Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Can't run antimalware programs

  1. 2010-10-24, 14:43 #1
    atapene
    atapene is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default Can't run antimalware programs

    Hi there,

    I hope you can help me, I'm having the following problems...

    - browsers redirecting, popups telling me i have viruses etc, random popups
    - windows security keeps stopping apparently normal programs from running
    - antivirus programs wont run
    - functions in the control panel wont run, for instance changing uac settings
    - windows update didnt run, couldnt connect to the website

    i've installed AVG and it found a few problems, but most symptoms persist.

    i was unable to load the webpages of mbam or download, finally managed it, the exe wouldnt run until i renamed it, mbam found a few problems, i can now get to the websitesbut other symptoms persist.

    avg rootkit found a few problems, again, didnt help.

    ive installed spybot but it wont run, and i cant find the spybotSD.exe in the program folder?

    i've run DDS but the system crashes halfway through unfortunately.


    really hoping someone can help me.

    cheers
  2. 2010-10-30, 16:38 #2
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Hello atapene and welcome to the forums here at Safer Networking.



    Sorry for the delay in getting to your post here. It appears the malware has done some significant damage to your system here. With that in mind, do you have good backups of all your data? If not then I would advise doing so before attempting any other fixes here. If you do and want to proceed with fixing this, then please do the following.

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Please include the C:\ComboFix.txt in your next reply for further review.
    IndiGenus
  3. 2010-11-02, 22:16 #3
    atapene
    atapene is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default not exactly a good result...

    hi there indigenus, thanks for the help.

    i thought i'd mention i thought the problems i was having with the uac might have been related to a corrupted profile? so i set up a new one, havent used the old one since, the control of the control panel now works but all other things still persist... anyway.

    so, tried to follow your instructions, installed combofix but the thing just wouldnt run, however it did run for me when i renamed the exe.

    all went smoothly until the scan got to somewhere in the 40's, then the computer hung and restarted... i booted into safemode, tried to run combofix from there, it got to stage 46 and crashed again.

    a bit worrying! i went through all the steps to turn off the antivirus etc, firewall was off, all programs closed... however when i first tried to run combofix, and it just did nothing, i had a look at the system processes and all the avg apps were up and running in the background... (avg 2011). i dont know if they were just running and not interfering, but i had gone in and turned it off as instructed and in the avg interface they were all shown as disabled.

    so. i think i will have one more crack at shutting everything down running combofix, and wait for your thoughts.

    cheers
  4. 2010-11-02, 22:41 #4
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    AVG does not play nice with combofix. My advice is to completly uninstall it then try combofix again.
    IndiGenus
  5. 2010-11-03, 00:05 #5
    atapene
    atapene is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default

    hi,

    i had another try and combofix made it through all the stages but then crashed while deleting folders (it seemed to delete some files first).

    i googled for combofix crashes and someone said if it runs with problems re antivirus it can need a fresh download, and i'd had weirdness with avg that first time so...

    i deleted my combofix exe, downloaded a fresh one and tried again, finally made it all the way through, yay, see attached log file.

    how did it go?
  6. 2010-11-03, 00:07 #6
    atapene
    atapene is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default

    ok, wrt avg...

    i disabled it in the interface and then killed the 2 avg processes i still saw running and they seemed to stay dead....

    does the logfile look like it ran ok, or shouldi uninstall avg and run through again?

    cheers
  7. 2010-11-03, 00:13 #7
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Looks like the TDL rootkit is running. Let's do this...

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.

      NOTE: Only use the cure and skip options, NOT the quarantine or delete at this time.



    • If a suspicious file is detected, the default action will be Skip, click on Continue.




    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    IndiGenus
  8. 2010-11-03, 00:27 #8
    atapene
    atapene is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default

    looks like it found something, all went just as you indicated....

    after reboot, here's the logfile.

    huge progress in short time, thanks so much!



    2010/11/02 23:22:33.0219 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/11/02 23:22:33.0219 ================================================================================
    2010/11/02 23:22:33.0219 SystemInfo:
    2010/11/02 23:22:33.0219
    2010/11/02 23:22:33.0219 OS Version: 6.1.7600 ServicePack: 0.0
    2010/11/02 23:22:33.0219 Product type: Workstation
    2010/11/02 23:22:33.0235 ComputerName: USER-PC
    2010/11/02 23:22:33.0235 UserName: Liam
    2010/11/02 23:22:33.0235 Windows directory: C:\windows
    2010/11/02 23:22:33.0235 System windows directory: C:\windows
    2010/11/02 23:22:33.0235 Processor architecture: Intel x86
    2010/11/02 23:22:33.0235 Number of processors: 2
    2010/11/02 23:22:33.0235 Page size: 0x1000
    2010/11/02 23:22:33.0235 Boot type: Normal boot
    2010/11/02 23:22:33.0235 ================================================================================
    2010/11/02 23:22:33.0562 Initialize success
    2010/11/02 23:22:37.0540 ================================================================================
    2010/11/02 23:22:37.0540 Scan started
    2010/11/02 23:22:37.0540 Mode: Manual;
    2010/11/02 23:22:37.0540 ================================================================================
    2010/11/02 23:22:38.0991 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
    2010/11/02 23:22:39.0038 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
    2010/11/02 23:22:39.0100 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
    2010/11/02 23:22:39.0147 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    2010/11/02 23:22:39.0163 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    2010/11/02 23:22:39.0194 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    2010/11/02 23:22:39.0256 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
    2010/11/02 23:22:39.0303 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
    2010/11/02 23:22:39.0334 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    2010/11/02 23:22:39.0459 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
    2010/11/02 23:22:39.0490 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
    2010/11/02 23:22:39.0506 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
    2010/11/02 23:22:39.0553 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    2010/11/02 23:22:39.0740 amdkmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\windows\system32\DRIVERS\atikmdag.sys
    2010/11/02 23:22:40.0005 amdkmdap (e9890f7ec1ab4d09afeb09dd76334622) C:\windows\system32\DRIVERS\atikmpag.sys
    2010/11/02 23:22:40.0099 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    2010/11/02 23:22:40.0145 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
    2010/11/02 23:22:40.0177 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    2010/11/02 23:22:40.0208 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
    2010/11/02 23:22:40.0239 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
    2010/11/02 23:22:40.0286 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    2010/11/02 23:22:40.0333 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    2010/11/02 23:22:40.0379 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    2010/11/02 23:22:40.0395 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
    2010/11/02 23:22:40.0504 athr (7d0a662d7b116169854b4ec941a7822d) C:\windows\system32\DRIVERS\athr.sys
    2010/11/02 23:22:40.0723 AtiHdmiService (40a07e6916ac098e31a9e39ac202b8a1) C:\windows\system32\drivers\AtiHdmi.sys
    2010/11/02 23:22:40.0785 AtiPcie (6d6400cd69888f382470d06bb2334ad1) C:\windows\system32\DRIVERS\AtiPcie.sys
    2010/11/02 23:22:40.0785 Suspicious file (Forged): C:\windows\system32\DRIVERS\AtiPcie.sys. Real md5: 6d6400cd69888f382470d06bb2334ad1, Fake md5: b73c832088dd54b55e04ff6f9646ad8c
    2010/11/02 23:22:40.0785 AtiPcie - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/11/02 23:22:40.0894 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\windows\system32\DRIVERS\avgfwd6x.sys
    2010/11/02 23:22:40.0988 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
    2010/11/02 23:22:41.0019 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
    2010/11/02 23:22:41.0066 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
    2010/11/02 23:22:41.0097 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
    2010/11/02 23:22:41.0144 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\windows\system32\DRIVERS\avgldx86.sys
    2010/11/02 23:22:41.0191 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\windows\system32\DRIVERS\avgmfx86.sys
    2010/11/02 23:22:41.0237 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\windows\system32\DRIVERS\avgrkx86.sys
    2010/11/02 23:22:41.0300 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\windows\system32\DRIVERS\avgtdix.sys
    2010/11/02 23:22:41.0347 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    2010/11/02 23:22:41.0425 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
    2010/11/02 23:22:41.0471 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    2010/11/02 23:22:41.0518 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    2010/11/02 23:22:41.0565 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
    2010/11/02 23:22:41.0581 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    2010/11/02 23:22:41.0612 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    2010/11/02 23:22:41.0643 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    2010/11/02 23:22:41.0674 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    2010/11/02 23:22:41.0690 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    2010/11/02 23:22:41.0705 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    2010/11/02 23:22:41.0752 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
    2010/11/02 23:22:41.0768 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    2010/11/02 23:22:41.0799 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
    2010/11/02 23:22:41.0846 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
    2010/11/02 23:22:41.0924 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
    2010/11/02 23:22:42.0142 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    2010/11/02 23:22:42.0205 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
    2010/11/02 23:22:42.0470 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    2010/11/02 23:22:42.0517 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    2010/11/02 23:22:42.0595 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    2010/11/02 23:22:42.0626 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
    2010/11/02 23:22:42.0673 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
    2010/11/02 23:22:42.0719 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    2010/11/02 23:22:42.0766 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
    2010/11/02 23:22:42.0829 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    2010/11/02 23:22:42.0891 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys
    2010/11/02 23:22:42.0953 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
    2010/11/02 23:22:42.0985 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    2010/11/02 23:22:43.0016 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    2010/11/02 23:22:43.0078 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    2010/11/02 23:22:43.0141 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
    2010/11/02 23:22:43.0250 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    2010/11/02 23:22:43.0421 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    2010/11/02 23:22:43.0468 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
    2010/11/02 23:22:43.0531 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    2010/11/02 23:22:43.0562 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    2010/11/02 23:22:43.0593 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    2010/11/02 23:22:43.0640 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    2010/11/02 23:22:43.0655 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    2010/11/02 23:22:43.0749 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    2010/11/02 23:22:43.0796 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    2010/11/02 23:22:43.0843 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    2010/11/02 23:22:43.0889 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
    2010/11/02 23:22:43.0952 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
    2010/11/02 23:22:44.0014 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    2010/11/02 23:22:44.0045 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/11/02 23:22:44.0108 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    2010/11/02 23:22:44.0186 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
    2010/11/02 23:22:44.0264 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
    2010/11/02 23:22:44.0311 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    2010/11/02 23:22:44.0357 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    2010/11/02 23:22:44.0404 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    2010/11/02 23:22:44.0451 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
    2010/11/02 23:22:44.0498 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
    2010/11/02 23:22:44.0576 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
    2010/11/02 23:22:44.0607 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
    2010/11/02 23:22:44.0638 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
    2010/11/02 23:22:44.0685 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
    2010/11/02 23:22:44.0841 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
    2010/11/02 23:22:45.0075 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    2010/11/02 23:22:45.0262 IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys
    2010/11/02 23:22:45.0371 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
    2010/11/02 23:22:45.0434 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    2010/11/02 23:22:45.0496 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/02 23:22:45.0512 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
    2010/11/02 23:22:45.0543 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    2010/11/02 23:22:45.0574 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    2010/11/02 23:22:45.0605 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
    2010/11/02 23:22:45.0637 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
    2010/11/02 23:22:45.0668 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
    2010/11/02 23:22:45.0699 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
    2010/11/02 23:22:45.0730 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
    2010/11/02 23:22:45.0777 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
    2010/11/02 23:22:45.0824 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    2010/11/02 23:22:45.0886 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    2010/11/02 23:22:45.0917 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    2010/11/02 23:22:45.0933 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    2010/11/02 23:22:45.0964 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    2010/11/02 23:22:45.0995 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    2010/11/02 23:22:46.0042 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    2010/11/02 23:22:46.0058 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    2010/11/02 23:22:46.0089 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    2010/11/02 23:22:46.0136 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    2010/11/02 23:22:46.0214 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
    2010/11/02 23:22:46.0261 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    2010/11/02 23:22:46.0323 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
    2010/11/02 23:22:46.0354 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
    2010/11/02 23:22:46.0370 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    2010/11/02 23:22:46.0401 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
    2010/11/02 23:22:46.0448 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
    2010/11/02 23:22:46.0479 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/02 23:22:46.0510 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/02 23:22:46.0526 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
    2010/11/02 23:22:46.0557 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
    2010/11/02 23:22:46.0635 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    2010/11/02 23:22:46.0651 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    2010/11/02 23:22:46.0697 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
    2010/11/02 23:22:46.0775 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    2010/11/02 23:22:46.0807 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    2010/11/02 23:22:46.0822 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    2010/11/02 23:22:46.0853 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    2010/11/02 23:22:46.0885 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
    2010/11/02 23:22:46.0900 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    2010/11/02 23:22:46.0931 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    2010/11/02 23:22:46.0963 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    2010/11/02 23:22:47.0041 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    2010/11/02 23:22:47.0072 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
    2010/11/02 23:22:47.0103 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    2010/11/02 23:22:47.0150 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    2010/11/02 23:22:47.0181 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
    2010/11/02 23:22:47.0212 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
    2010/11/02 23:22:47.0228 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
    2010/11/02 23:22:47.0259 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    2010/11/02 23:22:47.0337 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
    2010/11/02 23:22:47.0415 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    2010/11/02 23:22:47.0446 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    2010/11/02 23:22:47.0477 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    2010/11/02 23:22:47.0540 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
    2010/11/02 23:22:47.0571 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    2010/11/02 23:22:47.0618 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
    2010/11/02 23:22:47.0633 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
    2010/11/02 23:22:47.0665 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
    2010/11/02 23:22:47.0727 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
    2010/11/02 23:22:47.0821 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    2010/11/02 23:22:47.0852 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
    2010/11/02 23:22:47.0867 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    2010/11/02 23:22:47.0914 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
    2010/11/02 23:22:47.0961 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
    2010/11/02 23:22:47.0992 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    2010/11/02 23:22:48.0023 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    2010/11/02 23:22:48.0055 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    2010/11/02 23:22:48.0164 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    2010/11/02 23:22:48.0179 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    2010/11/02 23:22:48.0257 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    2010/11/02 23:22:48.0335 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    2010/11/02 23:22:48.0367 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    2010/11/02 23:22:48.0382 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    2010/11/02 23:22:48.0413 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    2010/11/02 23:22:48.0460 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    2010/11/02 23:22:48.0491 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    2010/11/02 23:22:48.0538 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    2010/11/02 23:22:48.0569 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    2010/11/02 23:22:48.0585 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
    2010/11/02 23:22:48.0616 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    2010/11/02 23:22:48.0663 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
    2010/11/02 23:22:48.0679 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    2010/11/02 23:22:48.0710 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    2010/11/02 23:22:48.0741 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
    2010/11/02 23:22:48.0788 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
    2010/11/02 23:22:48.0866 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
    2010/11/02 23:22:48.0944 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    2010/11/02 23:22:48.0975 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
    2010/11/02 23:22:49.0053 rtport (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
    2010/11/02 23:22:49.0115 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
    2010/11/02 23:22:49.0178 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
    2010/11/02 23:22:49.0240 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
    2010/11/02 23:22:49.0303 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    2010/11/02 23:22:49.0334 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    2010/11/02 23:22:49.0365 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    2010/11/02 23:22:49.0412 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    2010/11/02 23:22:49.0474 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
    2010/11/02 23:22:49.0505 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
    2010/11/02 23:22:49.0568 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
    2010/11/02 23:22:49.0599 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    2010/11/02 23:22:49.0630 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
    2010/11/02 23:22:49.0693 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    2010/11/02 23:22:49.0724 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    2010/11/02 23:22:49.0755 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    2010/11/02 23:22:49.0817 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    2010/11/02 23:22:49.0880 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
    2010/11/02 23:22:49.0927 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
    2010/11/02 23:22:49.0973 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
    2010/11/02 23:22:50.0020 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    2010/11/02 23:22:50.0067 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
    2010/11/02 23:22:50.0161 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
    2010/11/02 23:22:50.0285 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
    2010/11/02 23:22:50.0348 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
    2010/11/02 23:22:50.0395 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
    2010/11/02 23:22:50.0426 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
    2010/11/02 23:22:50.0441 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
    2010/11/02 23:22:50.0488 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
    2010/11/02 23:22:50.0519 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
    2010/11/02 23:22:50.0566 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
    2010/11/02 23:22:50.0629 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
    2010/11/02 23:22:50.0660 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    2010/11/02 23:22:50.0722 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
    2010/11/02 23:22:50.0769 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
    2010/11/02 23:22:50.0800 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
    2010/11/02 23:22:50.0816 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    2010/11/02 23:22:50.0878 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
    2010/11/02 23:22:50.0941 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
    2010/11/02 23:22:50.0972 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
    2010/11/02 23:22:51.0003 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
    2010/11/02 23:22:51.0065 usbfilter (e5b14557793164db879ee56f5b59c3e2) C:\windows\system32\DRIVERS\usbfilter.sys
    2010/11/02 23:22:51.0097 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
    2010/11/02 23:22:51.0159 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
    2010/11/02 23:22:51.0206 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    2010/11/02 23:22:51.0253 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
    2010/11/02 23:22:51.0268 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
    2010/11/02 23:22:51.0331 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
    2010/11/02 23:22:51.0393 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
    2010/11/02 23:22:51.0409 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    2010/11/02 23:22:51.0440 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    2010/11/02 23:22:51.0471 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
    2010/11/02 23:22:51.0518 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
    2010/11/02 23:22:51.0549 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    2010/11/02 23:22:51.0565 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
    2010/11/02 23:22:51.0596 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
    2010/11/02 23:22:51.0611 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    2010/11/02 23:22:51.0643 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
    2010/11/02 23:22:51.0689 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    2010/11/02 23:22:51.0721 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    2010/11/02 23:22:51.0767 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    2010/11/02 23:22:51.0799 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    2010/11/02 23:22:51.0830 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    2010/11/02 23:22:51.0861 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    2010/11/02 23:22:51.0892 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    2010/11/02 23:22:51.0939 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    2010/11/02 23:22:52.0033 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    2010/11/02 23:22:52.0064 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    2010/11/02 23:22:52.0142 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
    2010/11/02 23:22:52.0189 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    2010/11/02 23:22:52.0235 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
    2010/11/02 23:22:52.0267 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
    2010/11/02 23:22:52.0329 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
    2010/11/02 23:22:52.0579 ================================================================================
    2010/11/02 23:22:52.0579 Scan finished
    2010/11/02 23:22:52.0579 ================================================================================
    2010/11/02 23:22:52.0594 Detected object count: 1
    2010/11/02 23:23:04.0793 AtiPcie (6d6400cd69888f382470d06bb2334ad1) C:\windows\system32\DRIVERS\AtiPcie.sys
    2010/11/02 23:23:04.0793 Suspicious file (Forged): C:\windows\system32\DRIVERS\AtiPcie.sys. Real md5: 6d6400cd69888f382470d06bb2334ad1, Fake md5: b73c832088dd54b55e04ff6f9646ad8c
    2010/11/02 23:23:06.0353 Backup copy found, using it..
    2010/11/02 23:23:06.0385 C:\windows\system32\DRIVERS\AtiPcie.sys - will be cured after reboot
    2010/11/02 23:23:06.0385 Rootkit.Win32.TDSS.tdl3(AtiPcie) - User select action: Cure
    2010/11/02 23:23:14.0996 Deinitialize success
  9. 2010-11-03, 00:29 #9
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Okay let's try combofix again. No need to attach log. Just post in your reply here.
    IndiGenus
  10. 2010-11-03, 00:55 #10
    atapene
    atapene is offline
    Junior Member
    Join Date
    Oct 2010
    Posts
    6

    Default

    it ran through fine first go, and much faster than previously.

    also, spybot will now actually fireup and run... previously it would sit in the taskbar and refuse to load up.



    ComboFix 10-11-02.01 - Liam 02/11/2010 23:35:16.5.2 - x86
    Microsoft Windows 7 Home Basic 6.1.7600.0.1252.44.1033.18.2046.1431 [GMT 0:00]
    Running from: c:\users\Liam\Desktop\Combo-Fix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
    .

    2010-11-02 23:40 . 2010-11-02 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-02 20:11 . 2010-11-02 20:11 -------- d-----w- C:\$AVG
    2010-10-26 17:14 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-10-26 17:14 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-10-26 17:14 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-10-26 17:14 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2010-10-24 13:04 . 2010-10-24 13:04 -------- d-----w- c:\programdata\ATI
    2010-10-24 13:04 . 2010-10-24 13:04 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2010-10-24 13:00 . 2010-10-24 13:00 -------- d-----w- C:\ATI
    2010-10-24 12:59 . 2010-10-24 12:59 -------- d-----w- C:\AMD
    2010-10-24 12:00 . 2010-10-24 12:00 -------- d-----w- c:\program files\Safer Networking
    2010-10-24 11:19 . 2010-10-24 12:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-24 11:19 . 2010-10-24 11:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-10-24 01:09 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
    2010-10-24 01:09 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
    2010-10-24 01:09 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
    2010-10-24 01:09 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-10-24 01:09 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
    2010-10-24 01:09 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
    2010-10-24 01:09 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
    2010-10-24 01:09 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
    2010-10-23 21:04 . 2010-10-23 21:04 -------- d--h--w- c:\programdata\Common Files
    2010-10-23 21:04 . 2010-10-29 15:13 -------- d-----w- c:\programdata\AVG Security Toolbar
    2010-10-23 21:03 . 2010-11-02 13:55 -------- d-----w- c:\windows\system32\drivers\AVG
    2010-10-23 21:03 . 2010-10-24 11:45 -------- d-----w- c:\programdata\AVG10
    2010-10-23 21:02 . 2010-10-23 21:54 -------- d-----w- c:\program files\AVG
    2010-10-23 20:59 . 2010-10-23 21:02 -------- d-----w- c:\programdata\MFAData
    2010-10-23 20:01 . 2010-10-23 20:01 -------- d-----w- c:\users\Guest
    2010-10-23 19:55 . 2010-10-29 19:45 -------- d-----w- c:\users\Liam
    2010-10-22 23:29 . 2010-10-23 15:11 -------- d-----w- c:\programdata\SITEguard
    2010-10-22 23:28 . 2010-10-22 23:28 -------- d-----w- c:\program files\Common Files\iS3
    2010-10-22 23:28 . 2010-10-23 20:39 -------- d-----w- c:\programdata\STOPzilla!
    2010-10-22 22:09 . 2010-10-19 10:41 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-22 22:09 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9CBA830-328D-47F0-A219-23F188F05966}\mpengine.dll
    2010-10-22 19:53 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-22 19:53 . 2010-10-22 19:53 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-22 19:53 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-22 19:53 . 2010-10-22 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-22 15:52 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-22 15:52 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-10-22 15:51 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2010-10-22 15:51 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
    2010-10-22 15:51 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-10-21 20:59 . 2010-10-21 20:59 -------- d-----w- c:\windows\Sun
    2010-10-21 20:00 . 2010-10-21 20:00 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-10-21 11:00 . 2010-10-21 18:44 -------- d-----w- c:\program files\Common Files\Steam
    2010-10-20 21:38 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-20 21:38 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-10-20 15:18 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
    2010-10-20 15:18 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2010-10-20 15:18 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2010-10-20 15:18 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2010-10-20 15:18 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2010-10-20 15:18 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2010-10-19 22:39 . 2010-10-19 22:39 -------- d-----w- c:\program files\Win7codecs
    2010-10-19 22:37 . 2010-10-19 22:42 -------- d-----w- c:\programdata\Win7codecs
    2010-10-19 12:41 . 2010-10-19 12:41 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-10-19 12:33 . 2010-10-19 12:33 -------- d-----w- c:\program files\Adobe Media Player
    2010-10-19 12:31 . 2010-10-19 12:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-10-16 16:57 . 2010-10-24 12:27 -------- d-----w- c:\program files\BitTorrent
    2010-10-15 20:32 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2010-10-15 17:47 . 2010-10-29 18:50 -------- d-----w- c:\programdata\FLEXnet
    2010-10-15 17:29 . 2010-10-15 17:29 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-10-15 17:24 . 2010-10-15 17:24 -------- d-----w- c:\program files\Microsoft SDKs
    2010-10-15 17:24 . 2010-10-15 17:24 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2010-10-15 17:21 . 2010-10-23 20:35 -------- d-----w- c:\program files\Common Files\Autodesk Shared
    2010-10-15 17:21 . 2010-10-23 20:35 -------- d-----w- c:\program files\Autodesk
    2010-10-15 17:02 . 2010-10-23 20:33 -------- d-----w- c:\programdata\Autodesk
    2010-10-15 16:54 . 2010-10-22 22:43 -------- d-----w- C:\Autodesk
    2010-10-14 16:57 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-14 16:57 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-14 16:57 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-14 16:57 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 16:57 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 16:57 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 16:57 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 16:57 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-14 16:57 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-10-13 00:08 . 2010-10-15 22:03 -------- d-----w- c:\program files\StarCraft II
    2010-10-13 00:08 . 2010-10-13 00:38 -------- d-----w- c:\programdata\Blizzard Entertainment
    2010-10-13 00:08 . 2010-10-13 00:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-10-12 09:51 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-10-11 20:45 . 2010-10-11 20:45 -------- d-----w- c:\programdata\Office Genuine Advantage
    2010-10-10 14:53 . 2010-10-10 14:53 -------- d-----w- c:\programdata\PlayFirst
    2010-10-08 15:47 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-10-08 15:47 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-10-08 15:46 . 2010-10-08 15:46 -------- d-----w- c:\program files\iPod
    2010-10-08 15:46 . 2010-10-08 15:47 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-10-08 15:43 . 2010-10-08 15:43 -------- d-----w- c:\programdata\Apple
    2010-10-08 14:59 . 2010-10-08 14:59 -------- d-----w- c:\program files\GIMP-2.0
    2010-10-08 12:30 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-10-08 12:30 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-10-08 12:30 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-10-08 12:30 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-10-08 12:30 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-10-08 05:46 . 2010-10-08 05:46 -------- d-----w- c:\program files\Hugin
    2010-10-07 18:02 . 2010-11-02 23:24 -------- d-----w- c:\program files\Common Files\Akamai
    2010-10-07 17:18 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2010-10-07 17:18 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2010-10-07 16:28 . 2010-10-07 16:28 -------- d-----w- c:\program files\Common Files\Java
    2010-10-07 16:15 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-10-07 16:15 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-10-07 15:36 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2010-10-07 14:42 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
    2010-10-07 14:42 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2010-10-07 14:42 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
    2010-10-07 14:41 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
    2010-10-07 14:41 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-10-07 14:41 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-10-07 14:41 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-07 14:41 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2010-10-07 14:41 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
    2010-10-07 08:30 . 2010-10-07 08:30 -------- d-----w- c:\program files\Common Files\Skype
    2010-10-07 08:30 . 2010-10-24 11:07 -------- d-----r- c:\program files\Skype
    2010-10-07 08:30 . 2010-10-07 08:30 -------- d-----w- c:\programdata\Skype
    2010-10-07 08:22 . 2010-10-07 08:22 812 ----a-w- c:\windows\system32\drivers\scdskr01.dat
    2010-10-07 08:22 . 2010-10-07 08:22 541 ----a-w- c:\windows\system32\drivers\scdhkr01.dat
    2010-10-07 08:22 . 2010-10-07 08:22 500 ----a-w- c:\windows\system32\drivers\RSTable.dat
    2010-10-07 08:22 . 2010-10-07 08:22 36 ----a-w- c:\windows\system32\drivers\scdstr01.dat
    2010-10-07 07:23 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2010-10-07 07:22 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-10-07 07:22 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-10-07 07:20 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
    2010-10-07 07:10 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-10-07 07:10 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-02 23:24 . 2010-05-11 21:16 14392 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
    2010-09-29 02:25 . 2010-09-29 02:25 6472192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-09-29 01:56 . 2010-09-29 01:56 16201728 ----a-w- c:\windows\system32\atioglxx.dll
    2010-09-29 01:55 . 2010-09-29 01:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-09-29 01:55 . 2010-05-11 21:16 536576 ----a-w- c:\windows\system32\aticfx32.dll
    2010-09-29 01:51 . 2010-09-29 01:51 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-09-29 01:51 . 2010-09-29 01:51 380928 ----a-w- c:\windows\system32\atieclxx.exe
    2010-09-29 01:50 . 2010-09-29 01:50 176128 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-09-29 01:49 . 2010-09-29 01:49 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2010-09-29 01:49 . 2010-05-11 21:16 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-09-29 01:49 . 2010-09-29 01:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-09-29 01:49 . 2010-09-29 01:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
    2010-09-29 01:49 . 2010-09-29 01:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-09-29 01:46 . 2010-05-11 21:16 3953152 ----a-w- c:\windows\system32\atidxx32.dll
    2010-09-29 01:28 . 2010-09-29 01:28 4077568 ----a-w- c:\windows\system32\atiumdag.dll
    2010-09-29 01:27 . 2010-09-29 01:27 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2010-09-29 01:27 . 2010-09-29 01:27 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2010-09-29 01:26 . 2010-09-29 01:26 4407808 ----a-w- c:\windows\system32\aticaldd.dll
    2010-09-29 01:22 . 2010-05-11 21:16 52736 ----a-w- c:\windows\system32\coinst.dll
    2010-09-29 01:22 . 2010-09-29 01:22 3460096 ----a-w- c:\windows\system32\atiumdva.dll
    2010-09-29 01:15 . 2010-09-29 01:15 241664 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-09-29 01:14 . 2010-09-29 01:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-09-29 01:14 . 2010-09-29 01:14 19968 ----a-w- c:\windows\system32\atigktxx.dll
    2010-09-29 01:14 . 2010-09-29 01:14 228352 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2010-09-29 01:14 . 2010-05-11 21:16 30720 ----a-w- c:\windows\system32\atiuxpag.dll
    2010-09-29 01:13 . 2010-09-29 01:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
    2010-09-29 01:12 . 2010-09-29 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-09-29 01:09 . 2010-09-29 01:09 52736 ----a-w- c:\windows\system32\atimpc32.dll
    2010-09-29 01:09 . 2010-09-29 01:09 52736 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-09-13 15:27 . 2010-09-13 15:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-09-02 08:05 . 2010-09-02 08:05 1247744 ----a-w- c:\windows\system32\drivers\athr.sys
    2010-09-01 23:53 . 2010-09-01 23:53 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-08-27 18:32 . 2010-08-27 18:32 294912 ----a-w- c:\windows\system32\ATIODE.exe
    2010-08-19 20:42 . 2010-08-19 20:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
    2010-08-19 20:42 . 2010-08-19 20:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2010-08-19 20:42 . 2010-08-19 20:42 21072 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-10-06 10:31 2475336 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\xxx.exe" [2010-04-29 1090952]

    c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Dropbox.lnk - c:\users\Liam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-10-24 21979992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2009-06-03 11:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
    2009-04-15 14:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
    2009-04-15 14:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [2010-09-10 3210176]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
    R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 21072]
    S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 30392]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMDB
    *Deregistered* - klmdb

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
    Akamai REG_MULTI_SZ Akamai
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    FF - ProfilePath - c:\users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\2fbl85lr.default\
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc34df1&v=6.010.006.004&i=26&tp=ab&iy=&ychte=uk&lng=en-GB&q=
    FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3688)
    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    Completion time: 2010-11-02 23:42:04
    ComboFix-quarantined-files.txt 2010-11-02 23:42
    ComboFix2.txt 2010-11-02 22:49

    Pre-Run: 78,885,007,360 bytes free
    Post-Run: 78,835,720,192 bytes free

    - - End Of File - - F2B67D5A47455BB120F9D58CB64A5C03
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules