 6256 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/22 21:04:26.0516 6256 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/22 21:04:26.0567 6256 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/22 21:04:26.0699 6256 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/22 21:04:26.0792 6256 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/22 21:04:26.0953 6256 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/22 21:04:27.0061 6256 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/22 21:04:27.0125 6256 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/22 21:04:27.0206 6256 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/22 21:04:27.0307 6256 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/22 21:04:27.0429 6256 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/22 21:04:27.0562 6256 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/22 21:04:27.0662 6256 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/22 21:04:27.0738 6256 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/22 21:04:27.0887 6256 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/22 21:04:27.0961 6256 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/22 21:04:28.0012 6256 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/22 21:04:28.0115 6256 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/05/22 21:04:28.0177 6256 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/05/22 21:04:28.0380 6256 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/22 21:04:28.0520 6256 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/22 21:04:28.0594 6256 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/22 21:04:28.0766 6256 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/05/22 21:04:28.0883 6256 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/22 21:04:29.0078 6256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/22 21:04:29.0169 6256 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/22 21:04:29.0250 6256 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/22 21:04:29.0322 6256 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/22 21:04:29.0493 6256 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/05/22 21:04:29.0593 6256 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/22 21:04:29.0722 6256 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/22 21:04:29.0831 6256 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/22 21:04:30.0093 6256 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/05/22 21:04:30.0153 6256 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/22 21:04:30.0243 6256 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/22 21:04:30.0301 6256 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/22 21:04:30.0587 6256 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
2011/05/22 21:04:30.0894 6256 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/22 21:04:31.0017 6256 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/05/22 21:04:31.0098 6256 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/22 21:04:31.0201 6256 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/22 21:04:31.0286 6256 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/22 21:04:31.0424 6256 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/05/22 21:04:31.0602 6256 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/05/22 21:04:31.0740 6256 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/22 21:04:31.0865 6256 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/22 21:04:31.0943 6256 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/05/22 21:04:31.0982 6256 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/05/22 21:04:32.0047 6256 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/22 21:04:32.0118 6256 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/05/22 21:04:32.0289 6256 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/22 21:04:32.0391 6256 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/22 21:04:32.0483 6256 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/22 21:04:32.0573 6256 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/22 21:04:32.0669 6256 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/22 21:04:32.0778 6256 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/22 21:04:32.0823 6256 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/05/22 21:04:32.0893 6256 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/22 21:04:32.0987 6256 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/22 21:04:33.0087 6256 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/05/22 21:04:33.0185 6256 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/05/22 21:04:33.0336 6256 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/22 21:04:33.0423 6256 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/05/22 21:04:33.0640 6256 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/22 21:04:33.0735 6256 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/22 21:04:33.0781 6256 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/22 21:04:33.0877 6256 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/22 21:04:34.0006 6256 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/22 21:04:34.0099 6256 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/22 21:04:34.0176 6256 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/22 21:04:34.0249 6256 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/22 21:04:34.0340 6256 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/05/22 21:04:34.0439 6256 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/05/22 21:04:34.0539 6256 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/22 21:04:34.0629 6256 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/05/22 21:04:34.0711 6256 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/05/22 21:04:34.0779 6256 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/22 21:04:34.0937 6256 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/05/22 21:04:35.0024 6256 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/22 21:04:35.0215 6256 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/22 21:04:35.0351 6256 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/22 21:04:35.0465 6256 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 21:04:35.0494 6256 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 21:04:35.0617 6256 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/22 21:04:35.0755 6256 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/22 21:04:35.0983 6256 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/22 21:04:36.0065 6256 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/22 21:04:36.0211 6256 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/22 21:04:36.0276 6256 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/22 21:04:36.0413 6256 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/22 21:04:36.0529 6256 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/05/22 21:04:36.0600 6256 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/22 21:04:36.0830 6256 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/05/22 21:04:36.0950 6256 ================================================================================
2011/05/22 21:04:36.0951 6256 Scan finished
2011/05/22 21:04:36.0951 6256 ================================================================================



Here is the aswMBR report. I also attached it as a file because I wasn't sure which way you wanted to see it.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-22 21:12:06
-----------------------------
21:12:06.445 OS Version: Windows 6.1.7601 Service Pack 1
21:12:06.445 Number of processors: 2 586 0xF06
21:12:06.457 ComputerName: GATEWAYLAPTOP UserName: Aldona
21:12:08.818 Initialize success
21:12:19.848 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:12:19.852 Disk 0 Vendor: ST9160821AS 3.ALB Size: 152627MB BusType: 11
21:12:21.896 Disk 0 MBR read successfully
21:12:21.903 Disk 0 MBR scan
21:12:21.912 Disk 0 Windows 7 default MBR code
21:12:23.930 Disk 0 scanning sectors +312576705
21:12:23.968 Disk 0 scanning C:\Windows\system32\drivers
21:12:42.449 Service scanning
21:12:44.652 Disk 0 trace - called modules:
21:12:44.693 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:12:44.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a45030]
21:12:44.705 3 CLASSPNP.SYS[8928659e] -> nt!IofCallDriver -> [0x85a45d00]
21:12:44.712 5 PCTCore.sys[88c4f68b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85596908]
21:12:44.719 Scan finished successfully
21:13:50.406 Disk 0 MBR has been saved successfully to "C:\Users\Aldona\Desktop\MBR.dat"
21:13:50.423 The log file has been saved successfully to "C:\Users\Aldona\Desktop\aswMBR.txt"

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:43 PM

Posted 23 May 2011 - 06:07 PM

Okay, nothing major is coming up there. Let's run a couple of removal tools and see what they can find

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#9 amt36

amt36
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 24 May 2011 - 10:35 PM

The system is running better. Nothing was identified by the scans you asked me to run. Malwarebytes has protection enabled. Windows update works. Kaspersky Pure works. It's still a little slow and sometimes hangs. I run registrybooster every day and it has found and fixed many errors. Since you think it is/was a rootkit do you think registrybooster fixed it? Nothing you suggested that I run reported finding anything. Let me know what you think I should do. Maybe run the system for a week and see if it remains stable? Thanks so much for your help.


I followed all of the instructions for Malwarebytes and it didn't find anything. Here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6658

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/24/2011 2:47:59 AM
mbam-log-2011-05-24 (02-47-59).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 446655
Time elapsed: 4 hour(s), 56 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I ran Superantispyware and it didn't find anything. The log is included below.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/24/2011 at 05:09 PM

Application Version : 4.53.1000

Core Rules Database Version : 7131
Trace Rules Database Version: 4943

Scan type : Complete Scan
Total Scan Time : 02:46:11

Memory items scanned : 737
Memory threats detected : 0
Registry items scanned : 9607
Registry threats detected : 0
File items scanned : 79751
File threats detected : 0

#10 amt36

amt36
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 24 May 2011 - 10:39 PM

Here is the last registrybooster log.


Scan Results
Scan date:

2011-05-24 21:20:26.184000

Total problems found:

13


System related errors

Errors affecting all users on this computer.


Scan subsection:

Application paths

Entries found:

0

Entries:


Scan subsection:

System software settings

Entries found:

0

Entries:


Scan subsection:

ActiveX, OLE, COM sections

Entries found:

0

Entries:


Scan subsection:

Invalid file associations

Entries found:

11

Entries:



Entry: HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridCell\Clsid


Value name:


Value: {9BD3A001-42A2-491E-AACA-9512F6CF4CDB}


Reason: The key HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridCell\Clsid points to a missing CLSID {9BD3A001-42A2-491E-AACA-9512F6CF4CDB}


Entry: HKEY_CLASSES_ROOT\SUPERAntiSpywareContextMenuExt.SASCon.1\CLSID


Value name:


Value: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}


Reason: The key HKEY_CLASSES_ROOT\SUPERAntiSpywareContextMenuExt.SASCon.1\CLSID points to a missing CLSID {CA8ACAFA-5FBB-467B-B348-90DD488DE003}


Entry: HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid


Value name:


Value: {71A27034-C7D8-11D2-BEF8-525400DFB47A}


Reason: The key HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid points to a missing CLSID {71A27034-C7D8-11D2-BEF8-525400DFB47A}


Entry: HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid


Value name:


Value: {71A27032-C7D8-11D2-BEF8-525400DFB47A}


Reason: The key HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid points to a missing CLSID {71A27032-C7D8-11D2-BEF8-525400DFB47A}


Entry: HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid


Value name:


Value: {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}


Reason: The key HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid points to a missing CLSID {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}


Entry: HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid


Value name:


Value: {71A2702F-C7D8-11D2-BEF8-525400DFB47A}


Reason: The key HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid points to a missing CLSID {71A2702F-C7D8-11D2-BEF8-525400DFB47A}


Entry: HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridSortObject\Clsid


Value name:


Value: {D2129738-6A78-4BCB-915A-412982CAA23D}


Reason: The key HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridSortObject\Clsid points to a missing CLSID {D2129738-6A78-4BCB-915A-412982CAA23D}


Entry: HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID


Value name:


Value: {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


Reason: The key HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID points to a missing CLSID {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


Entry: HKEY_CLASSES_ROOT\SUPERAntiSpywareContextMenuExt.SASConte\CLSID


Value name:


Value: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}


Reason: The key HKEY_CLASSES_ROOT\SUPERAntiSpywareContextMenuExt.SASConte\CLSID points to a missing CLSID {CA8ACAFA-5FBB-467B-B348-90DD488DE003}


Entry: HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID


Value name:


Value: {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


Reason: The key HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID points to a missing CLSID {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


Entry: HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid


Value name:


Value: {DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}


Reason: The key HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid points to a missing CLSID {DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}

Scan subsection:

System drivers

Entries found:

0

Entries:


Scan subsection:

Startup section

Entries found:

0

Entries:


Scan subsection:

Shared DLLs

Entries found:

0

Entries:


Scan subsection:

Fonts section

Entries found:

0

Entries:


Scan subsection:

Help section

Entries found:

0

Entries:


Scan subsection:

Shared folders

Entries found:

0

Entries:



User related errors

Errors specific to your Windows account.


Scan subsection:

Invalid shortcuts

Entries found:

0

Entries:


Scan subsection:

User software settings

Entries found:

2

Entries:



Entry: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder


Value name: 13


Value: C:\Users\Aldona\Desktop\Virus Removal Tool\setup_9.0.0.722_16.05.2011_16-05\setup_9.0.0.722_16.05.2011_16-05.exe


Reason: The value PackagePath in HKEY_CURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/ComDlg32/FirstFolder contains an invalid path C:/Users/Aldona/Desktop/Virus Removal Tool/setup_9.0.0.722_16.05.2011_16-05/setup_9.0.0.722_16.05.2011_16-05.exe


Entry: HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware


Value name: selectedrives


Value: C:\|D:\|


Reason: The value PackagePath in HKEY_CURRENT_USER/SOFTWARE/Malwarebytes' Anti-Malware contains an invalid path C:/|D:/|

Scan subsection:

File extensions

Entries found:

0

Entries:


Scan subsection:

Sound and app events

Entries found:

0

Entries:



Third party related errors

Errors affecting programs installed on your PC.


Scan subsection:

Uninstall section

Entries found:

0

Entries:






#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:43 PM

Posted 25 May 2011 - 05:02 PM

RegistryBooster will make no difference to your machine. Here's why...

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.Please run the machine through ESET to complete the clean

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:43 PM

Posted 29 May 2011 - 07:56 PM

Hi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#13 amt36

amt36
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 30 May 2011 - 10:02 PM

I'm running the scan now. 43% and 8 infected files so far. They all are Win32/RegistryBooster Application. I'll send you an update in the am.

#14 amt36

amt36
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 31 May 2011 - 08:31 AM

8 files were found. The report is included below. What should I do with the quarantined files? Should I uninstall Uniblue Registry Booster? I won't run it again.

C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Aldona\Downloads\registrybooster (1).exe Win32/RegistryBooster application deleted - quarantined
C:\Users\Aldona\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:43 PM

Posted 31 May 2011 - 05:54 PM

Uninstalling the program is your decision. I would strongly recommend you do.

Apart from that the ESET scan shows nothing so how's the machine running?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users