Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows cannot open this file:


  • This topic is locked This topic is locked
13 replies to this topic

#1 Generic Eric

Generic Eric

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 13 August 2011 - 06:37 PM

Background: Computer was acting ~wonky~ so I thought I would run ad-aware, then spybot... Anyway, there was something about a registry problem, now I am getting weird prompt

Windows cannot open this file:
File: *.exe (where * is the program that I tried to open. This happens on everything but internet explorer)

To open this file, Windows needs to know what program created it. Windows can go online to look it up automatically, or you can manually select from a list of programs on your computer.


I ran something called exefixer from a posting that attempted to fix a similar problem as mine. That worked until I rebooted, then, I am back to the same situation. I also ran combofix from a post that seemed similar to mine. It worked until I rebooted.

Can anyone run through this with me? Here is some more relevant info:

xp sp3. I am running Microsoft Security essentials which runs clean now, adaware fixed some stuff, but not this.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 13 August 2011 - 06:44 PM

Welcome aboard Posted Image

It's not recommended to run Combofix on your own.

Download and run exeHelper.

  • Please download exeHelper from Raktor to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file named log.txt will be created in the directory where you ran exeHelper.com
  • Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Then....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Generic Eric

Generic Eric
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 13 August 2011 - 06:49 PM

Thanks


exehelperlog.txt
exeHelper by Raktor
Build 20100414
Run at 18:47:47 on 08/13/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Security Check

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Security Scan Plus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
WinPatrol 2007 (Outdated! Latest version is WinPatrol 2009)
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
nCleaner second 2.3.4.0
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 6
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 8.2.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
WinPatrol winpatrol.exe is disabled!
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


Mini toolbox

MiniToolBox by Farbar
Ran by Administrator (administrator) on 13-08-2011 at 21:49:09
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (08/13/2011 03:15:40 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/10/2011 08:49:57 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8107.0, P3 timeout, P4 1.1.7104.0, P5 fixed, P6 1 _ 2048, P7 10 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/10/2011 07:19:14 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8107.0, P3 timeout, P4 1.1.7104.0, P5 fixed, P6 1 _ 2048, P7 10 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/10/2011 06:57:54 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (08/10/2011 06:57:53 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (08/10/2011 06:57:50 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (08/10/2011 06:57:49 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (08/10/2011 06:57:49 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (08/10/2011 06:57:49 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.

Error: (08/10/2011 06:57:49 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.


System errors:
=============
Error: (08/13/2011 06:15:16 PM) (Source: Service Control Manager) (User: )
Description: The Routing and Remote Access service terminated with service-specific error 340 (0x154).

Error: (08/13/2011 06:15:01 PM) (Source: Service Control Manager) (User: )
Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
%%1053

Error: (08/13/2011 06:15:01 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.

Error: (08/13/2011 03:48:40 PM) (Source: Service Control Manager) (User: )
Description: The Routing and Remote Access service terminated with service-specific error 340 (0x154).

Error: (08/13/2011 03:48:20 PM) (Source: Service Control Manager) (User: )
Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
%%1053

Error: (08/13/2011 03:48:20 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.

Error: (08/13/2011 03:46:00 PM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_HWINTERFACE\0000 disappeared from the system without first being prepared for removal.

Error: (08/13/2011 03:29:23 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/13/2011 03:28:38 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).

Error: (08/13/2011 03:28:03 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (08/13/2011 03:15:40 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/10/2011 08:49:57 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8107.0timeout1.1.7104.0fixed1 _ 204810 _ not bootNILNILNIL

Error: (08/10/2011 07:19:14 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8107.0timeout1.1.7104.0fixed1 _ 204810 _ not bootNILNILNIL

Error: (08/10/2011 06:57:54 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/10/2011 06:57:53 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/10/2011 06:57:50 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/10/2011 06:57:49 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/10/2011 06:57:49 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/10/2011 06:57:49 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)

Error: (08/10/2011 06:57:49 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Ad-Aware -- Error 1923. Service 'Lavasoft Ad-Aware Service' (Lavasoft Ad-Aware Service) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

7-Zip 4.65
Ad-Aware (Version: 9.0.7)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 8.2.6 (Version: 8.2.6)
Adobe Shockwave Player (Version: 10.3.0.24)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.00.000)
Alien Swarm
AnalogX NetStat Live
AnyDVD
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Aquaria
ATI Control Panel (Version: 6.14.10.5115)
ATI Decoder (Version: 3.0.1)
ATI Display Driver (Version: 8.033-040710a-016685C-ATI)
ATI HYDRAVISION (Version: 3.25.9006)
ATI Multimedia Center (Version: 9.01)
ATI Multimedia Center 9.01 (Version: 9.01)
ATI Remote Wonder 2.3 (Version: 2.3.0.0)
ATIRW2 (Version: 2.3.0.0)
Audiosurf Demo
AutoHotkey 1.0.48.05 (Version: 1.0.48.05)
BLM 2.6.5 (Version: 2.6.5)
Braid (Version 1.015)
Braid Demo
Brother MFL-Pro Suite MFC-490CW (Version: 1.0.0.0)
CCleaner (Version: 2.30)
CDDRV_Installer (Version: 1.00.0000)
CDisplay 1.8
CloneDVD2
CPUID CPU-Z 1.56
CPWizard 2.35
Crayon Physics Deluxe Demo - release 52
DAO (Version: 3.5)
Data Lifeguard Tools
Defenstar version 1.1 (Version: 1.1)
Defraggler (Version: 1.18)
DiRT 2
Disk Space Fan 1.4.2.796
DogFighter
Droplitz
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
DWG TrueView 2011 (Version: 18.1.49.0)
Dyson v1.20
Easy Poster Printer (Version: 2.0.3)
EmuMovies Download Service Utility version 0.89 (Version: 0.89)
EverNote 2 Plus (Version: 2.0.0.261)
Exact Audio Copy 0.95b4 (Version: 0.95b4)
Fast Duplicate File Finder 1.1.0.0 (Version: 1.1.0.0)
FileZilla Client 3.4.0 (Version: 3.4.0)
FLAC Installer 1.1.3b (remove only) (Version: 1.1.3b)
Folding@home-x86 (Version: 6.23)
Foxit PDF Editor
Gaim (remove only)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.4.2)
GetBot
GIMP 2.6.8
Gish
Glary Undelete 1.3
Glary Utilities Pro 2.18.0.786 (Version: 2.18.0.786)
Google Earth (Version: 6.0.3.2197)
Google SketchUp Pro 7 (Version: 2.1.6860)
Google Toolbar for Firefox (Version: 3.1.20081127)
Google Update Helper (Version: 1.3.21.65)
GTK+ Runtime 2.6.9 rev a (remove only)
Gutterball 2
HandBrake 0.9.3 (Version: 0.9.3)
HiJackThis (Version: 1.0.0)
HijackThis 2.0.2 (Version: 2.0.2)
HP Memories Disc (Version: 1.0.4.805)
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000)
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000)
ImgBurn (Remove Only)
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® Processor ID Utility (Version: 3.5.0000)
Intel® PROSet (Version: 6.04.0001)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 6 (Version: 1.6.0.60)
Jets N Guns GOLD
K-Lite Codec Pack 3.4.0 Full (Version: 3.40)
KeyWiz Uploader3
KhalSetup (Version: 3.30.165)
KODAK Share Button App (Version: 3.01.0000.0000)
Last.fm 1.5.4.27091
LibUSB-Win32-0.1.12.1 (Version: 0.1.12.1)
LightScribe System Software 1.10.13.1 (Version: 1.10.13.1)
Linksys Updater (Version: 1.1.8015.381)
Lugaru HD
Lumines
Lumines: Advanced Pack
Machinarium (Version: 23.10.09)
Malwarebytes' Anti-Malware
MaxBlast 4
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee SiteAdvisor (Version: 3.0.163)
MediaInfo 0.7.16 (Version: 0.7.16)
MediaMonkey 3.1 (Version: 3.1)
MEVO & the Grooveriders Demo
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8107.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Games for Windows - LIVE (Version: 3.4.54.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.4.18.0)
Microsoft Security Client (Version: 2.0.0657.0)
Microsoft Security Essentials (Version: 2.0.657.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Web Publishing Wizard 1.52
Moonbase Alpha
MozBackup 1.4.9
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
nCleaner second 2.3.4.0 (Version: 2.3.4.0)
Nero 7 Ultra Edition (Version: 7.02.2780)
NetBalancer
Netflix Movie Viewer (Version: 1.2.211)
NetInfo (Version: 6.1.306)
Network Stumbler 0.4.0 (remove only)
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
Notepad++ (Version: 5.8.7)
nullDC 1.0.0 Public Beta 1 Setup (Version: 1.0.0)
NVIDIA Drivers (Version: 1.10)
OpenAL
OpenOffice.org 3.0 (Version: 3.0.9358)
Opera 11.50 (Version: 11.50.1074)
OverDisk (remove only)
Panda ActiveScan 2.0 (Version: 01.04.01.0014)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Penumbra: Overture
PFConfig 1.0.187 (Version: 1.0.187)
PFPortChecker 1.0.39 (Version: 1.0.39)
Picasa 3 (Version: 3.8)
Ping Plotter Freeware (Version: 1.10 Freeware)
Podcast Station 2.1 (Version: 2.1.6.0)
Portal
PosteRazor (Version: 1.5.2)
PowerISO
PowerStrip 3 (remove only)
QuickTime (Version: 7.69.80.9)
RadarSync (Version: 2.0.1.3)
RAM Saver Pro (Version: )
Razor2: Hidden Skies
Realtek AC'97 Audio
Recuva (remove only)
RedLynx Trials 2: Second Edition
RefleX(Trial)
RegAlyzer (Version: 1.6.2.16)
RunAlyzer (Version: 0.6r2)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Scrivener for Windows Beta (Version: 020)
SD Formatter (Version: 2.9.5)
Secunia PSI
SigmaTel MTPMSCN Audio Player (Version: )
SiSoftware Sandra Engineer XI.SP1 (Win64/32/CE) (Version: 11.22.2007.3)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.155)
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy (Version: 1.6.0)
SpyHunter (Version: 3.9)
Steam (Version: 1.0.0.0)
Steel Storm - Burning Retribution (remove only)
Super Meat Boy
Super Turbo Turkey Puncher 3 Standalone
SUPERAntiSpyware Free Edition (Version: 4.33.0.1000)
The Polynomial - Demo
The Print Shop
TightVNC 1.3.9 (Version: 1.3.9)
Times Reader (Version: 2.054)
TrackMania Nations Forever
Tyrian 2000
Ulead GIF Animator 5 TBYB
VLC media player 1.0.1 (Version: 1.0.1)
WDTV MSG (Version: 1.0.0)
Winamp (remove only)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 8.1.0178.00)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Updates Downloader (Version: 2.25 Build 886)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinHTTrack Website Copier 3.44-1 (Version: 3.44.1)
WinPatrol (Version: 11.2.2007.1)
WinPatrol 2007 Restore/Remove First (Version: 11.2.2007)
WinRAR archiver
Wootalyzer!
World of Goo
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 2038.8 MB
Available physical RAM: 1329.91 MB
Total Pagefile: 3388.72 MB
Available Pagefile: 2802.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.79 MB

========================= Partitions: =====================================

2 Drive c: (crazy eighty) (Fixed) (Total:74.53 GB) (Free:14.22 GB) NTFS
4 Drive e: (DRV4_VOL1) (Fixed) (Total:298.09 GB) (Free:1.95 GB) NTFS

========================= Users: ========================================

User accounts for \\WAYNE

Administrator Guest HelpAssistant
SUPPORT_388945a0


== End of log ==



Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7459

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/13/2011 10:24:28 PM
mbam-log-2011-08-13 (22-24-27).txt

Scan type: Quick scan
Objects scanned: 177764
Time elapsed: 15 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-14 17:04:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380012A rev.4.04
Running: oiofuhzu.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]
SSDT sptd.sys ZwOpenKey [0xF74ED0B0]
SSDT sptd.sys ZwQueryKey [0xF74F3418]
SSDT sptd.sys ZwQueryValueKey [0xF74F3298]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B85B48AC 5 Bytes JMP 8A733770

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7504018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75269AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EDAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EDC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EDB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74EE748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74EE61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F750329A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8B81E8
Device \FileSystem\Fastfat \FatCdrom 8A529790
Device \Driver\usbuhci \Device\USBPDO-0 8A732790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8BA1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8BA1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8BA1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8BA1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A732790
Device \Driver\usbuhci \Device\USBPDO-2 8A732790
Device \Driver\usbehci \Device\USBPDO-3 8A731790
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8501E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8501E8
Device \Driver\Cdrom \Device\CdRom0 8A702790
Device \Driver\usbstor \Device\000000a4 8A5CB1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A702790
Device \Driver\Cdrom \Device\CdRom2 8A702790
Device \Driver\usbstor \Device\000000a6 8A5CB1E8
Device \Driver\usbstor \Device\000000a7 8A5CB1E8
Device \Driver\usbstor \Device\000000a9 8A5CB1E8
Device \Driver\usbstor \Device\000000aa 8A5CB1E8
Device \Driver\usbstor \Device\000000ab 8A5CB1E8
Device \Driver\usbuhci \Device\USBFDO-0 8A732790
Device \Driver\usbstor \Device\000000ac 8A5CB1E8
Device \Driver\usbuhci \Device\USBFDO-1 8A732790
Device \Driver\usbuhci \Device\USBFDO-2 8A732790
Device \Driver\usbehci \Device\USBFDO-3 8A731790
Device \Driver\Ftdisk \Device\FtControl 8A8501E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port2Path0Target1Lun0 8A8B91E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port2Path0Target0Lun0 8A8B91E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 8A8B91E8
Device \FileSystem\Fastfat \Fat 8A529790

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A546588

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----

Edited by Generic Eric, 14 August 2011 - 05:16 PM.


#4 Generic Eric

Generic Eric
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 August 2011 - 12:57 PM

I am posting from a computer other than the one I posted the problem about.

After MBAM rebooted, I was back to my original problem. It got late, so I went to bed. When I started working on GMER, I had to boot into safe mode to get it to run. Additionally, it either finished, or failed, because when I came back to the computer it was booted into the normal desktop, so I am running GMER again.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 14 August 2011 - 01:06 PM

OK....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Generic Eric

Generic Eric
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 August 2011 - 05:18 PM

Logs completed. When I rebooted after GMER, I still get the same "cannot open..." as I started with.

Whats the prognosis?

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 14 August 2011 - 05:23 PM

Re-run exehelper on more time.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Generic Eric

Generic Eric
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 August 2011 - 05:33 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB68FB000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 7659520 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 191.07 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 5902336 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 191.07 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB678E000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF74EC000 PCI_NTPNP9174 958464 bytes
0xF74EC000 sptd.sys 958464 bytes
0xB66DE000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 720896 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB65DD000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 593920 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xB8749000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB393C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6559000 C:\WINDOWS\system32\drivers\ALCXSENS.SYS 393216 bytes (Sensaura Ltd, Sensaura WDM 3D Audio Driver)
0xB5FBE000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB3B0B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2ED3000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD5B3000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB2907000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB68AE000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 233472 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB63B1000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7486000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB301B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB871C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB2814000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB39AC000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB3AE3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB3C23000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xF7831000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB3916000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB3048000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB65B9000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7049000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB5F9B000 C:\WINDOWS\system32\drivers\ATIRWVD.SYS 143360 bytes (Jungo, WinDriver Device Driver 6.03)
0xB66AA000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5.1 driver)
0xB688B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB2948000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB3AC1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB39D7000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF794F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74B4000 imagesrv.sys 131072 bytes (Ahead Software AG, Nero Image Server)
0xF7857000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB8702000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF796F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB3680000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF74D4000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB2D7B000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0xB87E9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB64DD000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB666E000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 90112 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xB3263000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6696000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB68E7000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB3B64000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB87D6000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB6684000 C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 73728 bytes (Logitech Inc., Logitech Filter Driver for Mouse Class.)
0xF7A3D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7876000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6461000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB862A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB866A000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7887000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB863A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7647000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB865A000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF76B7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB7E22000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB869A000 C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 57344 bytes (Logitech Inc., Logitech PS/2 Mouse Filter Driver.)
0xF7416000 C:\WINDOWS\System32\Drivers\BrSerIf.sys 53248 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB86AA000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB7A9E000 C:\WINDOWS\system32\drivers\libusb0.sys 53248 bytes (http://libusb-win32.sourceforge.net, LibUSB-Win32 - Kernel Driver)
0xB7E02000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB7DA2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB7AAE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB868A000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB7DC2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7446000 C:\WINDOWS\system32\DRIVERS\nbdrv.sys 40960 bytes (SeriousBit, NetBalancer driver)
0xB7E32000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB2FA3000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF7456000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB867A000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xB284F000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7466000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB7ADE000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB7ABE000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7657000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB7A8E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7777000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF780F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7817000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF7747000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF776F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF777F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF774F000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7787000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF778F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB3B97000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D3E65A5-8B82-4E9C-840A-8E5B55A93E44}\MpKslf5137fab.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xF7717000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\ProtoWall.sys 24576 bytes (-, ProtoWall Driver)
0xF781F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF779F000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF7767000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF77FF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF773F000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7807000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB3BBF000 C:\WINDOWS\system32\drivers\pstrip.sys 20480 bytes (EnTech Taiwan, PowerStrip support NT kernel-mode driver)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77C7000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB64CD000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB3862000 C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys 16384 bytes (Brother Industries Ltd., Brother USB Scanner Driver)
0xB3290000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows ® Win 7 DDK provider, CPUID Driver)
0xB85A6000 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech Inc., Logitech PS2 Keyboard Filter Driver.)
0xB389A000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xB2F47000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xB7A2C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB3C17000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB385E000 C:\WINDOWS\System32\Drivers\BrUsbSer.sys 12288 bytes (Brother Industries Ltd., Brother USB Serial Driver)
0xB3846000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB8205000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB3CDF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB7B9A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF799D000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79F9000 C:\WINDOWS\System32\Drivers\ElbyDelay.sys 8192 bytes (Elaborate Bytes AG, Elby Delay Lower Filter Driver)
0xB7B9E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798F000 imagedrv.sys 8192 bytes (Ahead Software AG, NERO IMAGEDRIVE SCSI miniport)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB7B96000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF799B000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB7B92000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79FB000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A05000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB859A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB37B8000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB3D21000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A8BA1E8 unknown_irp_handler 3608 bytes
0x8A8BB1E8 unknown_irp_handler 3608 bytes
0x8A8BC1E8 unknown_irp_handler 3608 bytes
0x8A8501E8 unknown_irp_handler 3608 bytes
0x89E9F1E8 unknown_irp_handler 3608 bytes
0x8A5561E8 unknown_irp_handler 3608 bytes
0x89E951E8 unknown_irp_handler 3608 bytes
0x8A468588 unknown_irp_handler 2680 bytes
0x8A492658 unknown_irp_handler 2472 bytes
0x8A621700 unknown_irp_handler 2304 bytes
0x89E83790 unknown_irp_handler 2160 bytes
0x8A00A790 unknown_irp_handler 2160 bytes
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [hdaudio.sys]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [atirwvd.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [atirwrf.sys]

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 14 August 2011 - 05:36 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Generic Eric

Generic Eric
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 August 2011 - 05:40 PM

2011/08/14 17:38:22.0937 3976 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/14 17:38:23.0281 3976 ================================================================================
2011/08/14 17:38:23.0281 3976 SystemInfo:
2011/08/14 17:38:23.0281 3976
2011/08/14 17:38:23.0281 3976 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/14 17:38:23.0281 3976 Product type: Workstation
2011/08/14 17:38:23.0281 3976 ComputerName: WAYNE
2011/08/14 17:38:23.0281 3976 UserName: Administrator
2011/08/14 17:38:23.0281 3976 Windows directory: C:\WINDOWS
2011/08/14 17:38:23.0281 3976 System windows directory: C:\WINDOWS
2011/08/14 17:38:23.0281 3976 Processor architecture: Intel x86
2011/08/14 17:38:23.0281 3976 Number of processors: 1
2011/08/14 17:38:23.0281 3976 Page size: 0x1000
2011/08/14 17:38:23.0281 3976 Boot type: Normal boot
2011/08/14 17:38:23.0281 3976 ================================================================================
2011/08/14 17:38:25.0281 3976 Initialize success
2011/08/14 17:38:28.0953 1196 ================================================================================
2011/08/14 17:38:28.0953 1196 Scan started
2011/08/14 17:38:28.0953 1196 Mode: Manual;
2011/08/14 17:38:28.0953 1196 ================================================================================
2011/08/14 17:38:30.0203 1196 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/14 17:38:30.0375 1196 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/14 17:38:30.0640 1196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/14 17:38:30.0828 1196 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/14 17:38:30.0968 1196 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/08/14 17:38:31.0484 1196 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/08/14 17:38:31.0687 1196 ALCXWDM (bc5c55b49c4bd1fdfaaa128fe21f9fea) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/14 17:38:32.0125 1196 AnyDVD (fcfbbcd841dfcd2b976bf7f240d180f7) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/08/14 17:38:32.0781 1196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/14 17:38:32.0937 1196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/14 17:38:33.0218 1196 ATI Remote Wonder II (368be3db3a6b9621df51216d323cda23) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
2011/08/14 17:38:33.0453 1196 ati2mtag (3729639e9dd14facf8b927240c5236de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/14 17:38:33.0656 1196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/14 17:38:33.0843 1196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/14 17:38:34.0281 1196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/14 17:38:34.0609 1196 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/08/14 17:38:34.0796 1196 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2011/08/14 17:38:34.0968 1196 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2011/08/14 17:38:35.0171 1196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/14 17:38:35.0453 1196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/14 17:38:35.0609 1196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/14 17:38:35.0765 1196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/14 17:38:36.0406 1196 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2011/08/14 17:38:36.0890 1196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/14 17:38:37.0109 1196 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/14 17:38:37.0343 1196 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/14 17:38:37.0531 1196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/14 17:38:37.0687 1196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/14 17:38:37.0984 1196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/14 17:38:38.0140 1196 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/14 17:38:38.0328 1196 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/08/14 17:38:38.0453 1196 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
2011/08/14 17:38:38.0671 1196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/14 17:38:38.0859 1196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/14 17:38:39.0015 1196 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/14 17:38:39.0203 1196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/14 17:38:39.0375 1196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/14 17:38:39.0562 1196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/14 17:38:39.0718 1196 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/14 17:38:39.0906 1196 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
2011/08/14 17:38:40.0093 1196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/14 17:38:40.0312 1196 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
2011/08/14 17:38:40.0484 1196 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/14 17:38:40.0875 1196 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/14 17:38:41.0062 1196 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/14 17:38:41.0234 1196 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/14 17:38:41.0421 1196 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/14 17:38:41.0625 1196 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/14 17:38:41.0828 1196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/14 17:38:42.0187 1196 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/14 17:38:42.0375 1196 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/14 17:38:42.0609 1196 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) C:\WINDOWS\system32\Drivers\imagedrv.sys
2011/08/14 17:38:42.0750 1196 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
2011/08/14 17:38:42.0859 1196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/14 17:38:43.0156 1196 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/14 17:38:43.0312 1196 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/14 17:38:43.0484 1196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/14 17:38:43.0656 1196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/14 17:38:43.0796 1196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/14 17:38:43.0953 1196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/14 17:38:44.0078 1196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/14 17:38:44.0218 1196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/14 17:38:44.0375 1196 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/14 17:38:44.0531 1196 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/14 17:38:44.0656 1196 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/14 17:38:44.0828 1196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/14 17:38:44.0984 1196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/14 17:38:45.0171 1196 kvpndev (4324ecc8c7be6a34e45526d1ed32eee8) C:\WINDOWS\system32\DRIVERS\kvpndrv.sys
2011/08/14 17:38:45.0515 1196 L8042Kbd (58759156a6918913edd368f995be3e53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/08/14 17:38:45.0687 1196 L8042mou (973f78482aa2f2760323900b3a501c40) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/08/14 17:38:45.0843 1196 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/08/14 17:38:46.0031 1196 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/08/14 17:38:46.0328 1196 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\WINDOWS\system32\drivers\libusb0.sys
2011/08/14 17:38:46.0500 1196 LMouKE (2a3e4db78b20b2cd2c548a48a8e6b1b7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/08/14 17:38:46.0687 1196 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/14 17:38:46.0875 1196 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/14 17:38:47.0062 1196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/14 17:38:47.0218 1196 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/14 17:38:47.0359 1196 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/14 17:38:47.0531 1196 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/14 17:38:47.0703 1196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/14 17:38:47.0875 1196 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/14 17:38:53.0640 1196 MpKslf5137fab (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D3E65A5-8B82-4E9C-840A-8E5B55A93E44}\MpKslf5137fab.sys
2011/08/14 17:38:54.0093 1196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/14 17:38:54.0265 1196 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/14 17:38:54.0421 1196 MS1000 (fbbb1a51eb6e43b40144a05932766d6c) C:\WINDOWS\system32\DRIVERS\MS1000.sys
2011/08/14 17:38:54.0625 1196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/14 17:38:54.0781 1196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/14 17:38:54.0953 1196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/14 17:38:55.0093 1196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/14 17:38:55.0250 1196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/14 17:38:55.0390 1196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/14 17:38:55.0531 1196 NAL (ab7cc5ddfa1557bab312e12abb6a5158) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/08/14 17:38:55.0718 1196 Nbdrv (0755b85cab14dbd707071abe61f63051) C:\WINDOWS\system32\DRIVERS\nbdrv.sys
2011/08/14 17:38:55.0875 1196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/14 17:38:56.0046 1196 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/14 17:38:56.0218 1196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/14 17:38:56.0406 1196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/14 17:38:56.0562 1196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/14 17:38:56.0734 1196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/14 17:38:56.0921 1196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/14 17:38:57.0187 1196 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/14 17:38:57.0343 1196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/14 17:38:57.0484 1196 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/08/14 17:38:57.0812 1196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/14 17:38:58.0031 1196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/14 17:38:58.0453 1196 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/14 17:38:58.0875 1196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/14 17:38:59.0062 1196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/14 17:38:59.0250 1196 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/14 17:38:59.0437 1196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/14 17:38:59.0593 1196 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/14 17:38:59.0734 1196 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/08/14 17:38:59.0906 1196 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/14 17:39:00.0375 1196 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/14 17:39:00.0609 1196 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/14 17:39:00.0796 1196 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/08/14 17:39:01.0828 1196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/14 17:39:02.0000 1196 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
2011/08/14 17:39:02.0187 1196 ProtoWall (05d50a2b6296ea43dc24a951dafe0ccf) C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
2011/08/14 17:39:02.0375 1196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/14 17:39:02.0562 1196 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/08/14 17:39:02.0734 1196 PStrip (bcf8d075fad718fea8ef6e281331a56e) C:\WINDOWS\system32\drivers\pstrip.sys
2011/08/14 17:39:02.0875 1196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/14 17:39:03.0046 1196 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/14 17:39:03.0812 1196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/14 17:39:03.0984 1196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/14 17:39:04.0140 1196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/14 17:39:04.0281 1196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/14 17:39:04.0484 1196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/14 17:39:04.0625 1196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/14 17:39:04.0812 1196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/14 17:39:05.0015 1196 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/14 17:39:05.0187 1196 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/14 17:39:05.0406 1196 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/14 17:39:05.0515 1196 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/08/14 17:39:05.0640 1196 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/08/14 17:39:05.0828 1196 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/14 17:39:05.0984 1196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/14 17:39:06.0140 1196 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/14 17:39:06.0375 1196 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/14 17:39:06.0765 1196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/14 17:39:07.0250 1196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/14 17:39:07.0453 1196 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/14 17:39:07.0453 1196 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/08/14 17:39:07.0468 1196 sptd - detected LockedFile.Multi.Generic (1)
2011/08/14 17:39:07.0609 1196 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/14 17:39:07.0812 1196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/14 17:39:08.0031 1196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/14 17:39:08.0171 1196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/14 17:39:08.0828 1196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/14 17:39:09.0000 1196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/14 17:39:09.0171 1196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/14 17:39:09.0343 1196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/14 17:39:09.0484 1196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/14 17:39:09.0703 1196 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/08/14 17:39:10.0015 1196 TrioLinkerII (3268bac64031df28d33d28276b69f920) C:\WINDOWS\system32\Drivers\TLKerII.sys
2011/08/14 17:39:10.0203 1196 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2011/08/14 17:39:10.0390 1196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/14 17:39:10.0656 1196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/14 17:39:10.0875 1196 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/14 17:39:11.0031 1196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/14 17:39:11.0171 1196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/14 17:39:11.0296 1196 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/14 17:39:11.0453 1196 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/14 17:39:11.0656 1196 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/14 17:39:11.0828 1196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/14 17:39:12.0000 1196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/14 17:39:12.0250 1196 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
2011/08/14 17:39:12.0421 1196 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/14 17:39:12.0640 1196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/14 17:39:12.0906 1196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/14 17:39:13.0140 1196 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/14 17:39:13.0468 1196 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/14 17:39:13.0656 1196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/14 17:39:13.0796 1196 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/14 17:39:13.0953 1196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/14 17:39:14.0125 1196 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/08/14 17:39:14.0265 1196 Boot (0x1200) (29e910f0ac31d329b9a3d7d6882108df) \Device\Harddisk0\DR0\Partition0
2011/08/14 17:39:14.0296 1196 Boot (0x1200) (7545c3ed32b627b162cb990adc400b13) \Device\Harddisk1\DR1\Partition0
2011/08/14 17:39:14.0312 1196 ================================================================================
2011/08/14 17:39:14.0312 1196 Scan finished
2011/08/14 17:39:14.0312 1196 ================================================================================
2011/08/14 17:39:14.0390 2788 Detected object count: 1
2011/08/14 17:39:14.0390 2788 Actual detected object count: 1
2011/08/14 17:39:45.0921 2788 LockedFile.Multi.Generic(sptd) - User select action: Skip

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 14 August 2011 - 05:49 PM

It looks like some more advanced tools (not allowed in this forum) must be used to solve your issue.

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:37 AM

Posted 15 August 2011 - 11:50 AM

Hello Generic Eric,

I see your new topic, but I don't see the DDS logs. Were you unable to create them? If so, please indicate that in your new post or in a reply to it if you can't edit the post.

If you don't know what I'm talking about, please navigate to the guide Broni linked you to:

Please make sure that you read the information about getting started first.


and go to step 6. In either case, your new topic needs to have either the DDS logs, or an explanation of what happens when you try to produce them.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#13 Generic Eric

Generic Eric
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 15 August 2011 - 12:17 PM

Oh, thanks. I must have overlooked that. Thanks for pointing that out.
I have updated the new thread with results. Basically the file type is already associated with another program and its not opening as intended.

Edited by Generic Eric, 15 August 2011 - 12:41 PM.


#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:37 AM

Posted 15 August 2011 - 08:32 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic414516.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users