MalwareBytes Will Not Run Antivirus 2010

[wordism]

I tried to get my search on before I came to you guys with this problem.

Symptoms:

Google search page results are redirects.

Computer is slower.

The actual Anti Virus 2010 screen isn't coming up anymore but I'm sure its still on the PC in some form.

----------------------------------------------------------------------

Firstly I tried to open mbam of course.With that I had no luck. Once I start the quick scan it closes about 5 seconds in.

I also can't open other programs search as Spybot etc.

After this I read a few threads of those that had similar problems.

I tried to rename mbam.exe to firefox.com This did not work.

Combofix does not open for me. After the loading screen.. nothing happens.

I also couldn't even INSTALL Hijackthis..

So Now I'm kind of in no mans land. I hope you guys can help.

[MrCharlie]

Welcome to the forum

Please do this..........

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

---------------------------------------------------

Next:

Please download and run ComboFix:

A few notes first:

• ComboFix is compatible exclusively with W2K, XP, Vista, and Windows 7 (32-bit only).
  
• ComboFix must be run from an Administrative account.
  
• Vista and W7 users - Right click, choose "Run as Administrator"
  
• It must be downloaded to and run from your desktop.
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  ComboFix Guide <---please read!
  

---------------------------

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE<-------
  They may interfere with the running of ComboFix.
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks

and Please disable Autorun ASAP!.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If a reboot doesn't restore your connection, please try this:

Check HERE

For XP systems download and run WinSockFix

Vista users: Check HERE

Windows 7 systems: Download and run this Winsockfix.bat

5.Give ComboFix at least 20-30 minutes to finish if needed.

MrC

[wordism]

Regarding TDSSKiller how long should it run? I had it running for about a hour and it still says

Processed: 0 objects, no threats found

[MrCharlie]

No, it only takes a couple of minutes to run.

Try it in safe mode or just see if you can run ComboFix, MrC

[wordism]

No, it only takes a couple of minutes to run.

Try it in safe mode or just see if you can run ComboFix, MrC

Thanks Finally A Breath of Fresh Air..

2010/10/22 14:11:56.0479 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/22 14:11:56.0479 ================================================================================

2010/10/22 14:11:56.0479 SystemInfo:

2010/10/22 14:11:56.0479

2010/10/22 14:11:56.0479 OS Version: 6.1.7600 ServicePack: 0.0

2010/10/22 14:11:56.0479 Product type: Workstation

2010/10/22 14:11:56.0479 ComputerName: ROOM

2010/10/22 14:11:56.0479 UserName: Tre

2010/10/22 14:11:56.0479 Windows directory: C:\Windows

2010/10/22 14:11:56.0479 System windows directory: C:\Windows

2010/10/22 14:11:56.0479 Processor architecture: Intel x86

2010/10/22 14:11:56.0479 Number of processors: 2

2010/10/22 14:11:56.0479 Page size: 0x1000

2010/10/22 14:11:56.0479 Boot type: Safe boot

2010/10/22 14:11:56.0479 ================================================================================

2010/10/22 14:11:56.0728 Initialize success

2010/10/22 14:11:58.0023 ================================================================================

2010/10/22 14:11:58.0023 Scan started

2010/10/22 14:11:58.0023 Mode: Manual;

2010/10/22 14:11:58.0023 ================================================================================

2010/10/22 14:11:59.0240 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/10/22 14:11:59.0380 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2010/10/22 14:11:59.0458 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/10/22 14:11:59.0505 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/10/22 14:11:59.0536 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/10/22 14:11:59.0568 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/10/22 14:11:59.0661 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2010/10/22 14:11:59.0692 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2010/10/22 14:11:59.0755 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/10/22 14:11:59.0817 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2010/10/22 14:11:59.0848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2010/10/22 14:11:59.0880 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2010/10/22 14:11:59.0942 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/10/22 14:11:59.0973 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/10/22 14:12:00.0004 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2010/10/22 14:12:00.0051 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/10/22 14:12:00.0082 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2010/10/22 14:12:00.0114 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/10/22 14:12:00.0192 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/10/22 14:12:00.0223 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/10/22 14:12:00.0285 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/22 14:12:00.0301 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2010/10/22 14:12:00.0394 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

2010/10/22 14:12:00.0441 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/10/22 14:12:00.0488 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/10/22 14:12:00.0535 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/10/22 14:12:00.0597 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/10/22 14:12:00.0660 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/22 14:12:00.0691 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/10/22 14:12:00.0722 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/10/22 14:12:00.0753 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/10/22 14:12:00.0800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/10/22 14:12:00.0831 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/10/22 14:12:00.0862 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/10/22 14:12:00.0894 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/10/22 14:12:00.0940 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/22 14:12:01.0003 cdrom (e2132a6e9b0daf6c87a66ca8698fcb46) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/22 14:12:01.0003 Suspicious file (Forged): C:\Windows\system32\DRIVERS\cdrom.sys. Real md5: e2132a6e9b0daf6c87a66ca8698fcb46, Fake md5: ba6e70aa0e6091bc39de29477d866a77

2010/10/22 14:12:01.0018 cdrom - detected Forged file (1)

2010/10/22 14:12:01.0050 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/10/22 14:12:01.0112 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/10/22 14:12:01.0221 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/22 14:12:01.0268 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2010/10/22 14:12:01.0299 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/10/22 14:12:01.0330 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/22 14:12:01.0393 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/10/22 14:12:01.0471 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/10/22 14:12:01.0518 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2010/10/22 14:12:01.0611 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2010/10/22 14:12:01.0658 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/10/22 14:12:01.0705 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/10/22 14:12:01.0798 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/10/22 14:12:01.0876 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/22 14:12:01.0970 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys

2010/10/22 14:12:02.0032 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/10/22 14:12:02.0142 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/10/22 14:12:02.0251 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/10/22 14:12:02.0298 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2010/10/22 14:12:02.0360 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/10/22 14:12:02.0407 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/10/22 14:12:02.0469 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/22 14:12:02.0516 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/10/22 14:12:02.0547 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/10/22 14:12:02.0625 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/22 14:12:02.0672 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/10/22 14:12:02.0719 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/10/22 14:12:02.0766 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/22 14:12:02.0828 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2010/10/22 14:12:02.0859 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/10/22 14:12:02.0922 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/10/22 14:12:03.0000 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/10/22 14:12:03.0031 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/22 14:12:03.0062 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/10/22 14:12:03.0109 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/10/22 14:12:03.0171 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2010/10/22 14:12:03.0234 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/22 14:12:03.0280 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/10/22 14:12:03.0327 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2010/10/22 14:12:03.0358 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2010/10/22 14:12:03.0436 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/22 14:12:03.0530 ialm (6fcb904910da07c9dc2593d66438fa29) C:\Windows\system32\DRIVERS\igxpmp32.sys

2010/10/22 14:12:03.0592 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/10/22 14:12:03.0639 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/10/22 14:12:03.0717 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2010/10/22 14:12:03.0780 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/22 14:12:03.0842 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/22 14:12:03.0904 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/10/22 14:12:03.0936 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/10/22 14:12:03.0998 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/10/22 14:12:04.0029 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2010/10/22 14:12:04.0092 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/22 14:12:04.0170 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/22 14:12:04.0216 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/22 14:12:04.0263 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/22 14:12:04.0326 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2010/10/22 14:12:04.0388 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/22 14:12:04.0466 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/10/22 14:12:04.0497 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/10/22 14:12:04.0528 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/10/22 14:12:04.0560 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/10/22 14:12:04.0606 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/10/22 14:12:04.0700 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/10/22 14:12:04.0731 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/10/22 14:12:04.0794 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/10/22 14:12:04.0840 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/22 14:12:04.0903 motccgp (a10fa04b73a9d97e5cf77eb1d5a88165) C:\Windows\system32\DRIVERS\motccgp.sys

2010/10/22 14:12:04.0950 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\Windows\system32\DRIVERS\motccgpfl.sys

2010/10/22 14:12:05.0012 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys

2010/10/22 14:12:05.0043 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motport.sys

2010/10/22 14:12:05.0074 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/22 14:12:05.0121 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/22 14:12:05.0152 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2010/10/22 14:12:05.0184 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2010/10/22 14:12:05.0230 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/22 14:12:05.0293 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2010/10/22 14:12:05.0355 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/22 14:12:05.0433 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/22 14:12:05.0496 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/22 14:12:05.0527 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2010/10/22 14:12:05.0558 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2010/10/22 14:12:05.0620 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/10/22 14:12:05.0652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/10/22 14:12:05.0683 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/10/22 14:12:05.0761 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/22 14:12:05.0792 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/22 14:12:05.0823 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/10/22 14:12:05.0854 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/10/22 14:12:05.0901 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/22 14:12:05.0932 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/10/22 14:12:05.0964 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/10/22 14:12:05.0995 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/10/22 14:12:06.0057 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/22 14:12:06.0120 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2010/10/22 14:12:06.0198 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/10/22 14:12:06.0244 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/22 14:12:06.0307 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/22 14:12:06.0338 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/22 14:12:06.0369 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2010/10/22 14:12:06.0432 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/22 14:12:06.0463 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/22 14:12:06.0556 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys

2010/10/22 14:12:06.0634 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/10/22 14:12:06.0697 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/10/22 14:12:06.0744 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/22 14:12:06.0806 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2010/10/22 14:12:06.0853 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/10/22 14:12:06.0900 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/10/22 14:12:06.0946 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2010/10/22 14:12:06.0978 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/10/22 14:12:07.0024 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/22 14:12:07.0102 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/10/22 14:12:07.0134 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/10/22 14:12:07.0149 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/10/22 14:12:07.0196 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2010/10/22 14:12:07.0227 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2010/10/22 14:12:07.0274 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/10/22 14:12:07.0352 PCTCore (8f93fb300deac55c553c2255f1d0342d) C:\Windows\system32\drivers\PCTCore.sys

2010/10/22 14:12:07.0414 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys

2010/10/22 14:12:07.0477 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys

2010/10/22 14:12:07.0524 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/10/22 14:12:07.0570 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/10/22 14:12:07.0726 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/22 14:12:07.0758 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/10/22 14:12:07.0836 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/22 14:12:07.0882 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/10/22 14:12:07.0960 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/10/22 14:12:08.0007 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/22 14:12:08.0038 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/22 14:12:08.0101 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/10/22 14:12:08.0148 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/22 14:12:08.0194 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/22 14:12:08.0257 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/22 14:12:08.0288 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/22 14:12:08.0335 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/10/22 14:12:08.0366 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/22 14:12:08.0413 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2010/10/22 14:12:08.0444 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/22 14:12:08.0491 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/10/22 14:12:08.0522 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2010/10/22 14:12:08.0584 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2010/10/22 14:12:08.0678 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys

2010/10/22 14:12:08.0756 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/22 14:12:08.0834 RTL8187B (b6b3c4259d514f10b458ca6c2e50bc2e) C:\Windows\system32\DRIVERS\wg111v3.sys

2010/10/22 14:12:08.0912 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/10/22 14:12:08.0974 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/10/22 14:12:09.0068 SCDEmu (11d4171bd7f6776a85553ca1f83f7303) C:\Windows\system32\drivers\SCDEmu.sys

2010/10/22 14:12:09.0099 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2010/10/22 14:12:09.0177 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/10/22 14:12:09.0255 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/10/22 14:12:09.0286 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/10/22 14:12:09.0318 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/10/22 14:12:09.0380 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/10/22 14:12:09.0411 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/10/22 14:12:09.0458 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/10/22 14:12:09.0474 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/10/22 14:12:09.0630 sftfs (fcd8208f6a4717726b8ee6943fe70a02) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys

2010/10/22 14:12:09.0661 sftplay (55aada41c4dfe59eeabee1bff1563ec5) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys

2010/10/22 14:12:09.0708 Sftredir (5b31ea26bfad7053224534d31501d4fc) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2010/10/22 14:12:09.0723 sftvol (a933b21cd2e0a340a7056f7dbc1c096a) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys

2010/10/22 14:12:09.0786 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2010/10/22 14:12:09.0848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/10/22 14:12:09.0879 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/10/22 14:12:09.0942 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/10/22 14:12:10.0035 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys

2010/10/22 14:12:10.0082 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/10/22 14:12:10.0191 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2010/10/22 14:12:10.0269 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/22 14:12:10.0332 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/22 14:12:10.0394 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/10/22 14:12:10.0472 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/10/22 14:12:10.0519 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2010/10/22 14:12:10.0566 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/22 14:12:10.0690 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2010/10/22 14:12:10.0784 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/22 14:12:10.0831 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/22 14:12:10.0878 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2010/10/22 14:12:10.0909 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2010/10/22 14:12:10.0940 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/22 14:12:10.0971 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/22 14:12:11.0080 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/22 14:12:11.0143 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/22 14:12:11.0205 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/10/22 14:12:11.0252 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/22 14:12:11.0314 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/10/22 14:12:11.0361 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/22 14:12:11.0392 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/10/22 14:12:11.0486 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2010/10/22 14:12:11.0517 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/22 14:12:11.0548 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2010/10/22 14:12:11.0580 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/22 14:12:11.0626 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/22 14:12:11.0658 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2010/10/22 14:12:11.0704 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/10/22 14:12:11.0751 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2010/10/22 14:12:11.0798 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/22 14:12:11.0829 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/22 14:12:11.0876 Suspicious service (NoAccess): vbmaf29c

2010/10/22 14:12:11.0938 vbmaf29c (2238b0a45fdcff73dfa5d47c4e59a692) C:\Windows\system32\drivers\vbmaf29c.sys

2010/10/22 14:12:11.0954 vbmaf29c - detected Locked service (1)

2010/10/22 14:12:11.0985 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/10/22 14:12:12.0016 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/22 14:12:12.0048 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/10/22 14:12:12.0094 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/10/22 14:12:12.0126 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2010/10/22 14:12:12.0157 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/10/22 14:12:12.0204 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2010/10/22 14:12:12.0313 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2010/10/22 14:12:12.0360 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/10/22 14:12:12.0406 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/10/22 14:12:12.0453 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/10/22 14:12:12.0484 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2010/10/22 14:12:12.0547 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/10/22 14:12:12.0594 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/10/22 14:12:12.0640 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/10/22 14:12:12.0703 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/10/22 14:12:12.0765 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/22 14:12:12.0781 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/22 14:12:12.0890 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/10/22 14:12:12.0937 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/22 14:12:13.0046 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/10/22 14:12:13.0077 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/10/22 14:12:13.0218 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/10/22 14:12:13.0249 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/22 14:12:13.0358 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/22 14:12:13.0452 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2010/10/22 14:12:13.0483 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/22 14:12:13.0670 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/22 14:12:13.0670 ================================================================================

2010/10/22 14:12:13.0670 Scan finished

2010/10/22 14:12:13.0670 ================================================================================

2010/10/22 14:12:13.0701 Detected object count: 3

2010/10/22 14:12:28.0787 Forged file(cdrom) - User select action: Skip

2010/10/22 14:12:28.0802 Locked service(vbmaf29c) - User select action: Skip

2010/10/22 14:12:28.0833 \HardDisk0\MBR - will be cured after reboot

2010/10/22 14:12:28.0833 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/22 14:13:01.0359 Deinitialize success

[MrCharlie]

2010/10/22 14:12:13.0701 Detected object count: 3

2010/10/22 14:12:28.0787 Forged file(cdrom) - User select action: Skip

2010/10/22 14:12:28.0802 Locked service(vbmaf29c) - User select action: Skip

2010/10/22 14:12:28.0833 \HardDisk0\MBR - will be cured after reboot

2010/10/22 14:12:28.0833 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/22 14:13:01.0359 Deinitialize success

--------------------------------------

OK, looks like we got something here.

Go back and run TDSSKiller and this time Quarantine this one:

2010/10/22 14:12:28.0802 Locked service(vbmaf29c) - User select action: Skip

Cure this one:

2010/10/22 14:12:28.0787 Forged file(cdrom) - User select action: Skip

Post the log and then rerun TDSSKiller and make sure nothing is found now, if so post the log.

MrC

[wordism]

Heres is the New Log. I restarted after I cured And Quarantine the ones you told me to but the threats still came up.

2010/10/22 14:56:17.0515 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/22 14:56:17.0515 ================================================================================

2010/10/22 14:56:17.0515 SystemInfo:

2010/10/22 14:56:17.0515

2010/10/22 14:56:17.0515 OS Version: 6.1.7600 ServicePack: 0.0

2010/10/22 14:56:17.0515 Product type: Workstation

2010/10/22 14:56:17.0515 ComputerName: ROOM

2010/10/22 14:56:17.0515 UserName: Tre

2010/10/22 14:56:17.0515 Windows directory: C:\Windows

2010/10/22 14:56:17.0515 System windows directory: C:\Windows

2010/10/22 14:56:17.0515 Processor architecture: Intel x86

2010/10/22 14:56:17.0515 Number of processors: 2

2010/10/22 14:56:17.0515 Page size: 0x1000

2010/10/22 14:56:17.0515 Boot type: Safe boot

2010/10/22 14:56:17.0515 ================================================================================

2010/10/22 14:56:18.0170 Initialize success

2010/10/22 14:56:19.0590 ================================================================================

2010/10/22 14:56:19.0590 Scan started

2010/10/22 14:56:19.0590 Mode: Manual;

2010/10/22 14:56:19.0590 ================================================================================

2010/10/22 14:56:21.0742 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/10/22 14:56:21.0945 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2010/10/22 14:56:22.0039 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/10/22 14:56:22.0148 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/10/22 14:56:22.0226 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/10/22 14:56:22.0288 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/10/22 14:56:22.0491 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2010/10/22 14:56:22.0585 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2010/10/22 14:56:22.0694 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/10/22 14:56:22.0834 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2010/10/22 14:56:22.0881 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2010/10/22 14:56:23.0006 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2010/10/22 14:56:23.0100 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/10/22 14:56:23.0178 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/10/22 14:56:23.0318 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2010/10/22 14:56:23.0521 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/10/22 14:56:23.0552 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2010/10/22 14:56:23.0646 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/10/22 14:56:23.0817 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/10/22 14:56:23.0864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/10/22 14:56:23.0989 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/22 14:56:24.0051 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2010/10/22 14:56:24.0207 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

2010/10/22 14:56:24.0301 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/10/22 14:56:24.0379 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/10/22 14:56:24.0504 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/10/22 14:56:24.0613 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/10/22 14:56:24.0769 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/22 14:56:24.0816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/10/22 14:56:24.0862 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/10/22 14:56:24.0925 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/10/22 14:56:25.0003 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/10/22 14:56:25.0096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/10/22 14:56:25.0159 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/10/22 14:56:25.0190 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/10/22 14:56:25.0284 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/22 14:56:25.0362 cdrom (e2132a6e9b0daf6c87a66ca8698fcb46) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/22 14:56:25.0377 Suspicious file (Forged): C:\Windows\system32\DRIVERS\cdrom.sys. Real md5: e2132a6e9b0daf6c87a66ca8698fcb46, Fake md5: ba6e70aa0e6091bc39de29477d866a77

2010/10/22 14:56:25.0393 cdrom - detected Forged file (1)

2010/10/22 14:56:25.0502 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/10/22 14:56:25.0564 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/10/22 14:56:25.0705 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/22 14:56:25.0767 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2010/10/22 14:56:25.0845 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/10/22 14:56:25.0986 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/22 14:56:26.0095 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/10/22 14:56:26.0173 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/10/22 14:56:26.0329 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2010/10/22 14:56:26.0485 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2010/10/22 14:56:26.0532 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/10/22 14:56:26.0625 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/10/22 14:56:26.0812 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/10/22 14:56:26.0968 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/22 14:56:27.0171 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys

2010/10/22 14:56:27.0265 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/10/22 14:56:27.0920 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/10/22 14:56:28.0092 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/10/22 14:56:28.0170 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2010/10/22 14:56:28.0294 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/10/22 14:56:28.0388 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/10/22 14:56:28.0466 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/22 14:56:28.0544 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/10/22 14:56:28.0606 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/10/22 14:56:28.0809 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/22 14:56:28.0887 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/10/22 14:56:28.0950 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/10/22 14:56:28.0996 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/22 14:56:29.0184 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2010/10/22 14:56:29.0262 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/10/22 14:56:29.0355 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/10/22 14:56:29.0620 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/10/22 14:56:29.0698 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/22 14:56:29.0745 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/10/22 14:56:29.0792 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/10/22 14:56:29.0886 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2010/10/22 14:56:30.0026 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/22 14:56:30.0120 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/10/22 14:56:30.0213 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2010/10/22 14:56:30.0276 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2010/10/22 14:56:30.0369 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/22 14:56:30.0556 ialm (6fcb904910da07c9dc2593d66438fa29) C:\Windows\system32\DRIVERS\igxpmp32.sys

2010/10/22 14:56:30.0681 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/10/22 14:56:30.0775 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/10/22 14:56:30.0900 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2010/10/22 14:56:31.0040 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/22 14:56:31.0149 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/22 14:56:31.0274 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/10/22 14:56:31.0321 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/10/22 14:56:31.0446 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/10/22 14:56:31.0477 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2010/10/22 14:56:31.0602 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/22 14:56:31.0711 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/22 14:56:31.0789 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/22 14:56:31.0851 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/22 14:56:31.0945 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2010/10/22 14:56:32.0085 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/22 14:56:32.0179 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/10/22 14:56:32.0257 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/10/22 14:56:32.0350 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/10/22 14:56:32.0413 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/10/22 14:56:32.0506 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/10/22 14:56:32.0678 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/10/22 14:56:32.0756 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/10/22 14:56:32.0818 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/10/22 14:56:32.0896 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/22 14:56:33.0006 motccgp (a10fa04b73a9d97e5cf77eb1d5a88165) C:\Windows\system32\DRIVERS\motccgp.sys

2010/10/22 14:56:33.0037 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\Windows\system32\DRIVERS\motccgpfl.sys

2010/10/22 14:56:33.0177 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys

2010/10/22 14:56:33.0255 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motport.sys

2010/10/22 14:56:33.0318 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/22 14:56:33.0380 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/22 14:56:33.0442 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2010/10/22 14:56:33.0520 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2010/10/22 14:56:33.0614 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/22 14:56:33.0708 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2010/10/22 14:56:33.0817 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/22 14:56:33.0895 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/22 14:56:33.0973 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/22 14:56:34.0020 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2010/10/22 14:56:34.0066 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2010/10/22 14:56:34.0144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/10/22 14:56:34.0207 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/10/22 14:56:34.0285 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/10/22 14:56:34.0378 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/22 14:56:34.0441 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/22 14:56:34.0550 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/10/22 14:56:34.0628 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/10/22 14:56:34.0675 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/22 14:56:34.0722 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/10/22 14:56:34.0815 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/10/22 14:56:34.0862 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/10/22 14:56:35.0018 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/22 14:56:35.0158 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2010/10/22 14:56:35.0268 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/10/22 14:56:35.0346 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/22 14:56:35.0408 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/22 14:56:35.0486 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/22 14:56:35.0564 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2010/10/22 14:56:35.0720 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/22 14:56:35.0798 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/22 14:56:36.0016 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys

2010/10/22 14:56:36.0110 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/10/22 14:56:36.0188 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/10/22 14:56:36.0282 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/22 14:56:36.0406 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2010/10/22 14:56:36.0531 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/10/22 14:56:36.0578 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/10/22 14:56:36.0640 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2010/10/22 14:56:36.0687 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/10/22 14:56:36.0765 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/22 14:56:36.0937 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/10/22 14:56:36.0984 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/10/22 14:56:37.0030 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/10/22 14:56:37.0140 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2010/10/22 14:56:37.0186 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2010/10/22 14:56:37.0249 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/10/22 14:56:37.0358 PCTCore (8f93fb300deac55c553c2255f1d0342d) C:\Windows\system32\drivers\PCTCore.sys

2010/10/22 14:56:37.0483 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys

2010/10/22 14:56:37.0576 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys

2010/10/22 14:56:37.0639 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/10/22 14:56:37.0701 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/10/22 14:56:37.0998 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/22 14:56:38.0060 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/10/22 14:56:38.0185 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/22 14:56:38.0263 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/10/22 14:56:38.0356 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/10/22 14:56:38.0403 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/22 14:56:38.0497 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/22 14:56:38.0622 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/10/22 14:56:38.0746 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/22 14:56:38.0856 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/22 14:56:38.0934 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/22 14:56:39.0027 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/22 14:56:39.0121 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/10/22 14:56:39.0152 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/22 14:56:39.0246 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2010/10/22 14:56:39.0370 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/22 14:56:39.0433 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/10/22 14:56:39.0495 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2010/10/22 14:56:39.0620 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2010/10/22 14:56:39.0760 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys

2010/10/22 14:56:39.0885 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/22 14:56:40.0057 RTL8187B (b6b3c4259d514f10b458ca6c2e50bc2e) C:\Windows\system32\DRIVERS\wg111v3.sys

2010/10/22 14:56:40.0135 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/10/22 14:56:40.0197 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/10/22 14:56:40.0509 SCDEmu (11d4171bd7f6776a85553ca1f83f7303) C:\Windows\system32\drivers\SCDEmu.sys

2010/10/22 14:56:40.0556 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2010/10/22 14:56:40.0681 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/10/22 14:56:40.0837 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/10/22 14:56:40.0868 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/10/22 14:56:40.0930 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/10/22 14:56:41.0040 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/10/22 14:56:41.0102 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/10/22 14:56:41.0149 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/10/22 14:56:41.0196 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/10/22 14:56:41.0383 sftfs (fcd8208f6a4717726b8ee6943fe70a02) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys

2010/10/22 14:56:41.0445 sftplay (55aada41c4dfe59eeabee1bff1563ec5) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys

2010/10/22 14:56:41.0570 Sftredir (5b31ea26bfad7053224534d31501d4fc) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2010/10/22 14:56:41.0617 sftvol (a933b21cd2e0a340a7056f7dbc1c096a) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys

2010/10/22 14:56:41.0742 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2010/10/22 14:56:41.0835 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/10/22 14:56:41.0866 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/10/22 14:56:41.0929 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/10/22 14:56:42.0054 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys

2010/10/22 14:56:42.0132 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/10/22 14:56:42.0288 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2010/10/22 14:56:42.0381 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/22 14:56:42.0490 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/22 14:56:42.0568 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/10/22 14:56:42.0693 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/10/22 14:56:42.0756 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2010/10/22 14:56:42.0849 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/22 14:56:43.0021 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2010/10/22 14:56:43.0130 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/22 14:56:43.0208 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/22 14:56:43.0286 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2010/10/22 14:56:43.0349 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2010/10/22 14:56:43.0411 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/22 14:56:43.0473 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/22 14:56:43.0598 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/22 14:56:43.0692 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/22 14:56:43.0817 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/10/22 14:56:43.0941 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/22 14:56:44.0082 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/10/22 14:56:44.0207 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/22 14:56:44.0300 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/10/22 14:56:44.0441 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2010/10/22 14:56:44.0503 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/22 14:56:44.0550 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2010/10/22 14:56:44.0612 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/22 14:56:44.0737 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/22 14:56:44.0799 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2010/10/22 14:56:44.0893 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/10/22 14:56:44.0987 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2010/10/22 14:56:45.0033 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/22 14:56:45.0096 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/22 14:56:45.0158 Suspicious service (NoAccess): vbmaf29c

2010/10/22 14:56:45.0361 vbmaf29c (2238b0a45fdcff73dfa5d47c4e59a692) C:\Windows\system32\drivers\vbmaf29c.sys

2010/10/22 14:56:45.0377 vbmaf29c - detected Locked service (1)

2010/10/22 14:56:45.0486 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/10/22 14:56:45.0579 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/22 14:56:45.0611 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/10/22 14:56:45.0673 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/10/22 14:56:45.0751 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2010/10/22 14:56:45.0845 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/10/22 14:56:45.0938 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2010/10/22 14:56:46.0125 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2010/10/22 14:56:46.0172 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/10/22 14:56:46.0235 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/10/22 14:56:46.0297 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/10/22 14:56:46.0359 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2010/10/22 14:56:46.0453 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/10/22 14:56:46.0515 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/10/22 14:56:46.0593 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/10/22 14:56:46.0656 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/10/22 14:56:46.0812 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/22 14:56:46.0859 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/22 14:56:46.0999 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/10/22 14:56:47.0061 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/22 14:56:47.0249 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/10/22 14:56:47.0295 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/10/22 14:56:47.0498 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/10/22 14:56:47.0592 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/22 14:56:47.0717 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/22 14:56:47.0841 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2010/10/22 14:56:47.0935 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/22 14:56:48.0325 ================================================================================

2010/10/22 14:56:48.0325 Scan finished

2010/10/22 14:56:48.0325 ================================================================================

2010/10/22 14:56:48.0372 Detected object count: 2

2010/10/22 14:58:08.0993 HKLM\SYSTEM\ControlSet001\services\cdrom - will be deleted after reboot

2010/10/22 14:58:09.0039 HKLM\SYSTEM\ControlSet002\services\cdrom - will be deleted after reboot

2010/10/22 14:58:09.0055 C:\Windows\system32\DRIVERS\cdrom.sys - will be deleted after reboot

2010/10/22 14:58:09.0055 Forged file(cdrom) - User select action: Delete

2010/10/22 14:58:09.0258 vbmaf29c (2238b0a45fdcff73dfa5d47c4e59a692) C:\Windows\system32\drivers\vbmaf29c.sys

2010/10/22 14:58:09.0258 C:\Windows\system32\drivers\vbmaf29c.sys - quarantined

2010/10/22 14:58:09.0258 Locked service(vbmaf29c) - User select action: Quarantine

2010/10/22 14:58:16.0465 Deinitialize success

[MrCharlie]

Run it again and quarantine or delete everything, MrC

[wordism]

I'm having no luck and I still can't run TDSS in regular mode.. Only in Safe mode.

When I run it in normal operation mode it doesnt recognize anything. Maybe its because I'm on windows 7?

[MrCharlie]

TDSSKiller will run on all systems.

Are you running W7 32 or 64 bit?

MrC

[wordism]

TDSSKiller will run on all systems.

Are you running W7 32 or 64 bit?

MrC

32 Bit

[MrCharlie]

See if you can run ComboFix as outlined in my first post, MrC

[wordism]

See if you can run ComboFix as outlined in my first post, MrC

I can run Combo Fix now but it has yet to complete any stages. I am in Normal Operation Mode at the time.

[wordism]

It has been running for about 20 mins

[MrCharlie]

If it takes longer thean 30 minutes, I would stop and reboot.

We'll try something else, MrC

[wordism]

Combo Fix never did finish a Stage after about 20 more minutes so I closed it, but I noticed my lovely windows background was back.

My background had been stripped and turned black every since Anti Virus 2010 arrived. So I took this as a sign rebooted and went ahead to run MalwareBytes. I reinstalled it and went to quick scan, and it is currently scanning We'll see how this goes.

[MrCharlie]

Great !! MrC

[wordism]

MalwareBytes isn't finding any infections on Quickscan. I haven't had the time to full scan yet as it has been a busy weekend, but the PC is freezing often so I believe its something still wrong. Once it even froze in MalwareBytes while scanning.

[MrCharlie]

The link below explains how to delete a service in W7:

http://www.howtogeek.com/howto/windows-vis...in-vista-or-xp/

vbmaf29c <---this is the service we want to delete

C:\Windows\system32\drivers\vbmaf29c.sys <---this is the file we want to delete

copy and paste these in, one at a time and hit enter

sc stop vbmaf29c and press enter

sc delete vbmaf29c and press enter

---------------------------------------------

If that doesn't work, try.....

Autoruns for Windows

http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

The link below explains how to use it to delete a service:

http://www.winhelponline.com/blog/how-to-r...wanted-service/

It will actually be listed under Drivers.

Let me know, MrC

[wordism]

Thanks for the reply MrC.. I did as you said and I couldn't find that service. I also did the command prompt line and it wasn't there.

I did a full scan of MalwareBytes in Safe mode and 21 infections were found so I removed those.

[MrCharlie]

Can you post the log from MBAM, MrC

[wordism]

Heres the log from the Quick Scan

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4920

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

10/22/2010 7:59:28 PM

mbam-log-2010-10-22 (19-59-28).txt

Scan type: Quick scan

Objects scanned: 149397

Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 12

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Tre\AppData\Local\Temp\276A.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Tre\AppData\Local\Temp\F238.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Tre\AppData\Local\Temp\google.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Windows\Temp\hgxpob.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\Temp\qrbbga.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Windows\Temp\rfoj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Windows\Temp\yhxydk.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\Temp\spoolsv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Tre\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

[wordism]

And heres the log from the full scan

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4920

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

10/25/2010 12:17:48 PM

mbam-log-2010-10-25 (12-17-48).txt

Scan type: Full scan (C:\|F:\|)

Objects scanned: 734989

Time elapsed: 1 hour(s), 52 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 22

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Downloads\13-Mindjet\Portable Mindjet MindManager v8.2.319.0.exe (Trojan.Agent) -> Not selected for removal.

C:\TDSSKiller_Quarantine\22.10.2010_14.44.11\susp0000\svc0000\tsk0000.dta (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\TDSSKiller_Quarantine\22.10.2010_14.47.04\susp0000\svc0000\tsk0000.dta (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\TDSSKiller_Quarantine\22.10.2010_14.56.17\susp0000\svc0000\tsk0000.dta (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Users\Tre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3M67EG1D\zpwrlte[1].htm (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\Users\Tre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZEJT2P2\ripkeze[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Tre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZEJT2P2\ripkeze[2].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Tre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JMT8KR46\eidksa[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Tre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JMT8KR46\sjauca[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Users\Tre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5C2HSU9\gkemxszusa[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Users\Tre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5C2HSU9\sjauca[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Natnsri.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.

[MrCharlie]

Download a fresh copy of ComboFix to your desktop and see if you can run it, MrC

[wordism]

ok also I found out that MBAM always freezes in Normal Operating Mode when it is scanning this file:

C:\Windows\system32\Config\SYSTEM.log