1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Compute wont boot normaly

Discussion in 'Windows 7' started by Brian-, Jan 1, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Brian-

    Brian- Thread Starter

    Joined:
    Jan 1, 2011
    Messages:
    7
    Hi.
    I have a homemade computer; ran for a few years...
    It is a windows 7 ultimate build
    amd athelon 64x2 cpu
    2gig PC2 6400 memory

    Currently I can only boot into safe mode
    It will hang up or goto a blue screen if booted normaly
    I've tried to get to repair from the install cd but it goes to blue screen also, or doesnt startup.

    Not sure what to try next
    Thanks
     
  2. Iceblade7

    Iceblade7

    Joined:
    Dec 23, 2005
    Messages:
    15
    What was the last thing you did to the computer before it started not working?
    Has it ever worked before?
    Have you tried reseating you memory, associated adapter cards?
    Checked the cables to make sure everything is seated properly?
    Are the fans running?
    Just a few questions to give us an idea where to start.
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    follow advice here and post the logs those programs make
     
  4. tonycap

    tonycap

    Joined:
    Dec 20, 2008
    Messages:
    18
    Because you can go into safe mode, your problem is probally a driver.
    Try going into safe mode.
    Go To Control Panel
    go to Device manager, and look for any yellow marks near devices.
    if there are any, uninstall that device.
    Also go to control panel > computer management, event viewer, and look around in there. You may see the name of the device or program that is causeing it.
    If you can remember the last thing you did when this happened, start there.
    Unplug any devices hooked up to the computer, other than mouse, keyboard, monitor.
    You may also want to try system restore.
    All programs, accessories, system tools, system restore.
     
  5. Brian-

    Brian- Thread Starter

    Joined:
    Jan 1, 2011
    Messages:
    7
    Thanks for the replies. I followed the advice and here are the files:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:51:49 PM, on 1/2/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Safe mode
    Running processes:
    C:\Users\B\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = B\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 8452 bytes


    DDS (Ver_10-12-12.02) - NTFS_AMD64 MINIMAL
    Run by B at 14:53:19.51 on Sun 01/02/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2048.1596 [GMT -5:00]
    AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
    SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\B\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    ============== Pseudo HJT Report ===============
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    StartupFolder: C:\Users\B\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\B\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\B\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
    mRun-x64: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe"
    AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll
    ============= SERVICES / DRIVERS ===============
    R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2009-10-14 40464]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-19 55024]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-11-3 27152]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
    S2 AVP;Kaspersky Internet Security;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340520]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-10-2 21008]
    =============== Created Last 30 ================
    2011-01-02 18:37:04 -------- d-----w- C:\Program Files\Windows Journal
    2011-01-02 18:37:04 -------- d-----w- C:\Program Files\Microsoft Games
    2011-01-01 01:06:08 -------- d-----w- C:\Windows\pss
    2010-12-31 02:14:55 -------- d-----w- C:\Users\B\AppData\Roaming\79D9683D-6BFF-45BF-BBFC-5ECDC189E18C
    2010-12-31 02:10:10 -------- d-----w- C:\Program Files (x86)\acronistrueimagehome2011
    2010-12-31 02:01:53 -------- d-----w- C:\Program Files (x86)\GIGABYTE
    2010-12-24 17:59:18 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
    2010-12-24 17:59:18 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
    2010-12-24 17:59:18 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
    2010-12-24 17:58:10 94208 ----a-w- C:\Windows\DIIUnin.exe
    2010-12-24 17:58:10 2829 ----a-w- C:\Windows\DIIUnin.pif
    2010-12-21 00:08:58 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2010-12-17 00:11:18 -------- d-----w- C:\Program Files (x86)\SlySoft
    2010-12-16 04:00:26 -------- d-----w- C:\PROGRA~3\Elaborate Bytes
    2010-12-16 03:57:07 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
    ==================== Find3M ====================
    2010-10-18 01:05:03 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
    ============= FINISH: 14:54:16.97 ===============

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-02 15:08:29
    Windows 6.1.7600
    Running: nf2lot5z.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x46 0x6D 0x8B 0xC3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x7E 0x7C 0x8C 0x8F ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x13 0x29 0x6C 0x2A ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x46 0x6D 0x8B 0xC3 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x7E 0x7C 0x8C 0x8F ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x13 0x29 0x6C 0x2A ...
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  7. Brian-

    Brian- Thread Starter

    Joined:
    Jan 1, 2011
    Messages:
    7
    Thanks for the response. Here is the log file: no infections found:

    2011/01/03 18:09:41.0762 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/03 18:09:41.0762 ================================================================================
    2011/01/03 18:09:41.0762 SystemInfo:
    2011/01/03 18:09:41.0762
    2011/01/03 18:09:41.0762 OS Version: 6.1.7600 ServicePack: 0.0
    2011/01/03 18:09:41.0762 Product type: Workstation
    2011/01/03 18:09:41.0762 ComputerName: RIGHTDESKTOP
    2011/01/03 18:09:41.0793 UserName: B
    2011/01/03 18:09:41.0793 Windows directory: C:\Windows
    2011/01/03 18:09:41.0793 System windows directory: C:\Windows
    2011/01/03 18:09:41.0793 Running under WOW64
    2011/01/03 18:09:41.0793 Processor architecture: Intel x64
    2011/01/03 18:09:41.0793 Number of processors: 2
    2011/01/03 18:09:41.0793 Page size: 0x1000
    2011/01/03 18:09:41.0793 Boot type: Safe boot
    2011/01/03 18:09:41.0793 ================================================================================
    2011/01/03 18:09:41.0793 Utility is running under WOW64
    2011/01/03 18:09:42.0230 Initialize success
    2011/01/03 18:09:47.0986 ================================================================================
    2011/01/03 18:09:47.0986 Scan started
    2011/01/03 18:09:47.0986 Mode: Manual;
    2011/01/03 18:09:47.0986 ================================================================================
    2011/01/03 18:09:49.0422 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/01/03 18:09:49.0562 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/01/03 18:09:49.0718 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/01/03 18:09:49.0936 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/01/03 18:09:50.0155 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/01/03 18:09:50.0342 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/01/03 18:09:50.0545 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/01/03 18:09:50.0716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/01/03 18:09:50.0810 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/01/03 18:09:50.0888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/01/03 18:09:51.0060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/01/03 18:09:51.0138 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/01/03 18:09:51.0216 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/01/03 18:09:51.0372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/01/03 18:09:51.0496 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/01/03 18:09:51.0715 AnyDVD (8286917a791a7c58948d83dec8b8b37f) C:\Windows\system32\Drivers\AnyDVD.sys
    2011/01/03 18:09:51.0886 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/01/03 18:09:52.0089 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/01/03 18:09:52.0230 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/01/03 18:09:52.0339 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/03 18:09:52.0370 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/01/03 18:09:52.0729 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/01/03 18:09:52.0932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/01/03 18:09:53.0134 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/01/03 18:09:53.0306 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/01/03 18:09:53.0446 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/03 18:09:53.0571 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/01/03 18:09:53.0649 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/01/03 18:09:53.0790 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/01/03 18:09:53.0977 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/01/03 18:09:54.0117 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/01/03 18:09:54.0195 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/01/03 18:09:54.0367 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/01/03 18:09:54.0507 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/03 18:09:54.0694 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/03 18:09:54.0819 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/01/03 18:09:54.0913 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/01/03 18:09:55.0131 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/03 18:09:55.0178 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/01/03 18:09:55.0272 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/01/03 18:09:55.0459 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/03 18:09:55.0552 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/01/03 18:09:55.0662 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/01/03 18:09:55.0833 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    2011/01/03 18:09:56.0036 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/03 18:09:56.0130 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/01/03 18:09:56.0223 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/01/03 18:09:56.0348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/03 18:09:56.0473 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/03 18:09:56.0769 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/01/03 18:09:57.0066 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
    2011/01/03 18:09:57.0222 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2011/01/03 18:09:57.0378 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/01/03 18:09:57.0565 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/01/03 18:09:57.0721 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/01/03 18:09:57.0814 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/01/03 18:09:57.0970 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/03 18:09:58.0064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/03 18:09:58.0142 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/01/03 18:09:58.0298 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/03 18:09:58.0454 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/03 18:09:58.0610 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/01/03 18:09:58.0672 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/03 18:09:58.0813 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/01/03 18:09:58.0938 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/01/03 18:09:59.0016 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/01/03 18:09:59.0140 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/01/03 18:09:59.0312 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/03 18:09:59.0374 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/01/03 18:09:59.0484 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/01/03 18:09:59.0593 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/01/03 18:09:59.0749 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/03 18:09:59.0889 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/01/03 18:10:00.0045 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/01/03 18:10:00.0186 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/01/03 18:10:00.0357 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/03 18:10:00.0513 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/01/03 18:10:00.0669 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/01/03 18:10:00.0763 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/01/03 18:10:00.0872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/03 18:10:01.0012 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/03 18:10:01.0106 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/01/03 18:10:01.0215 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/01/03 18:10:01.0340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/01/03 18:10:01.0434 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/01/03 18:10:01.0543 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/03 18:10:01.0652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/03 18:10:01.0730 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/03 18:10:01.0870 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
    2011/01/03 18:10:02.0011 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
    2011/01/03 18:10:02.0167 KLIF (09bad645d3843669c281431c7df2db2e) C:\Windows\system32\DRIVERS\klif.sys
    2011/01/03 18:10:02.0354 KLIM6 (a1d045c763adec1c7bcb2150f36c60dc) C:\Windows\system32\DRIVERS\klim6.sys
    2011/01/03 18:10:02.0416 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
    2011/01/03 18:10:02.0510 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/03 18:10:02.0604 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/01/03 18:10:02.0697 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/01/03 18:10:02.0978 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/03 18:10:03.0103 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/01/03 18:10:03.0212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/01/03 18:10:03.0337 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/01/03 18:10:03.0493 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/01/03 18:10:03.0649 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/01/03 18:10:03.0727 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/01/03 18:10:03.0820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/01/03 18:10:03.0976 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/01/03 18:10:04.0101 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/03 18:10:04.0226 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/03 18:10:04.0382 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/03 18:10:04.0429 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/03 18:10:04.0507 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/01/03 18:10:04.0647 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/03 18:10:04.0756 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/03 18:10:04.0897 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/03 18:10:05.0037 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/03 18:10:05.0209 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/03 18:10:05.0334 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/01/03 18:10:05.0443 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/01/03 18:10:05.0583 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/01/03 18:10:05.0677 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/01/03 18:10:05.0724 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/01/03 18:10:05.0880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/03 18:10:06.0082 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/03 18:10:06.0348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/03 18:10:06.0706 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/03 18:10:06.0987 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/03 18:10:07.0237 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/03 18:10:07.0471 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/01/03 18:10:07.0783 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/01/03 18:10:08.0126 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/03 18:10:08.0578 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/01/03 18:10:08.0828 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/01/03 18:10:08.0937 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/03 18:10:09.0109 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/03 18:10:09.0249 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/03 18:10:09.0405 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/03 18:10:09.0577 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/03 18:10:09.0639 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/03 18:10:09.0733 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/01/03 18:10:09.0811 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/01/03 18:10:10.0014 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/03 18:10:10.0107 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/03 18:10:10.0326 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/01/03 18:10:10.0450 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
    2011/01/03 18:10:10.0981 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/01/03 18:10:11.0480 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/01/03 18:10:11.0558 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/01/03 18:10:11.0714 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/01/03 18:10:11.0886 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/01/03 18:10:12.0104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/01/03 18:10:12.0198 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/01/03 18:10:12.0291 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/01/03 18:10:12.0385 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/01/03 18:10:12.0463 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/01/03 18:10:12.0572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/01/03 18:10:12.0666 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/01/03 18:10:12.0931 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/03 18:10:13.0056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/01/03 18:10:13.0243 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/03 18:10:13.0446 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/01/03 18:10:13.0555 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/01/03 18:10:13.0742 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/01/03 18:10:13.0851 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/03 18:10:13.0992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/03 18:10:14.0054 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/01/03 18:10:14.0194 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/03 18:10:14.0366 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/03 18:10:14.0506 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/03 18:10:14.0616 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/03 18:10:14.0803 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/01/03 18:10:14.0850 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/03 18:10:14.0928 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    2011/01/03 18:10:15.0099 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/03 18:10:15.0146 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/01/03 18:10:15.0224 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/03 18:10:15.0380 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/01/03 18:10:15.0552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/03 18:10:15.0645 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/01/03 18:10:15.0770 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/01/03 18:10:15.0879 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/01/03 18:10:16.0004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/01/03 18:10:16.0144 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/01/03 18:10:16.0238 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/01/03 18:10:16.0394 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/01/03 18:10:16.0550 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/01/03 18:10:16.0659 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/01/03 18:10:16.0784 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/01/03 18:10:16.0909 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/01/03 18:10:17.0034 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/01/03 18:10:17.0158 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/01/03 18:10:17.0268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/03 18:10:17.0439 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/01/03 18:10:17.0611 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    2011/01/03 18:10:17.0751 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/03 18:10:17.0954 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/03 18:10:18.0141 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/03 18:10:18.0344 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/01/03 18:10:18.0484 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/01/03 18:10:18.0672 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/01/03 18:10:18.0703 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/03 18:10:18.0843 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
    2011/01/03 18:10:19.0124 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/03 18:10:19.0296 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/03 18:10:19.0420 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/03 18:10:19.0483 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/03 18:10:19.0639 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/03 18:10:19.0732 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/03 18:10:19.0935 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/03 18:10:20.0107 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/03 18:10:20.0232 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/01/03 18:10:20.0341 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/03 18:10:20.0559 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/01/03 18:10:20.0700 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/03 18:10:20.0778 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/01/03 18:10:20.0902 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/03 18:10:21.0090 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/01/03 18:10:21.0214 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/03 18:10:21.0370 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/03 18:10:21.0542 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/01/03 18:10:21.0667 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/03 18:10:21.0745 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/03 18:10:21.0916 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/03 18:10:22.0072 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
    2011/01/03 18:10:22.0260 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/01/03 18:10:22.0400 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/03 18:10:22.0478 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/01/03 18:10:22.0603 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/01/03 18:10:22.0774 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/01/03 18:10:22.0821 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/01/03 18:10:22.0930 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/01/03 18:10:22.0962 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/01/03 18:10:23.0055 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/03 18:10:23.0242 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/01/03 18:10:23.0430 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/01/03 18:10:23.0554 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/01/03 18:10:23.0632 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/01/03 18:10:23.0804 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/03 18:10:23.0820 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/03 18:10:23.0913 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/01/03 18:10:23.0991 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/03 18:10:24.0210 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/01/03 18:10:24.0256 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/01/03 18:10:24.0412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/03 18:10:24.0631 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/03 18:10:24.0693 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/01/03 18:10:24.0880 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/03 18:10:25.0286 ================================================================================
    2011/01/03 18:10:25.0286 Scan finished
    2011/01/03 18:10:25.0286 ================================================================================
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan. ( vista or Windows 7, right click the rsit.exe and select run as admin)



    If necessary allow it to locate or download a copy of HijackThis as needed.

    Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

    RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

    You can use separate posts here when replying and posting the log files if needed.
     
  9. Brian-

    Brian- Thread Starter

    Joined:
    Jan 1, 2011
    Messages:
    7
    Here is the RSIT log.txt file:

    Logfile of random's system information tool 1.08 (written by random/random)
    Run by B at 2011-01-04 19:58:59
    Microsoft Windows 7 Ultimate
    System drive C: has 30 GB (39%) free of 76 GB
    Total RAM: 2048 MB (80% free)
    HijackThis download failed
    ======Registry dump======
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
    ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2010-05-01 291840]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
    FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2010-05-01 291840]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
    "AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2010-08-18 340520]
    "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
    "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
    "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
    "CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]
    "VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-10-13 328056]
    "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
    "Steam"=C:\Program Files (x86)\Steam\Steam.exe [2010-11-16 1242448]
    "AnyDVD"=C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2009-11-11 3124160]
    C:\Users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Dropbox.lnk - C:\Users\B\AppData\Roaming\Dropbox\bin\Dropbox.exe
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=credssp.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=5
    "ConsentPromptBehaviorUser"=3
    "EnableUIADesktopToggle"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoActiveDesktop"=1
    "NoActiveDesktopChanges"=1
    "ForceActiveDesktopOn"=0
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    ======File associations======
    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*
    ======List of files/folders created in the last 1 months======
    2011-01-04 19:59:01 ----D---- C:\Program Files (x86)\trend micro
    2011-01-04 19:58:59 ----D---- C:\rsit
    2011-01-03 20:12:32 ----A---- C:\TDSSKiller.2.4.12.0_03.01.2011_20.12.32_log.txt
    2011-01-03 18:09:41 ----A---- C:\TDSSKiller.2.4.12.0_03.01.2011_18.09.41_log.txt
    2011-01-01 15:14:27 ----A---- C:\Windows\ntbtlog.txt
    2010-12-31 20:06:08 ----D---- C:\Windows\pss
    2010-12-30 21:14:55 ----D---- C:\Users\B\AppData\Roaming\79D9683D-6BFF-45BF-BBFC-5ECDC189E18C
    2010-12-30 21:13:35 ----D---- C:\Program Files (x86)\Common Files\Acronis
    2010-12-30 21:13:35 ----D---- C:\Program Files (x86)\Acronis
    2010-12-30 21:11:54 ----D---- C:\Users\B\AppData\Roaming\Acronis
    2010-12-30 21:11:54 ----D---- C:\ProgramData\Acronis
    2010-12-30 21:10:10 ----D---- C:\Program Files (x86)\acronistrueimagehome2011
    2010-12-30 21:01:53 ----D---- C:\Program Files (x86)\GIGABYTE
    2010-12-24 12:59:18 ----AT---- C:\Windows\SysWOW64\SIntfNT.dll
    2010-12-24 12:59:18 ----AT---- C:\Windows\SysWOW64\SIntf32.dll
    2010-12-24 12:59:18 ----AT---- C:\Windows\SysWOW64\SIntf16.dll
    2010-12-24 12:58:10 ----A---- C:\Windows\DIIUnin.pif
    2010-12-24 12:58:10 ----A---- C:\Windows\DIIUnin.exe
    2010-12-20 19:09:44 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
    2010-12-20 19:09:44 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
    2010-12-20 19:09:43 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
    2010-12-20 19:09:42 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
    2010-12-20 19:09:40 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
    2010-12-20 19:09:40 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
    2010-12-20 19:09:37 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
    2010-12-20 19:09:36 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
    2010-12-20 19:09:35 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
    2010-12-20 19:09:34 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
    2010-12-20 19:09:31 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
    2010-12-20 19:09:31 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
    2010-12-20 19:09:29 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
    2010-12-20 19:09:28 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
    2010-12-20 19:09:24 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
    2010-12-20 19:09:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
    2010-12-20 19:09:21 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
    2010-12-20 19:09:20 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
    2010-12-20 19:09:18 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
    2010-12-20 19:09:18 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
    2010-12-20 19:09:16 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
    2010-12-20 19:09:16 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
    2010-12-20 19:09:16 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
    2010-12-20 19:09:13 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
    2010-12-20 19:09:13 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
    2010-12-20 19:09:11 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
    2010-12-20 19:09:11 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
    2010-12-20 19:09:10 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
    2010-12-20 19:09:08 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
    2010-12-20 19:09:08 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
    2010-12-20 19:09:05 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
    2010-12-20 19:09:04 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
    2010-12-20 19:09:02 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
    2010-12-20 19:09:01 ----A---- C:\Windows\SysWOW64\d3dx10.dll
    2010-12-20 19:08:58 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
    2010-12-20 19:08:56 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
    2010-12-20 19:08:56 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
    2010-12-20 19:08:54 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
    2010-12-20 19:08:54 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
    2010-12-20 19:08:53 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
    2010-12-20 19:08:52 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
    2010-12-20 19:08:51 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
    2010-12-20 19:08:50 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
    2010-12-20 19:08:37 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
    2010-12-20 19:08:34 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
    2010-12-20 19:08:34 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
    2010-12-20 19:08:33 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
    2010-12-20 19:08:31 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
    2010-12-20 19:08:29 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
    2010-12-20 19:08:27 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
    2010-12-20 19:08:24 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
    2010-12-20 19:08:21 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
    2010-12-16 19:11:33 ----D---- C:\ProgramData\SlySoft
    2010-12-16 19:11:18 ----D---- C:\Program Files (x86)\SlySoft
    2010-12-15 23:00:26 ----D---- C:\ProgramData\Elaborate Bytes
    2010-12-15 22:57:07 ----D---- C:\Program Files (x86)\Elaborate Bytes
    ======List of files/folders modified in the last 1 months======
    2011-01-04 19:59:01 ----RD---- C:\Program Files (x86)
    2011-01-04 19:54:43 ----D---- C:\Users\B\AppData\Roaming\uTorrent
    2011-01-04 19:54:38 ----D---- C:\Program Files (x86)\Steam
    2011-01-03 18:12:07 ----D---- C:\Windows\System32
    2011-01-03 18:12:06 ----D---- C:\Windows\inf
    2011-01-03 18:11:12 ----D---- C:\Windows\Temp
    2011-01-02 13:37:23 ----D---- C:\Windows\winsxs
    2011-01-02 13:37:05 ----D---- C:\Windows\SysWOW64\en-US
    2011-01-02 13:37:05 ----D---- C:\Windows\ShellNew
    2011-01-02 13:37:05 ----D---- C:\Windows\PolicyDefinitions
    2011-01-02 13:37:04 ----RD---- C:\Program Files
    2011-01-01 15:47:10 ----D---- C:\Users\B\AppData\Roaming\Dropbox
    2011-01-01 15:47:04 ----D---- C:\Windows\Prefetch
    2011-01-01 15:14:27 ----D---- C:\Windows
    2011-01-01 13:07:25 ----D---- C:\Windows\Tasks
    2011-01-01 13:07:25 ----D---- C:\Windows\SysWOW64
    2011-01-01 13:07:23 ----D---- C:\Windows\AppCompat
    2011-01-01 13:07:23 ----D---- C:\Users\B\AppData\Roaming\vlc
    2011-01-01 13:07:23 ----D---- C:\Users\B\AppData\Roaming\dvdcss
    2011-01-01 13:07:23 ----D---- C:\Program Files (x86)\FLEETMATE
    2011-01-01 13:07:23 ----D---- C:\Program Files (x86)\Coupons
    2011-01-01 13:07:20 ----D---- C:\Windows\registration
    2011-01-01 13:07:14 ----SHD---- C:\Windows\Installer
    2011-01-01 13:07:11 ----HD---- C:\ProgramData
    2011-01-01 13:07:10 ----D---- C:\ProgramData\Kaspersky Lab
    2011-01-01 13:07:09 ----D---- C:\Program Files (x86)\Common Files
    2011-01-01 13:05:47 ----SHD---- C:\System Volume Information
    2010-12-30 21:16:05 ----HD---- C:\Config.Msi
    2010-12-20 19:10:32 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
    2010-12-20 19:08:50 ----RSD---- C:\Windows\assembly
    2010-12-20 18:41:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
    2010-12-16 19:25:04 ----D---- C:\Windows\SysWOW64\drivers
    2010-12-14 23:36:57 ----D---- C:\Users\B\AppData\Roaming\ConceptDraw MINDMAP 5 Professional
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R0 KLBG;Kaspersky Lab Boot Guard Driver; C:\Windows\system32\DRIVERS\klbg.sys []
    R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
    R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
    R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-11-11 121280]
    R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-15 40648]
    R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys []
    S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
    S1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
    S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
    S1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys []
    S1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys []
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
    S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
    S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
    S3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys []
    S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys []
    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
    S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
    S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
    S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
    S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
    S2 AVP;Kaspersky Internet Security; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2010-08-18 340520]
    S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-19 867080]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
    S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-20 403240]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
    -----------------EOF-----------------
     
  10. Brian-

    Brian- Thread Starter

    Joined:
    Jan 1, 2011
    Messages:
    7
    Here is the RIST info.txt file:

    info.txt logfile of random's system information tool 1.08 2011-01-04 19:59:04
    ======Uninstall list======
    -->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
    µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
    ACDSee Pro 3-->MsiExec.exe /I{1B280FAF-AE10-4E31-A41A-DB3917D651DC}
    Acrobat.com-->msiexec /qb /x {E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}
    Acrobat.com-->MsiExec.exe /I{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}
    Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
    Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
    Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}
    Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
    AnyDVD-->"C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD"
    Automotive Wolf PE v4.497 Installation-->MsiExec.exe /I{52FD4DF3-1DF4-4323-9330-6007A5F7A968}
    calibre-->MsiExec.exe /I{54F5EAE1-2B88-4F4A-8706-12787E1E34BF}
    CARCare-->C:\PROGRA~1\CARCare\UNWISE.EXE C:\PROGRA~1\CARCare\INSTALL.LOG
    CloneCD-->"C:\Program Files (x86)\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files (x86)\SlySoft\CloneCD"
    CloneDVD2-->"C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files (x86)\Elaborate Bytes\CloneDVD2"
    CoffeeCup Flash Form Builder-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{184D95BE-B66A-4534-97E6-4C6A44032C6E}\Setup.exe" -l0x9
    CoffeeCup Image Mapper-->C:\PROGRA~2\COFFEE~1\IMAGEM~1\UNWISE.EXE C:\PROGRA~2\COFFEE~1\IMAGEM~1\mapperinst.log
    CoffeeCup Visual Site Designer-->C:\Windows\CoffeeCup Visual Site Designer Uninstaller.exe
    ConceptDraw MINDMAP 5 Professional-->MsiExec.exe /I{28981DB1-9F50-40EE-A51A-1B589FA42C2B}
    ConceptDraw Office-->MsiExec.exe /X{D32FA1FF-78EC-4FFB-B339-F6CEFCA1EFE5}
    Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"
    Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
    FLEETMATE-->C:\PROGRA~2\FLEETM~1\UNWISE.EXE C:\PROGRA~2\FLEETM~1\INSTALL.LOG
    Garmin USB Drivers-->MsiExec.exe /X{510D2239-6C2E-457B-9590-485EC552D94D}
    Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
    Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
    Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
    Microsoft Office Project Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
    Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Ultimate 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
    Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
    ResumeMaker Professional-->C:\PROGRA~2\RESUME~1\UNWISE.EXE C:\PROGRA~2\RESUME~1\INSTALL.LOG
    SmartDraw 2008-->C:\PROGRA~2\SMARTD~1\UNWISE.EXE C:\PROGRA~2\SMARTD~1\INSTALL.LOG
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Times Reader-->msiexec /qb /x {A75BC59B-10BF-6B87-DCC7-3501F158ACC6}
    Times Reader-->MsiExec.exe /I{A75BC59B-10BF-6B87-DCC7-3501F158ACC6}
    Trine-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/35700
    VirtualCloneDrive-->"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive"
    VLC media player 1.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
    WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
    ======System event log======
    Computer Name: RightDesktop
    Event Code: 1
    Message: Initialization of the High Precision Event Timer failed due to a BIOS configuration problem.
    The operating system will use another available platform timer in lieu of the High Precision Event Timer.
    Contact your system vendor for technical assistance.
    Initialization status: 0x1.
    Record Number: 447
    Source Name: Microsoft-Windows-HAL
    Time Written: 20100509172202.703125-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM
    Computer Name: RightDesktop
    Event Code: 1
    Message: Initialization of the High Precision Event Timer failed due to a BIOS configuration problem.
    The operating system will use another available platform timer in lieu of the High Precision Event Timer.
    Contact your system vendor for technical assistance.
    Initialization status: 0x1.
    Record Number: 320
    Source Name: Microsoft-Windows-HAL
    Time Written: 20100509171615.656250-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM
    Computer Name: 37L4247E29-32
    Event Code: 7023
    Message: The Windows Time service terminated with the following error:
    The system cannot find the file specified.
    Record Number: 280
    Source Name: Service Control Manager
    Time Written: 20100509170959.947625-000
    Event Type: Error
    User:
    Computer Name: 37L4247E29-32
    Event Code: 219
    Message: The driver \Driver\tunnel failed to load for the device ROOT\*ISATAP\0000.
    Record Number: 196
    Source Name: Microsoft-Windows-Kernel-PnP
    Time Written: 20100509220452.328125-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM
    Computer Name: 37L4247E29-32
    Event Code: 1
    Message: Initialization of the High Precision Event Timer failed due to a BIOS configuration problem.
    The operating system will use another available platform timer in lieu of the High Precision Event Timer.
    Contact your system vendor for technical assistance.
    Initialization status: 0x1.
    Record Number: 16
    Source Name: Microsoft-Windows-HAL
    Time Written: 20100509220207.578125-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM
    =====Application event log=====
    Computer Name: RightDesktop
    Event Code: 3036
    Message: The content source <mapi://{S-1-5-21-2386623308-124341760-3130736197-1001}/> cannot be accessed.
    Context: Application, SystemIndex Catalog
    Details:
    No protocol handler is available. Install a protocol handler that can process this URL type. (HRESULT : 0x80040d37) (0x80040d37)
    Record Number: 320
    Source Name: Microsoft-Windows-Search
    Time Written: 20100509175102.000000-000
    Event Type: Warning
    User:
    Computer Name: RightDesktop
    Event Code: 63
    Message: A provider, OffProv12, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS12 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
    Record Number: 309
    Source Name: Microsoft-Windows-WMI
    Time Written: 20100509174402.000000-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM
    Computer Name: RightDesktop
    Event Code: 63
    Message: A provider, OffProv12, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS12 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
    Record Number: 308
    Source Name: Microsoft-Windows-WMI
    Time Written: 20100509174402.000000-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM
    Computer Name: RightDesktop
    Event Code: 1008
    Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
    Record Number: 173
    Source Name: Microsoft-Windows-Search
    Time Written: 20100509171950.000000-000
    Event Type: Warning
    User:
    Computer Name: RightDesktop
    Event Code: 11
    Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 1004) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
    Record Number: 168
    Source Name: Microsoft-Windows-RPC-Events
    Time Written: 20100509171935.874500-000
    Event Type: Warning
    User: NT AUTHORITY\LOCAL SERVICE
    =====Security event log=====
    Computer Name: 37L4247E29-32
    Event Code: 4735
    Message: A security-enabled local group was changed.
    Subject:
    Security ID: S-1-5-18
    Account Name: 37L4247E29-32$
    Account Domain: WORKGROUP
    Logon ID: 0x3e7
    Group:
    Security ID: S-1-5-32-551
    Group Name: Backup Operators
    Group Domain: Builtin
    Changed Attributes:
    SAM Account Name: -
    SID History: -
    Additional Information:
    Privileges: -
    Record Number: 5
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100509220257.640625-000
    Event Type: Audit Success
    User:
    Computer Name: 37L4247E29-32
    Event Code: 4731
    Message: A security-enabled local group was created.
    Subject:
    Security ID: S-1-5-18
    Account Name: 37L4247E29-32$
    Account Domain: WORKGROUP
    Logon ID: 0x3e7
    New Group:
    Security ID: S-1-5-32-551
    Group Name: Backup Operators
    Group Domain: Builtin
    Attributes:
    SAM Account Name: Backup Operators
    SID History: -
    Additional Information:
    Privileges: -
    Record Number: 4
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100509220257.640625-000
    Event Type: Audit Success
    User:
    Computer Name: 37L4247E29-32
    Event Code: 4902
    Message: The Per-user audit policy table was created.
    Number of Elements: 0
    Policy ID: 0x2f8f3
    Record Number: 3
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100509220256.671875-000
    Event Type: Audit Success
    User:
    Computer Name: 37L4247E29-32
    Event Code: 4624
    Message: An account was successfully logged on.
    Subject:
    Security ID: S-1-0-0
    Account Name: -
    Account Domain: -
    Logon ID: 0x0
    Logon Type: 0
    New Logon:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}
    Process Information:
    Process ID: 0x4
    Process Name:
    Network Information:
    Workstation Name: -
    Source Network Address: -
    Source Port: -
    Detailed Authentication Information:
    Logon Process: -
    Authentication Package: -
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0
    This event is generated when a logon session is created. It is generated on the computer that was accessed.
    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
    The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    Record Number: 2
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100509220252.078125-000
    Event Type: Audit Success
    User:
    Computer Name: 37L4247E29-32
    Event Code: 4608
    Message: Windows is starting up.
    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
    Record Number: 1
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20100509220251.828125-000
    Event Type: Audit Success
    User:
    ======Environment variables======
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Calibre2\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=AMD64
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
    "NUMBER_OF_PROCESSORS"=2
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 107 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=6b02
    "SAFEBOOT_OPTION"=MINIMAL
    -----------------EOF-----------------
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    have you tried a system rrestore to before this started happening
     
  12. Brian-

    Brian- Thread Starter

    Joined:
    Jan 1, 2011
    Messages:
    7
    Yes, didnt do anything. I think its a bios problem. I tried to install win7 or xp onto 2-new scsi drives and it wouldnt work either. got to a blue screen, with flowers etc. i think that is the screen before it asks what language etc..whatever the first text screen is, and it just froze, then eventualy went to bsod.
     
  13. Brian-

    Brian- Thread Starter

    Joined:
    Jan 1, 2011
    Messages:
    7
    Well it has been running for a few hours now. I made a change in the bios. Hope it stays that way when I reboot. Was there anything in my previous posts that I should look into removing?
    Thanks for all your help.
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    no obvious signs of anything but can you run dds in normal mode so we can doublecheck as many malwares won't show up in a safe mode log
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972023

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice