Helpless against the viruses!

[Rills]

Hello on and off ive been doing everything i can to try to clean my computer from the virus i keep getting *blames unsafe surfing* they have begun to pile up and i cant use scans anymore scan starts and closes after 10 seconds, i cant start up a few pc games, my Firefox crash's fairly often with most sites, cant open email and lost the ability to get on most messengers. if anyone could help me i would be eternally greatful i have my DDS log and attachment if needed.

[LDTate]

Please don't attach the scans / logs, use "copy/paste".

Post the DDS scans

[Rills]

DDS (Ver_10-12-12.02) - NTFSx86

Run by Jace Stark 2 at 12:20:17.96 on Fri 12/31/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1414 [GMT -8:00]

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

svchost.exe 4

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe 4

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\WINDOWS\Explorer.EXE

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

"C:\WINDOWS\System32\svchost.exe"

"C:\WINDOWS\System32\svchost.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis

uInternet Settings,ProxyServer = http=127.0.0.1:8074

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

dRun: [Google Update] "c:\documents and settings\localservice\local settings\application data\google\update\GoogleUpdate.exe" /c

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe

StartupFolder: c:\docume~1\jacest~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

uPolicies-explorer: NoFolderOptions = 1 (0x1)

dPolicies-explorer: NoFolderOptions = 1 (0x1)

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jacest~1\applic~1\mozilla\firefox\profiles\zsz22gli.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - component: c:\documents and settings\jace stark 2\application data\mozilla\firefox\profiles\zsz22gli.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\jace stark 2\application data\mozilla\firefox\profiles\zsz22gli.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\documents and settings\jace stark 2\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}

FF - Ext: Bloody Red: {2458abc0-f443-11dd-87af-0800200c9a66} - %profile%\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}

FF - Ext: Green Fox: {d122ad80-ff45-11dd-87af-0800200c9a66} - %profile%\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}

FF - Ext: MushroomKingdom: {BF32D2C8-9C75-404b-ACF4-880DB4679236} - %profile%\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}

FF - Ext: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - %profile%\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 ahci8086;ahci8086;c:\windows\system32\drivers\ahci8086.sys [2008-8-17 119808]

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-8-17 6016]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

S3 5DE6C4AB;5DE6C4AB; [x]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-17 24652]

=============== Created Last 30 ================

2010-12-31 07:26:55 -------- d-----w- c:\program files\Pidgin

2010-12-30 20:09:42 -------- d-----w- c:\program files\Pando Networks

2010-12-30 16:58:06 -------- d-----w- c:\docume~1\jacest~1\applic~1\QuickScan

2010-12-30 16:52:43 -------- d-----w- c:\program files\Panda Security

2010-12-28 19:00:48 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-12-28 19:00:48 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-28 09:32:45 321024 ----a-w- c:\documents and settings\jace stark 2\file.exe

==================== Find3M ====================

2010-10-14 05:27:04 35332 ----a-w- c:\windows\system32\rundll32.exe.tmp

2010-10-12 22:35:57 2256 ----a-w- c:\docume~1\jacest~1\applic~1\hyghghjhjghjhj.bat

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A7FEC5]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88ec1872; SUB DWORD [EBP-0x4], 0x88ec112e; PUSH EDI; CALL 0xffffffffffffdf33; }

1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x8A659768]

3 CLASSPNP[0xBA10905B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> [0x89BEB030]

[0x89BDDF38] -> IRP_MJ_CREATE -> 0x89A7FEC5

kernel: MBR read successfully

_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; }

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 12:20:58.42 ===============

[LDTate]

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

• Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  
• Then save the file as "fixme.bat" to your Desktop
  
• In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
  

  @ECHO OFF
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable  /t REG_DWORD /d 0 /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
  netsh int ip reset resetlog.txt
  netsh winsock reset catalog

  
  

• On Windows XP you can double-click the file to run it.
  
• On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  
• This will flash a black DOS box very quickly and go away, this is normal.
  
• Restart your computer now.
  
• Launch Internet Explorer and see if you can connect to the Internet.
  
• Launch MBAM and check for Updates
  

[Rills]

Mbam sucsessfully updated and explorer works again run mbam now?

[Rills]

Mbam sucsessfully updated and explorer works again run mbam now?

Ran scan on mbam and it closed it again and blocked permission to access. i used cacls to unlock the path. it opens now but still cannot run scan

[LDTate]

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

[Rills]

at the moment its many small things searchs redirect me to other sites, it takes awhile to turn on and shut down, when i choose a profile at start screen it will freeze, scans *Malwarebytes/ Superantispyware/ Adaware/ AVG/ Avast* start scanning then will be shut after a few seconds it will then close the program and deny access to it, firefox also frequently crashs on some sites or when streaming videos. sorry its such a mess

Here is the TDSSKiller log:

2011/01/01 20:32:38.0343 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/01 20:32:38.0343 ================================================================================

2011/01/01 20:32:38.0343 SystemInfo:

2011/01/01 20:32:38.0343

2011/01/01 20:32:38.0343 OS Version: 5.1.2600 ServicePack: 2.0

2011/01/01 20:32:38.0343 Product type: Workstation

2011/01/01 20:32:38.0343 ComputerName: JKSTARK2

2011/01/01 20:32:38.0343 UserName: Jace Stark 2

2011/01/01 20:32:38.0343 Windows directory: C:\WINDOWS

2011/01/01 20:32:38.0343 System windows directory: C:\WINDOWS

2011/01/01 20:32:38.0343 Processor architecture: Intel x86

2011/01/01 20:32:38.0343 Number of processors: 2

2011/01/01 20:32:38.0343 Page size: 0x1000

2011/01/01 20:32:38.0343 Boot type: Normal boot

2011/01/01 20:32:38.0343 ================================================================================

2011/01/01 20:32:38.0531 Initialize success

2011/01/01 20:33:03.0890 ================================================================================

2011/01/01 20:33:03.0890 Scan started

2011/01/01 20:33:03.0890 Mode: Manual;

2011/01/01 20:33:03.0890 ================================================================================

2011/01/01 20:33:04.0687 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/01 20:33:04.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/01 20:33:04.0796 ADIHdAudAddService (3637d692b25a842fb4bb7ea75b39184f) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/01/01 20:33:04.0875 AEAudio (e8694fc1dac061ad989506b470552415) C:\WINDOWS\system32\drivers\AEAudio.sys

2011/01/01 20:33:04.0937 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/01/01 20:33:05.0000 AFD (658be0b78efea1b253d2dd02ccd6e1ce) C:\WINDOWS\System32\drivers\afd.sys

2011/01/01 20:33:05.0000 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 658be0b78efea1b253d2dd02ccd6e1ce, Fake md5: 839f801247d0d1927ed8c26ea6bef77a

2011/01/01 20:33:05.0000 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/01/01 20:33:05.0109 ahci8086 (3162702a838386f7bc6f6b4711044cf2) C:\WINDOWS\system32\DRIVERS\ahci8086.sys

2011/01/01 20:33:05.0281 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/01 20:33:05.0390 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

2011/01/01 20:33:05.0468 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/01 20:33:05.0484 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/01 20:33:05.0656 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/01 20:33:05.0718 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/01 20:33:05.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/01 20:33:05.0796 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/01/01 20:33:05.0796 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/01/01 20:33:05.0859 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/01/01 20:33:05.0921 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/01/01 20:33:06.0000 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/01/01 20:33:06.0031 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/01/01 20:33:06.0078 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/01/01 20:33:06.0093 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/01/01 20:33:06.0140 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/01/01 20:33:06.0171 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/01/01 20:33:06.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/01 20:33:06.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/01 20:33:06.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/01 20:33:06.0359 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/01 20:33:06.0421 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/01 20:33:06.0625 Suspicious service (NoAccess): demxii

2011/01/01 20:33:06.0687 demxii (20aa6e9783731344e08aa3af92a2d1b8) C:\WINDOWS\system32\drivers\demxii.sys

2011/01/01 20:33:06.0687 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\demxii.sys. md5: 20aa6e9783731344e08aa3af92a2d1b8

2011/01/01 20:33:06.0703 demxii - detected Locked service (1)

2011/01/01 20:33:06.0734 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/01 20:33:06.0796 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/01 20:33:06.0843 dmio (01b32f435e3507e72851b7411a779258) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/01 20:33:06.0843 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 01b32f435e3507e72851b7411a779258, Fake md5: 18d650f98ffdfdd1d8a4922de1d3ed9b

2011/01/01 20:33:06.0859 dmio - detected Forged file (1)

2011/01/01 20:33:06.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/01 20:33:06.0937 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/01 20:33:07.0015 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/01 20:33:07.0062 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/01 20:33:07.0093 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/01 20:33:07.0109 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/01 20:33:07.0140 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/01 20:33:07.0171 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/01 20:33:07.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/01 20:33:07.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/01 20:33:07.0265 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/01 20:33:07.0312 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/01 20:33:07.0390 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/01 20:33:07.0531 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/01 20:33:07.0625 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/01 20:33:07.0656 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/01 20:33:07.0734 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/01 20:33:07.0765 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/01 20:33:07.0796 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/01 20:33:07.0828 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/01 20:33:07.0859 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/01 20:33:07.0890 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/01 20:33:07.0921 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/01 20:33:07.0937 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/01 20:33:07.0953 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/01 20:33:08.0000 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/01 20:33:08.0031 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/01 20:33:08.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/01 20:33:08.0171 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/01 20:33:08.0187 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/01 20:33:08.0218 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/01 20:33:08.0234 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/01 20:33:08.0296 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/01 20:33:08.0343 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/01 20:33:08.0421 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/01 20:33:08.0453 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/01 20:33:08.0468 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/01 20:33:08.0484 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/01 20:33:08.0515 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/01 20:33:08.0562 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/01/01 20:33:08.0578 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/01 20:33:08.0609 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/01 20:33:08.0687 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/01 20:33:08.0718 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/01 20:33:08.0734 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/01 20:33:08.0781 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/01 20:33:08.0796 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/01 20:33:08.0812 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/01 20:33:08.0859 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/01 20:33:08.0890 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/01 20:33:08.0937 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/01 20:33:09.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/01 20:33:09.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/01 20:33:09.0062 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/01 20:33:09.0093 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/01 20:33:09.0140 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

2011/01/01 20:33:09.0171 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/01 20:33:09.0218 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/01 20:33:09.0234 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/01 20:33:09.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/01 20:33:09.0328 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/01 20:33:09.0625 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/01 20:33:09.0671 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/01/01 20:33:09.0687 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/01 20:33:09.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/01 20:33:09.0781 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/01 20:33:09.0968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/01 20:33:09.0984 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/01 20:33:10.0015 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/01 20:33:10.0046 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/01 20:33:10.0062 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/01 20:33:10.0093 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/01 20:33:10.0125 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/01 20:33:10.0187 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/01 20:33:10.0234 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/01 20:33:10.0296 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/01 20:33:10.0375 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys

2011/01/01 20:33:10.0437 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/01 20:33:10.0453 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/01 20:33:10.0468 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/01 20:33:10.0593 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/01 20:33:10.0640 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/01 20:33:10.0718 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/01 20:33:10.0796 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/01 20:33:10.0812 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/01 20:33:10.0937 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/01 20:33:10.0984 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/01 20:33:11.0046 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/01 20:33:11.0062 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/01 20:33:11.0109 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/01 20:33:11.0203 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/01 20:33:11.0312 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/01 20:33:11.0375 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/01 20:33:11.0390 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/01 20:33:11.0406 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/01 20:33:11.0437 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/01/01 20:33:11.0484 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/01 20:33:11.0531 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/01 20:33:11.0546 Suspicious service (NoAccess): vbmab64d

2011/01/01 20:33:11.0578 vbmab64d (2238b0a45fdcff73dfa5d47c4e59a692) C:\WINDOWS\system32\drivers\vbmab64d.sys

2011/01/01 20:33:11.0593 vbmab64d - detected Locked service (1)

2011/01/01 20:33:11.0640 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/01/01 20:33:11.0718 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS

2011/01/01 20:33:11.0750 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys

2011/01/01 20:33:11.0765 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/01 20:33:11.0843 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/01 20:33:11.0906 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/01 20:33:12.0031 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

2011/01/01 20:33:12.0078 \HardDisk0 - detected Trojan-Clicker.Win32.Wistler.a (0)

2011/01/01 20:33:12.0078 ================================================================================

2011/01/01 20:33:12.0078 Scan finished

2011/01/01 20:33:12.0078 ================================================================================

2011/01/01 20:33:12.0125 Detected object count: 5

2011/01/01 20:33:58.0609 AFD (658be0b78efea1b253d2dd02ccd6e1ce) C:\WINDOWS\System32\drivers\afd.sys

2011/01/01 20:33:58.0609 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 658be0b78efea1b253d2dd02ccd6e1ce, Fake md5: 839f801247d0d1927ed8c26ea6bef77a

2011/01/01 20:34:00.0187 Backup copy found, using it..

2011/01/01 20:34:00.0203 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot

2011/01/01 20:34:00.0203 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure

2011/01/01 20:34:00.0203 Locked service(demxii) - User select action: Skip

2011/01/01 20:34:00.0203 Forged file(dmio) - User select action: Skip

2011/01/01 20:34:00.0203 Locked service(vbmab64d) - User select action: Skip

2011/01/01 20:34:00.0265 \HardDisk0 - will be cured after reboot

2011/01/01 20:34:00.0265 Trojan-Clicker.Win32.Wistler.a(\HardDisk0) - User select action: Cure

2011/01/01 20:34:13.0312 Deinitialize success

[Rills]

when i choose a profile at start screen it will SOMETIMES freeze i just turn it off and try again

[LDTate]

Run TDSSKiller again. We need to be sure the RootKit is gone.

[Rills]

yea i ran it again it is finding 3 threats but they are under suspisious and the default is skip so i did not cure them. here is the log after i ran it again

2011/01/02 10:27:38.0484 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/02 10:27:38.0484 ================================================================================

2011/01/02 10:27:38.0484 SystemInfo:

2011/01/02 10:27:38.0484

2011/01/02 10:27:38.0484 OS Version: 5.1.2600 ServicePack: 2.0

2011/01/02 10:27:38.0484 Product type: Workstation

2011/01/02 10:27:38.0484 ComputerName: JKSTARK2

2011/01/02 10:27:38.0500 UserName: Jace Stark 2

2011/01/02 10:27:38.0500 Windows directory: C:\WINDOWS

2011/01/02 10:27:38.0500 System windows directory: C:\WINDOWS

2011/01/02 10:27:38.0500 Processor architecture: Intel x86

2011/01/02 10:27:38.0500 Number of processors: 2

2011/01/02 10:27:38.0500 Page size: 0x1000

2011/01/02 10:27:38.0500 Boot type: Normal boot

2011/01/02 10:27:38.0500 ================================================================================

2011/01/02 10:27:38.0609 Initialize success

2011/01/02 10:27:41.0984 ================================================================================

2011/01/02 10:27:41.0984 Scan started

2011/01/02 10:27:41.0984 Mode: Manual;

2011/01/02 10:27:41.0984 ================================================================================

2011/01/02 10:27:43.0062 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/02 10:27:43.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/02 10:27:43.0171 ADIHdAudAddService (3637d692b25a842fb4bb7ea75b39184f) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/01/02 10:27:43.0265 AEAudio (e8694fc1dac061ad989506b470552415) C:\WINDOWS\system32\drivers\AEAudio.sys

2011/01/02 10:27:43.0328 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/01/02 10:27:43.0390 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/01/02 10:27:43.0468 ahci8086 (3162702a838386f7bc6f6b4711044cf2) C:\WINDOWS\system32\DRIVERS\ahci8086.sys

2011/01/02 10:27:43.0656 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/02 10:27:43.0781 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

2011/01/02 10:27:43.0828 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/02 10:27:43.0859 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/02 10:27:44.0062 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/01/02 10:27:44.0125 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/02 10:27:44.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/02 10:27:44.0218 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/01/02 10:27:44.0218 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/01/02 10:27:44.0296 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/01/02 10:27:44.0421 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/01/02 10:27:44.0734 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/01/02 10:27:44.0953 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/01/02 10:27:45.0031 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/01/02 10:27:45.0062 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/01/02 10:27:45.0109 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/01/02 10:27:45.0171 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/01/02 10:27:45.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/02 10:27:45.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/02 10:27:45.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/02 10:27:45.0406 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/02 10:27:45.0468 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/02 10:27:45.0640 Suspicious service (NoAccess): demxii

2011/01/02 10:27:45.0718 demxii (20aa6e9783731344e08aa3af92a2d1b8) C:\WINDOWS\system32\drivers\demxii.sys

2011/01/02 10:27:45.0718 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\demxii.sys. md5: 20aa6e9783731344e08aa3af92a2d1b8

2011/01/02 10:27:45.0718 demxii - detected Locked service (1)

2011/01/02 10:27:45.0765 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/02 10:27:45.0812 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/02 10:27:45.0859 dmio (01b32f435e3507e72851b7411a779258) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/02 10:27:45.0859 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 01b32f435e3507e72851b7411a779258, Fake md5: 18d650f98ffdfdd1d8a4922de1d3ed9b

2011/01/02 10:27:45.0859 dmio - detected Forged file (1)

2011/01/02 10:27:45.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/02 10:27:45.0953 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/02 10:27:46.0031 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/02 10:27:46.0062 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/02 10:27:46.0109 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/02 10:27:46.0125 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/02 10:27:46.0171 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/02 10:27:46.0218 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/02 10:27:46.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/02 10:27:46.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/02 10:27:46.0343 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/02 10:27:46.0390 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/02 10:27:46.0437 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/02 10:27:46.0531 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/02 10:27:46.0640 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/02 10:27:46.0671 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/02 10:27:46.0765 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/02 10:27:46.0812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/02 10:27:46.0859 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/02 10:27:46.0890 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/02 10:27:46.0921 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/02 10:27:46.0953 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/02 10:27:47.0000 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/02 10:27:47.0031 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/02 10:27:47.0078 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/02 10:27:47.0140 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/02 10:27:47.0171 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/02 10:27:47.0296 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/01/02 10:27:47.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/02 10:27:47.0421 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/02 10:27:47.0468 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/02 10:27:47.0515 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/02 10:27:47.0531 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/02 10:27:47.0593 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/02 10:27:47.0640 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/02 10:27:47.0671 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/02 10:27:47.0703 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/02 10:27:47.0750 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/02 10:27:47.0765 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/02 10:27:47.0812 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/02 10:27:47.0859 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/01/02 10:27:47.0906 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/02 10:27:47.0984 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/02 10:27:48.0046 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/02 10:27:48.0109 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/02 10:27:48.0156 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/02 10:27:48.0187 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/02 10:27:48.0218 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/02 10:27:48.0281 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/02 10:27:48.0375 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/02 10:27:48.0406 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/02 10:27:48.0468 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/02 10:27:48.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/02 10:27:48.0562 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/02 10:27:48.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/02 10:27:48.0640 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/02 10:27:48.0687 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

2011/01/02 10:27:48.0703 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/02 10:27:48.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/02 10:27:48.0796 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/02 10:27:48.0843 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/02 10:27:48.0890 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/02 10:27:49.0109 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/02 10:27:49.0171 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/01/02 10:27:49.0203 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/02 10:27:49.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/02 10:27:49.0296 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/02 10:27:49.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/02 10:27:49.0687 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/02 10:27:49.0718 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/02 10:27:49.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/02 10:27:49.0843 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/02 10:27:49.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/02 10:27:49.0937 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/02 10:27:50.0000 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/02 10:27:50.0031 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/02 10:27:50.0125 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/02 10:27:50.0203 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys

2011/01/02 10:27:50.0234 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/02 10:27:50.0265 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/02 10:27:50.0296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/02 10:27:50.0453 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/02 10:27:50.0500 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/02 10:27:50.0609 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/02 10:27:51.0250 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/02 10:27:51.0281 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/02 10:27:51.0437 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/02 10:27:51.0500 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/02 10:27:51.0562 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/02 10:27:51.0609 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/02 10:27:51.0671 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/02 10:27:51.0765 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/02 10:27:51.0859 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/02 10:27:51.0921 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/02 10:27:51.0953 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/02 10:27:51.0984 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/02 10:27:52.0031 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/01/02 10:27:52.0078 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/02 10:27:52.0140 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/02 10:27:52.0156 Suspicious service (NoAccess): vbmab64d

2011/01/02 10:27:52.0187 vbmab64d (2238b0a45fdcff73dfa5d47c4e59a692) C:\WINDOWS\system32\drivers\vbmab64d.sys

2011/01/02 10:27:52.0203 vbmab64d - detected Locked service (1)

2011/01/02 10:27:52.0250 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/01/02 10:27:52.0343 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS

2011/01/02 10:27:52.0390 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys

2011/01/02 10:27:52.0421 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/02 10:27:52.0484 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/02 10:27:52.0562 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/02 10:27:52.0671 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

2011/01/02 10:27:52.0796 ================================================================================

2011/01/02 10:27:52.0796 Scan finished

2011/01/02 10:27:52.0796 ================================================================================

2011/01/02 10:27:52.0812 Detected object count: 3

2011/01/02 10:27:58.0203 Locked service(demxii) - User select action: Skip

2011/01/02 10:27:58.0203 Forged file(dmio) - User select action: Skip

2011/01/02 10:27:58.0203 Locked service(vbmab64d) - User select action: Skip

[LDTate]

2011/01/02 10:27:58.0203 Locked service(demxii) - User select action: Skip

2011/01/02 10:27:58.0203 Forged file(dmio) - User select action: Skip

2011/01/02 10:27:58.0203 Locked service(vbmab64d) - User select action: Skip

Run again and delete those 3

[Rills]

IT worked malwarebytes is able to scan now

[LDTate]

Did MBAM find anything?

[Rills]

yes it found 5 infected objects. here is the log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5437

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

1/2/2011 6:19:57 PM

mbam-log-2011-01-02 (18-19-57).txt

Scan type: Full scan (C:\|)

Objects scanned: 244263

Time elapsed: 34 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\jace stark 2\file.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\jace stark 2\application data\hyghghjhjghjhj.bat (Malware.Trace) -> Quarantined and deleted successfully.

[LDTate]

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[Rills]

i downloaded combofix and began to run it after turning off AVG resident shield but it told me that AVG antivirus would stop its process and to uninstall it. i then attempted to but the uninstall process for AVG gave me a error saying

"Error code 0xc0070643

the Windows installer service could not be accessed. this can occur if you are running Windows in safe mode, or if the windows installer is not correctly installed. contact your support personnel for assistance."

[LDTate]

Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix.

AVG > AVG Removal Tool (x86) - AVG Removal Tool (x64)

AVG Identity Protection > AVGIDPUninstaller

[Rills]

i ran the programs in sequence but it wont go the avgremoverc64 wont run it says it is not a valid win32 application

[LDTate]

You're not running 64 bit.

Will combof ix run now?

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!