Enuf2BDangerous
2010-09-02, 03:26
Kaspersky detected a threat in file C:\WINDOWS\system32\smss.exe However I have been unable to neutralize it with Kaspersky and Spybot does not recognize it. I ran both in safe mode to no avail. However, in normal mode I can not access Safer Networking which is not a good sign. Let me know your thoughts on the best way to get me clean. Thanks for your assitance.
Here is the DDS log file contents:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Gary D. Williams CPA at 11:23:18.76 on 09/02/10
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1497 [GMT -4:00]
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Documents and Settings\Gary D. Williams CPA\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\csasvc.exe
C:\WINDOWS\csifcsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\mshearts.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Documents and Settings\Gary D. Williams CPA\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\gary d. williams cpa\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [pdfFactory Dispatcher v2] c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe
mRun: [pdfFactory Dispatcher v1] c:\windows\system32\spool\drivers\w32x86\3\fppdis1.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\garyd~1.wil\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252425788140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tlr.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\garyd~1.wil\applic~1\mozilla\firefox\profiles\upqgxpyt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\gary d. williams cpa\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 30746232;30746232 Boot Guard Driver;c:\windows\system32\drivers\30746232.sys [2010-9-1 37392]
R0 44444012;44444012 Boot Guard Driver;c:\windows\system32\drivers\44444012.sys [2010-9-1 37392]
R0 75381022;75381022 Boot Guard Driver;c:\windows\system32\drivers\75381022.sys [2010-9-1 37392]
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 30746231;30746231;c:\windows\system32\drivers\30746231.sys [2010-9-1 128016]
R1 44444011;44444011;c:\windows\system32\drivers\44444011.sys [2010-9-1 128016]
R1 75381021;75381021;c:\windows\system32\drivers\75381021.sys [2010-9-1 128016]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-11-13 482392]
R1 setup_9.0.0.722_01.09.2010_18-27drv;setup_9.0.0.722_01.09.2010_18-27drv;c:\windows\system32\drivers\7538102.sys [2010-9-1 315408]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe -r --> c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe -r [?]
R2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [2009-2-26 118784]
R2 MSSQL$CSI_FAS;SQL Server (CSI_FAS);c:\program files\microsoft sql server\mssql.3\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S2 MSSQL$CREATIVESOLUTION;SQL Server (CREATIVESOLUTION);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~3\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~3\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\gary d. williams cpa\my documents\inter-tel\collaboration client 2.0\lkWebLink.exe [2007-9-20 32768]
=============== Created Last 30 ================
2010-09-02 15:15:08 50688 ----a-w- c:\windows\system32\smss.exe
2010-09-02 15:13:41 0 d-----w- c:\windows\system32\temp smss
2010-09-02 02:01:23 0 d-----w- c:\program files\SpywareBlaster
2010-09-02 00:56:01 37392 ----a-w- c:\windows\system32\drivers\75381022.sys
2010-09-02 00:56:01 315408 ----a-w- c:\windows\system32\drivers\7538102.sys
2010-09-02 00:56:01 128016 ----a-w- c:\windows\system32\drivers\75381021.sys
2010-09-02 00:10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-02 00:10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-02 00:10:32 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-02 00:09:05 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-02 00:07:54 0 dc-h--w- c:\windows\ie8
2010-09-01 23:12:10 37392 ----a-w- c:\windows\system32\drivers\44444012.sys
2010-09-01 23:12:10 315408 ----a-w- c:\windows\system32\drivers\4444401.sys
2010-09-01 23:12:10 128016 ----a-w- c:\windows\system32\drivers\44444011.sys
2010-09-01 23:07:47 37392 ----a-w- c:\windows\system32\drivers\30746232.sys
2010-09-01 23:07:47 315408 ----a-w- c:\windows\system32\drivers\3074623.sys
2010-09-01 23:07:47 128016 ----a-w- c:\windows\system32\drivers\30746231.sys
2010-09-01 23:04:07 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-01 23:04:03 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-01 23:02:58 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-01 23:01:00 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-01 23:00:23 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-01 22:59:56 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-01 22:59:56 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-09-01 22:59:55 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-09-01 22:56:26 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-01 22:56:14 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-09-01 22:56:13 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-01 22:56:06 253952 -c----w- c:\windows\system32\dllcache\es.dll
2010-09-01 22:54:43 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-09-01 22:54:39 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-01 22:54:25 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2010-09-01 22:21:06 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-09-01 22:19:59 19569 ----a-w- c:\windows\003437_.tmp
2010-09-01 18:00:58 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-09-01 17:59:54 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-09-01 17:58:56 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-09-01 17:58:49 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-09-01 17:58:49 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-09-01 17:58:48 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-09-01 17:58:48 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-09-01 17:58:48 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-09-01 17:58:48 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-09-01 17:58:43 94720 -c--a-w- c:\windows\system32\dllcache\certmap.ocx
2010-09-01 17:57:18 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-09-01 17:56:52 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-01 17:36:55 8574 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT
2010-09-01 17:36:55 797189 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT
2010-09-01 17:36:55 7382 -c--a-w- c:\windows\system32\dllcache\OEMBIOS.CAT
2010-09-01 17:36:55 399645 -c--a-w- c:\windows\system32\dllcache\MAPIMIG.CAT
2010-09-01 17:36:55 37484 -c--a-w- c:\windows\system32\dllcache\MW770.CAT
2010-09-01 17:36:55 13472 -c--a-w- c:\windows\system32\dllcache\HPCRDP.CAT
2010-09-01 17:36:55 1042903 -c--a-w- c:\windows\system32\dllcache\SP2.CAT
2010-09-01 17:36:44 13753 ----a-r- c:\windows\SETD5.tmp
2010-09-01 17:36:42 1086058 ----a-r- c:\windows\SETC9.tmp
2010-09-01 17:36:40 1042903 ----a-r- c:\windows\SETC6.tmp
2010-08-26 17:30:26 0 d-----w- c:\program files\Avery
2010-08-11 14:52:28 3274 ----a-w- c:\windows\system32\wbem\Outlook_01cb3964d1577a38.mof
==================== Find3M ====================
2010-09-01 17:55:23 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-18 20:03:01 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-18 20:03:01 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-02 01:35:12 228024 ----a-w- c:\windows\system32\klogon.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-07 23:58:25 2069272 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-09-19 00:04:06 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
============= FINISH: 11:26:04.23 ===============
I tried to fix the problem by running a repair installation of windows. It did not fix the problem. Also for whatever reason system restore was turned off. Finally I have a clone copy (old) of the disk from the middle of August. I tried replacing the file smss.exe with the file from the clone but it did not change the status in Kaspersky. Like the name says enough to be dangerous. Please help.
Here is the DDS log file contents:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Gary D. Williams CPA at 11:23:18.76 on 09/02/10
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1497 [GMT -4:00]
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Documents and Settings\Gary D. Williams CPA\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\csasvc.exe
C:\WINDOWS\csifcsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\mshearts.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Documents and Settings\Gary D. Williams CPA\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\gary d. williams cpa\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [pdfFactory Dispatcher v2] c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe
mRun: [pdfFactory Dispatcher v1] c:\windows\system32\spool\drivers\w32x86\3\fppdis1.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\garyd~1.wil\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252425788140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tlr.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\garyd~1.wil\applic~1\mozilla\firefox\profiles\upqgxpyt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\gary d. williams cpa\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 30746232;30746232 Boot Guard Driver;c:\windows\system32\drivers\30746232.sys [2010-9-1 37392]
R0 44444012;44444012 Boot Guard Driver;c:\windows\system32\drivers\44444012.sys [2010-9-1 37392]
R0 75381022;75381022 Boot Guard Driver;c:\windows\system32\drivers\75381022.sys [2010-9-1 37392]
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 30746231;30746231;c:\windows\system32\drivers\30746231.sys [2010-9-1 128016]
R1 44444011;44444011;c:\windows\system32\drivers\44444011.sys [2010-9-1 128016]
R1 75381021;75381021;c:\windows\system32\drivers\75381021.sys [2010-9-1 128016]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-11-13 482392]
R1 setup_9.0.0.722_01.09.2010_18-27drv;setup_9.0.0.722_01.09.2010_18-27drv;c:\windows\system32\drivers\7538102.sys [2010-9-1 315408]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe -r --> c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe -r [?]
R2 CSAPrintService;Creative Solutions Accounting Print Service;c:\windows\csasvc.exe [2009-2-26 118784]
R2 MSSQL$CSI_FAS;SQL Server (CSI_FAS);c:\program files\microsoft sql server\mssql.3\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S2 MSSQL$CREATIVESOLUTION;SQL Server (CREATIVESOLUTION);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~3\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~3\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\gary d. williams cpa\my documents\inter-tel\collaboration client 2.0\lkWebLink.exe [2007-9-20 32768]
=============== Created Last 30 ================
2010-09-02 15:15:08 50688 ----a-w- c:\windows\system32\smss.exe
2010-09-02 15:13:41 0 d-----w- c:\windows\system32\temp smss
2010-09-02 02:01:23 0 d-----w- c:\program files\SpywareBlaster
2010-09-02 00:56:01 37392 ----a-w- c:\windows\system32\drivers\75381022.sys
2010-09-02 00:56:01 315408 ----a-w- c:\windows\system32\drivers\7538102.sys
2010-09-02 00:56:01 128016 ----a-w- c:\windows\system32\drivers\75381021.sys
2010-09-02 00:10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-02 00:10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-02 00:10:32 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-02 00:09:05 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-02 00:07:54 0 dc-h--w- c:\windows\ie8
2010-09-01 23:12:10 37392 ----a-w- c:\windows\system32\drivers\44444012.sys
2010-09-01 23:12:10 315408 ----a-w- c:\windows\system32\drivers\4444401.sys
2010-09-01 23:12:10 128016 ----a-w- c:\windows\system32\drivers\44444011.sys
2010-09-01 23:07:47 37392 ----a-w- c:\windows\system32\drivers\30746232.sys
2010-09-01 23:07:47 315408 ----a-w- c:\windows\system32\drivers\3074623.sys
2010-09-01 23:07:47 128016 ----a-w- c:\windows\system32\drivers\30746231.sys
2010-09-01 23:04:07 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-01 23:04:03 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-01 23:02:58 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-01 23:01:00 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-01 23:00:23 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-01 22:59:56 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-01 22:59:56 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-09-01 22:59:55 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-09-01 22:56:26 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-01 22:56:14 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-09-01 22:56:13 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-01 22:56:06 253952 -c----w- c:\windows\system32\dllcache\es.dll
2010-09-01 22:54:43 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-09-01 22:54:39 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-01 22:54:25 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2010-09-01 22:21:06 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-09-01 22:19:59 19569 ----a-w- c:\windows\003437_.tmp
2010-09-01 18:00:58 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-09-01 17:59:54 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-09-01 17:58:56 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-09-01 17:58:49 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-09-01 17:58:49 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-09-01 17:58:48 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-09-01 17:58:48 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-09-01 17:58:48 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-09-01 17:58:48 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-09-01 17:58:43 94720 -c--a-w- c:\windows\system32\dllcache\certmap.ocx
2010-09-01 17:57:18 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-09-01 17:57:11 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-09-01 17:56:52 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-01 17:36:55 8574 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT
2010-09-01 17:36:55 797189 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT
2010-09-01 17:36:55 7382 -c--a-w- c:\windows\system32\dllcache\OEMBIOS.CAT
2010-09-01 17:36:55 399645 -c--a-w- c:\windows\system32\dllcache\MAPIMIG.CAT
2010-09-01 17:36:55 37484 -c--a-w- c:\windows\system32\dllcache\MW770.CAT
2010-09-01 17:36:55 13472 -c--a-w- c:\windows\system32\dllcache\HPCRDP.CAT
2010-09-01 17:36:55 1042903 -c--a-w- c:\windows\system32\dllcache\SP2.CAT
2010-09-01 17:36:44 13753 ----a-r- c:\windows\SETD5.tmp
2010-09-01 17:36:42 1086058 ----a-r- c:\windows\SETC9.tmp
2010-09-01 17:36:40 1042903 ----a-r- c:\windows\SETC6.tmp
2010-08-26 17:30:26 0 d-----w- c:\program files\Avery
2010-08-11 14:52:28 3274 ----a-w- c:\windows\system32\wbem\Outlook_01cb3964d1577a38.mof
==================== Find3M ====================
2010-09-01 17:55:23 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-18 20:03:01 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-18 20:03:01 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-02 01:35:12 228024 ----a-w- c:\windows\system32\klogon.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-07 23:58:25 2069272 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-09-19 00:04:06 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
============= FINISH: 11:26:04.23 ===============
I tried to fix the problem by running a repair installation of windows. It did not fix the problem. Also for whatever reason system restore was turned off. Finally I have a clone copy (old) of the disk from the middle of August. I tried replacing the file smss.exe with the file from the clone but it did not change the status in Kaspersky. Like the name says enough to be dangerous. Please help.