Can't run antimalware programs

[atapene]

Hi there,

I hope you can help me, I'm having the following problems...

- browsers redirecting, popups telling me i have viruses etc, random popups
- windows security keeps stopping apparently normal programs from running
- antivirus programs wont run
- functions in the control panel wont run, for instance changing uac settings
- windows update didnt run, couldnt connect to the website

i've installed AVG and it found a few problems, but most symptoms persist.

i was unable to load the webpages of mbam or download, finally managed it, the exe wouldnt run until i renamed it, mbam found a few problems, i can now get to the websitesbut other symptoms persist.

avg rootkit found a few problems, again, didnt help.

ive installed spybot but it wont run, and i cant find the spybotSD.exe in the program folder?

i've run DDS but the system crashes halfway through unfortunately.


really hoping someone can help me.

cheers

 

[IndiGenus]

Hello atapene and welcome to the forums here at Safer Networking.

:snwelcome:

Sorry for the delay in getting to your post here. It appears the malware has done some significant damage to your system here. With that in mind, do you have good backups of all your data? If not then I would advise doing so before attempting any other fixes here. If you do and want to proceed with fixing this, then please do the following.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

 

[atapene]

not exactly a good result...

hi there indigenus, thanks for the help.

i thought i'd mention i thought the problems i was having with the uac might have been related to a corrupted profile? so i set up a new one, havent used the old one since, the control of the control panel now works but all other things still persist... anyway.

so, tried to follow your instructions, installed combofix but the thing just wouldnt run, however it did run for me when i renamed the exe.

all went smoothly until the scan got to somewhere in the 40's, then the computer hung and restarted... i booted into safemode, tried to run combofix from there, it got to stage 46 and crashed again.

a bit worrying! i went through all the steps to turn off the antivirus etc, firewall was off, all programs closed... however when i first tried to run combofix, and it just did nothing, i had a look at the system processes and all the avg apps were up and running in the background... (avg 2011). i dont know if they were just running and not interfering, but i had gone in and turned it off as instructed and in the avg interface they were all shown as disabled.

so. i think i will have one more crack at shutting everything down running combofix, and wait for your thoughts.

cheers

 

[IndiGenus]

AVG does not play nice with combofix. My advice is to completly uninstall it then try combofix again.

 

[atapene]

hi,

i had another try and combofix made it through all the stages but then crashed while deleting folders (it seemed to delete some files first).

i googled for combofix crashes and someone said if it runs with problems re antivirus it can need a fresh download, and i'd had weirdness with avg that first time so...

i deleted my combofix exe, downloaded a fresh one and tried again, finally made it all the way through, yay, see attached log file.

how did it go?

 

[atapene]

ok, wrt avg...

i disabled it in the interface and then killed the 2 avg processes i still saw running and they seemed to stay dead....

does the logfile look like it ran ok, or shouldi uninstall avg and run through again?

cheers

 

[IndiGenus]

Looks like the TDL rootkit is running. Let's do this...

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  NOTE: Only use the cure and skip options, NOT the quarantine or delete at this time.
  
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

[atapene]

looks like it found something, all went just as you indicated....

after reboot, here's the logfile.

huge progress in short time, thanks so much!



2010/11/02 23:22:33.0219 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/02 23:22:33.0219 ================================================================================
2010/11/02 23:22:33.0219 SystemInfo:
2010/11/02 23:22:33.0219
2010/11/02 23:22:33.0219 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/02 23:22:33.0219 Product type: Workstation
2010/11/02 23:22:33.0235 ComputerName: USER-PC
2010/11/02 23:22:33.0235 UserName: Liam
2010/11/02 23:22:33.0235 Windows directory: C:\windows
2010/11/02 23:22:33.0235 System windows directory: C:\windows
2010/11/02 23:22:33.0235 Processor architecture: Intel x86
2010/11/02 23:22:33.0235 Number of processors: 2
2010/11/02 23:22:33.0235 Page size: 0x1000
2010/11/02 23:22:33.0235 Boot type: Normal boot
2010/11/02 23:22:33.0235 ================================================================================
2010/11/02 23:22:33.0562 Initialize success
2010/11/02 23:22:37.0540 ================================================================================
2010/11/02 23:22:37.0540 Scan started
2010/11/02 23:22:37.0540 Mode: Manual;
2010/11/02 23:22:37.0540 ================================================================================
2010/11/02 23:22:38.0991 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2010/11/02 23:22:39.0038 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2010/11/02 23:22:39.0100 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2010/11/02 23:22:39.0147 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2010/11/02 23:22:39.0163 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2010/11/02 23:22:39.0194 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2010/11/02 23:22:39.0256 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2010/11/02 23:22:39.0303 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2010/11/02 23:22:39.0334 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2010/11/02 23:22:39.0459 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2010/11/02 23:22:39.0490 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2010/11/02 23:22:39.0506 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2010/11/02 23:22:39.0553 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2010/11/02 23:22:39.0740 amdkmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\windows\system32\DRIVERS\atikmdag.sys
2010/11/02 23:22:40.0005 amdkmdap (e9890f7ec1ab4d09afeb09dd76334622) C:\windows\system32\DRIVERS\atikmpag.sys
2010/11/02 23:22:40.0099 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2010/11/02 23:22:40.0145 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2010/11/02 23:22:40.0177 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2010/11/02 23:22:40.0208 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2010/11/02 23:22:40.0239 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2010/11/02 23:22:40.0286 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2010/11/02 23:22:40.0333 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2010/11/02 23:22:40.0379 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2010/11/02 23:22:40.0395 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2010/11/02 23:22:40.0504 athr (7d0a662d7b116169854b4ec941a7822d) C:\windows\system32\DRIVERS\athr.sys
2010/11/02 23:22:40.0723 AtiHdmiService (40a07e6916ac098e31a9e39ac202b8a1) C:\windows\system32\drivers\AtiHdmi.sys
2010/11/02 23:22:40.0785 AtiPcie (6d6400cd69888f382470d06bb2334ad1) C:\windows\system32\DRIVERS\AtiPcie.sys
2010/11/02 23:22:40.0785 Suspicious file (Forged): C:\windows\system32\DRIVERS\AtiPcie.sys. Real md5: 6d6400cd69888f382470d06bb2334ad1, Fake md5: b73c832088dd54b55e04ff6f9646ad8c
2010/11/02 23:22:40.0785 AtiPcie - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/02 23:22:40.0894 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\windows\system32\DRIVERS\avgfwd6x.sys
2010/11/02 23:22:40.0988 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/02 23:22:41.0019 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
2010/11/02 23:22:41.0066 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/02 23:22:41.0097 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
2010/11/02 23:22:41.0144 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\windows\system32\DRIVERS\avgldx86.sys
2010/11/02 23:22:41.0191 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\windows\system32\DRIVERS\avgmfx86.sys
2010/11/02 23:22:41.0237 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\windows\system32\DRIVERS\avgrkx86.sys
2010/11/02 23:22:41.0300 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\windows\system32\DRIVERS\avgtdix.sys
2010/11/02 23:22:41.0347 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2010/11/02 23:22:41.0425 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2010/11/02 23:22:41.0471 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2010/11/02 23:22:41.0518 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2010/11/02 23:22:41.0565 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2010/11/02 23:22:41.0581 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2010/11/02 23:22:41.0612 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2010/11/02 23:22:41.0643 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2010/11/02 23:22:41.0674 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2010/11/02 23:22:41.0690 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2010/11/02 23:22:41.0705 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2010/11/02 23:22:41.0752 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2010/11/02 23:22:41.0768 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2010/11/02 23:22:41.0799 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2010/11/02 23:22:41.0846 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2010/11/02 23:22:41.0924 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2010/11/02 23:22:42.0142 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2010/11/02 23:22:42.0205 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2010/11/02 23:22:42.0470 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2010/11/02 23:22:42.0517 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2010/11/02 23:22:42.0595 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2010/11/02 23:22:42.0626 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2010/11/02 23:22:42.0673 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2010/11/02 23:22:42.0719 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2010/11/02 23:22:42.0766 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2010/11/02 23:22:42.0829 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2010/11/02 23:22:42.0891 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys
2010/11/02 23:22:42.0953 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2010/11/02 23:22:42.0985 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2010/11/02 23:22:43.0016 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2010/11/02 23:22:43.0078 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2010/11/02 23:22:43.0141 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2010/11/02 23:22:43.0250 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2010/11/02 23:22:43.0421 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2010/11/02 23:22:43.0468 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2010/11/02 23:22:43.0531 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2010/11/02 23:22:43.0562 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2010/11/02 23:22:43.0593 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2010/11/02 23:22:43.0640 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2010/11/02 23:22:43.0655 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2010/11/02 23:22:43.0749 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2010/11/02 23:22:43.0796 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2010/11/02 23:22:43.0843 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2010/11/02 23:22:43.0889 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2010/11/02 23:22:43.0952 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2010/11/02 23:22:44.0014 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2010/11/02 23:22:44.0045 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/02 23:22:44.0108 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2010/11/02 23:22:44.0186 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2010/11/02 23:22:44.0264 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2010/11/02 23:22:44.0311 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2010/11/02 23:22:44.0357 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2010/11/02 23:22:44.0404 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2010/11/02 23:22:44.0451 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2010/11/02 23:22:44.0498 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2010/11/02 23:22:44.0576 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2010/11/02 23:22:44.0607 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2010/11/02 23:22:44.0638 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2010/11/02 23:22:44.0685 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2010/11/02 23:22:44.0841 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
2010/11/02 23:22:45.0075 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2010/11/02 23:22:45.0262 IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys
2010/11/02 23:22:45.0371 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2010/11/02 23:22:45.0434 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2010/11/02 23:22:45.0496 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2010/11/02 23:22:45.0512 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2010/11/02 23:22:45.0543 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2010/11/02 23:22:45.0574 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2010/11/02 23:22:45.0605 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2010/11/02 23:22:45.0637 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2010/11/02 23:22:45.0668 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2010/11/02 23:22:45.0699 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2010/11/02 23:22:45.0730 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2010/11/02 23:22:45.0777 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2010/11/02 23:22:45.0824 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2010/11/02 23:22:45.0886 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2010/11/02 23:22:45.0917 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2010/11/02 23:22:45.0933 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2010/11/02 23:22:45.0964 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2010/11/02 23:22:45.0995 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2010/11/02 23:22:46.0042 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2010/11/02 23:22:46.0058 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2010/11/02 23:22:46.0089 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2010/11/02 23:22:46.0136 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2010/11/02 23:22:46.0214 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2010/11/02 23:22:46.0261 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2010/11/02 23:22:46.0323 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2010/11/02 23:22:46.0354 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2010/11/02 23:22:46.0370 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2010/11/02 23:22:46.0401 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2010/11/02 23:22:46.0448 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2010/11/02 23:22:46.0479 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2010/11/02 23:22:46.0510 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2010/11/02 23:22:46.0526 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2010/11/02 23:22:46.0557 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2010/11/02 23:22:46.0635 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2010/11/02 23:22:46.0651 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2010/11/02 23:22:46.0697 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2010/11/02 23:22:46.0775 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2010/11/02 23:22:46.0807 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2010/11/02 23:22:46.0822 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2010/11/02 23:22:46.0853 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2010/11/02 23:22:46.0885 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2010/11/02 23:22:46.0900 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2010/11/02 23:22:46.0931 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2010/11/02 23:22:46.0963 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2010/11/02 23:22:47.0041 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2010/11/02 23:22:47.0072 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2010/11/02 23:22:47.0103 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2010/11/02 23:22:47.0150 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2010/11/02 23:22:47.0181 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2010/11/02 23:22:47.0212 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2010/11/02 23:22:47.0228 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2010/11/02 23:22:47.0259 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2010/11/02 23:22:47.0337 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2010/11/02 23:22:47.0415 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2010/11/02 23:22:47.0446 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2010/11/02 23:22:47.0477 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2010/11/02 23:22:47.0540 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2010/11/02 23:22:47.0571 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2010/11/02 23:22:47.0618 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2010/11/02 23:22:47.0633 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2010/11/02 23:22:47.0665 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2010/11/02 23:22:47.0727 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2010/11/02 23:22:47.0821 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2010/11/02 23:22:47.0852 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2010/11/02 23:22:47.0867 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2010/11/02 23:22:47.0914 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2010/11/02 23:22:47.0961 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2010/11/02 23:22:47.0992 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2010/11/02 23:22:48.0023 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2010/11/02 23:22:48.0055 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2010/11/02 23:22:48.0164 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2010/11/02 23:22:48.0179 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2010/11/02 23:22:48.0257 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2010/11/02 23:22:48.0335 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2010/11/02 23:22:48.0367 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2010/11/02 23:22:48.0382 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2010/11/02 23:22:48.0413 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2010/11/02 23:22:48.0460 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2010/11/02 23:22:48.0491 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2010/11/02 23:22:48.0538 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2010/11/02 23:22:48.0569 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2010/11/02 23:22:48.0585 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2010/11/02 23:22:48.0616 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2010/11/02 23:22:48.0663 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2010/11/02 23:22:48.0679 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2010/11/02 23:22:48.0710 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2010/11/02 23:22:48.0741 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2010/11/02 23:22:48.0788 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2010/11/02 23:22:48.0866 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2010/11/02 23:22:48.0944 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2010/11/02 23:22:48.0975 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2010/11/02 23:22:49.0053 rtport (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
2010/11/02 23:22:49.0115 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
2010/11/02 23:22:49.0178 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2010/11/02 23:22:49.0240 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2010/11/02 23:22:49.0303 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2010/11/02 23:22:49.0334 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2010/11/02 23:22:49.0365 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2010/11/02 23:22:49.0412 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2010/11/02 23:22:49.0474 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2010/11/02 23:22:49.0505 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2010/11/02 23:22:49.0568 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2010/11/02 23:22:49.0599 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2010/11/02 23:22:49.0630 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2010/11/02 23:22:49.0693 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2010/11/02 23:22:49.0724 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2010/11/02 23:22:49.0755 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2010/11/02 23:22:49.0817 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2010/11/02 23:22:49.0880 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2010/11/02 23:22:49.0927 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2010/11/02 23:22:49.0973 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2010/11/02 23:22:50.0020 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2010/11/02 23:22:50.0067 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2010/11/02 23:22:50.0161 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
2010/11/02 23:22:50.0285 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2010/11/02 23:22:50.0348 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2010/11/02 23:22:50.0395 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2010/11/02 23:22:50.0426 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2010/11/02 23:22:50.0441 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2010/11/02 23:22:50.0488 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2010/11/02 23:22:50.0519 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2010/11/02 23:22:50.0566 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2010/11/02 23:22:50.0629 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2010/11/02 23:22:50.0660 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2010/11/02 23:22:50.0722 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
2010/11/02 23:22:50.0769 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2010/11/02 23:22:50.0800 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2010/11/02 23:22:50.0816 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2010/11/02 23:22:50.0878 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
2010/11/02 23:22:50.0941 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2010/11/02 23:22:50.0972 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2010/11/02 23:22:51.0003 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2010/11/02 23:22:51.0065 usbfilter (e5b14557793164db879ee56f5b59c3e2) C:\windows\system32\DRIVERS\usbfilter.sys
2010/11/02 23:22:51.0097 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2010/11/02 23:22:51.0159 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2010/11/02 23:22:51.0206 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2010/11/02 23:22:51.0253 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2010/11/02 23:22:51.0268 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2010/11/02 23:22:51.0331 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2010/11/02 23:22:51.0393 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2010/11/02 23:22:51.0409 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2010/11/02 23:22:51.0440 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2010/11/02 23:22:51.0471 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2010/11/02 23:22:51.0518 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2010/11/02 23:22:51.0549 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2010/11/02 23:22:51.0565 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2010/11/02 23:22:51.0596 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2010/11/02 23:22:51.0611 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2010/11/02 23:22:51.0643 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2010/11/02 23:22:51.0689 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2010/11/02 23:22:51.0721 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2010/11/02 23:22:51.0767 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2010/11/02 23:22:51.0799 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2010/11/02 23:22:51.0830 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2010/11/02 23:22:51.0861 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2010/11/02 23:22:51.0892 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2010/11/02 23:22:51.0939 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2010/11/02 23:22:52.0033 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2010/11/02 23:22:52.0064 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2010/11/02 23:22:52.0142 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2010/11/02 23:22:52.0189 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2010/11/02 23:22:52.0235 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2010/11/02 23:22:52.0267 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2010/11/02 23:22:52.0329 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
2010/11/02 23:22:52.0579 ================================================================================
2010/11/02 23:22:52.0579 Scan finished
2010/11/02 23:22:52.0579 ================================================================================
2010/11/02 23:22:52.0594 Detected object count: 1
2010/11/02 23:23:04.0793 AtiPcie (6d6400cd69888f382470d06bb2334ad1) C:\windows\system32\DRIVERS\AtiPcie.sys
2010/11/02 23:23:04.0793 Suspicious file (Forged): C:\windows\system32\DRIVERS\AtiPcie.sys. Real md5: 6d6400cd69888f382470d06bb2334ad1, Fake md5: b73c832088dd54b55e04ff6f9646ad8c
2010/11/02 23:23:06.0353 Backup copy found, using it..
2010/11/02 23:23:06.0385 C:\windows\system32\DRIVERS\AtiPcie.sys - will be cured after reboot
2010/11/02 23:23:06.0385 Rootkit.Win32.TDSS.tdl3(AtiPcie) - User select action: Cure
2010/11/02 23:23:14.0996 Deinitialize success

 

[IndiGenus]

Okay let's try combofix again. No need to attach log. Just post in your reply here.

 

[atapene]

it ran through fine first go, and much faster than previously.

also, spybot will now actually fireup and run... previously it would sit in the taskbar and refuse to load up.



ComboFix 10-11-02.01 - Liam 02/11/2010 23:35:16.5.2 - x86
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.44.1033.18.2046.1431 [GMT 0:00]
Running from: c:\users\Liam\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-11-02 23:40 . 2010-11-02 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-02 20:11 . 2010-11-02 20:11 -------- d-----w- C:\$AVG
2010-10-26 17:14 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 17:14 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 17:14 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 17:14 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-24 13:04 . 2010-10-24 13:04 -------- d-----w- c:\programdata\ATI
2010-10-24 13:04 . 2010-10-24 13:04 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-10-24 13:00 . 2010-10-24 13:00 -------- d-----w- C:\ATI
2010-10-24 12:59 . 2010-10-24 12:59 -------- d-----w- C:\AMD
2010-10-24 12:00 . 2010-10-24 12:00 -------- d-----w- c:\program files\Safer Networking
2010-10-24 11:19 . 2010-10-24 12:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-24 11:19 . 2010-10-24 11:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-24 01:09 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-10-24 01:09 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-10-24 01:09 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-10-24 01:09 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-10-24 01:09 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-10-24 01:09 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-10-24 01:09 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-10-24 01:09 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-10-23 21:04 . 2010-10-23 21:04 -------- d--h--w- c:\programdata\Common Files
2010-10-23 21:04 . 2010-10-29 15:13 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-10-23 21:03 . 2010-11-02 13:55 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-23 21:03 . 2010-10-24 11:45 -------- d-----w- c:\programdata\AVG10
2010-10-23 21:02 . 2010-10-23 21:54 -------- d-----w- c:\program files\AVG
2010-10-23 20:59 . 2010-10-23 21:02 -------- d-----w- c:\programdata\MFAData
2010-10-23 20:01 . 2010-10-23 20:01 -------- d-----w- c:\users\Guest
2010-10-23 19:55 . 2010-10-29 19:45 -------- d-----w- c:\users\Liam
2010-10-22 23:29 . 2010-10-23 15:11 -------- d-----w- c:\programdata\SITEguard
2010-10-22 23:28 . 2010-10-22 23:28 -------- d-----w- c:\program files\Common Files\iS3
2010-10-22 23:28 . 2010-10-23 20:39 -------- d-----w- c:\programdata\STOPzilla!
2010-10-22 22:09 . 2010-10-19 10:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-22 22:09 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9CBA830-328D-47F0-A219-23F188F05966}\mpengine.dll
2010-10-22 19:53 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-22 19:53 . 2010-10-22 19:53 -------- d-----w- c:\programdata\Malwarebytes
2010-10-22 19:53 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-22 19:53 . 2010-10-22 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-22 15:52 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-22 15:52 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-22 15:51 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-22 15:51 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-22 15:51 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-21 20:59 . 2010-10-21 20:59 -------- d-----w- c:\windows\Sun
2010-10-21 20:00 . 2010-10-21 20:00 -------- d-----w- c:\program files\SystemRequirementsLab
2010-10-21 11:00 . 2010-10-21 18:44 -------- d-----w- c:\program files\Common Files\Steam
2010-10-20 21:38 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-20 21:38 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-20 15:18 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-10-20 15:18 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-10-20 15:18 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-10-20 15:18 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-10-20 15:18 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-10-20 15:18 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-10-19 22:39 . 2010-10-19 22:39 -------- d-----w- c:\program files\Win7codecs
2010-10-19 22:37 . 2010-10-19 22:42 -------- d-----w- c:\programdata\Win7codecs
2010-10-19 12:41 . 2010-10-19 12:41 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-10-19 12:33 . 2010-10-19 12:33 -------- d-----w- c:\program files\Adobe Media Player
2010-10-19 12:31 . 2010-10-19 12:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-16 16:57 . 2010-10-24 12:27 -------- d-----w- c:\program files\BitTorrent
2010-10-15 20:32 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-10-15 17:47 . 2010-10-29 18:50 -------- d-----w- c:\programdata\FLEXnet
2010-10-15 17:29 . 2010-10-15 17:29 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-10-15 17:24 . 2010-10-15 17:24 -------- d-----w- c:\program files\Microsoft SDKs
2010-10-15 17:24 . 2010-10-15 17:24 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-10-15 17:21 . 2010-10-23 20:35 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-10-15 17:21 . 2010-10-23 20:35 -------- d-----w- c:\program files\Autodesk
2010-10-15 17:02 . 2010-10-23 20:33 -------- d-----w- c:\programdata\Autodesk
2010-10-15 16:54 . 2010-10-22 22:43 -------- d-----w- C:\Autodesk
2010-10-14 16:57 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 16:57 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 16:57 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 16:57 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 16:57 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 16:57 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 16:57 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 16:57 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 16:57 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-13 00:08 . 2010-10-15 22:03 -------- d-----w- c:\program files\StarCraft II
2010-10-13 00:08 . 2010-10-13 00:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-10-13 00:08 . 2010-10-13 00:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-10-12 09:51 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-11 20:45 . 2010-10-11 20:45 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-10-10 14:53 . 2010-10-10 14:53 -------- d-----w- c:\programdata\PlayFirst
2010-10-08 15:47 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-08 15:47 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-08 15:46 . 2010-10-08 15:46 -------- d-----w- c:\program files\iPod
2010-10-08 15:46 . 2010-10-08 15:47 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-08 15:43 . 2010-10-08 15:43 -------- d-----w- c:\programdata\Apple
2010-10-08 14:59 . 2010-10-08 14:59 -------- d-----w- c:\program files\GIMP-2.0
2010-10-08 12:30 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-08 12:30 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-08 12:30 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-08 12:30 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-08 12:30 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-08 05:46 . 2010-10-08 05:46 -------- d-----w- c:\program files\Hugin
2010-10-07 18:02 . 2010-11-02 23:24 -------- d-----w- c:\program files\Common Files\Akamai
2010-10-07 17:18 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-10-07 17:18 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-10-07 16:28 . 2010-10-07 16:28 -------- d-----w- c:\program files\Common Files\Java
2010-10-07 16:15 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-07 16:15 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-07 15:36 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-10-07 14:42 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-10-07 14:42 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-07 14:42 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-10-07 14:41 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-10-07 14:41 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-10-07 14:41 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-10-07 14:41 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-07 14:41 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-10-07 14:41 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-10-07 08:30 . 2010-10-07 08:30 -------- d-----w- c:\program files\Common Files\Skype
2010-10-07 08:30 . 2010-10-24 11:07 -------- d-----r- c:\program files\Skype
2010-10-07 08:30 . 2010-10-07 08:30 -------- d-----w- c:\programdata\Skype
2010-10-07 08:22 . 2010-10-07 08:22 812 ----a-w- c:\windows\system32\drivers\scdskr01.dat
2010-10-07 08:22 . 2010-10-07 08:22 541 ----a-w- c:\windows\system32\drivers\scdhkr01.dat
2010-10-07 08:22 . 2010-10-07 08:22 500 ----a-w- c:\windows\system32\drivers\RSTable.dat
2010-10-07 08:22 . 2010-10-07 08:22 36 ----a-w- c:\windows\system32\drivers\scdstr01.dat
2010-10-07 07:23 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-07 07:22 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-07 07:22 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-07 07:20 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-10-07 07:10 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-07 07:10 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 23:24 . 2010-05-11 21:16 14392 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2010-09-29 02:25 . 2010-09-29 02:25 6472192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-09-29 01:56 . 2010-09-29 01:56 16201728 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-29 01:55 . 2010-09-29 01:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-29 01:55 . 2010-05-11 21:16 536576 ----a-w- c:\windows\system32\aticfx32.dll
2010-09-29 01:51 . 2010-09-29 01:51 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-29 01:51 . 2010-09-29 01:51 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-09-29 01:50 . 2010-09-29 01:50 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-09-29 01:49 . 2010-09-29 01:49 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-09-29 01:49 . 2010-05-11 21:16 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-29 01:49 . 2010-09-29 01:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-29 01:49 . 2010-09-29 01:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-09-29 01:49 . 2010-09-29 01:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-29 01:46 . 2010-05-11 21:16 3953152 ----a-w- c:\windows\system32\atidxx32.dll
2010-09-29 01:28 . 2010-09-29 01:28 4077568 ----a-w- c:\windows\system32\atiumdag.dll
2010-09-29 01:27 . 2010-09-29 01:27 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-29 01:27 . 2010-09-29 01:27 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-29 01:26 . 2010-09-29 01:26 4407808 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-29 01:22 . 2010-05-11 21:16 52736 ----a-w- c:\windows\system32\coinst.dll
2010-09-29 01:22 . 2010-09-29 01:22 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-09-29 01:15 . 2010-09-29 01:15 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-29 01:14 . 2010-09-29 01:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-09-29 01:14 . 2010-09-29 01:14 19968 ----a-w- c:\windows\system32\atigktxx.dll
2010-09-29 01:14 . 2010-09-29 01:14 228352 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-09-29 01:14 . 2010-05-11 21:16 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-09-29 01:13 . 2010-09-29 01:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-09-29 01:12 . 2010-09-29 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-09-29 01:09 . 2010-09-29 01:09 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-29 01:09 . 2010-09-29 01:09 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-13 15:27 . 2010-09-13 15:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-02 08:05 . 2010-09-02 08:05 1247744 ----a-w- c:\windows\system32\drivers\athr.sys
2010-09-01 23:53 . 2010-09-01 23:53 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-27 18:32 . 2010-08-27 18:32 294912 ----a-w- c:\windows\system32\ATIODE.exe
2010-08-19 20:42 . 2010-08-19 20:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 20:42 . 2010-08-19 20:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 20:42 . 2010-08-19 20:42 21072 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 10:31 2475336 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\xxx.exe" [2010-04-29 1090952]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Dropbox.lnk - c:\users\Liam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-10-24 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 11:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 14:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 14:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [2010-09-10 3210176]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 21072]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 30392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
FF - ProfilePath - c:\users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\2fbl85lr.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc34df1&v=6.010.006.004&i=26&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_062a651.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3688)
c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Completion time: 2010-11-02 23:42:04
ComboFix-quarantined-files.txt 2010-11-02 23:42
ComboFix2.txt 2010-11-02 22:49

Pre-Run: 78,885,007,360 bytes free
Post-Run: 78,835,720,192 bytes free

- - End Of File - - F2B67D5A47455BB120F9D58CB64A5C03

 

[IndiGenus]

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RegLockDel::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A fresh DDS log. You can hopefully run it now..

 

[tashi]

atapene this thread has been closed due to inactivity and will not be re-opened.

If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Thank you IndiGenus.