"windows cannot access the specified device, path of file

[ihateviruses2009]

ok here goes.

I've TRIED to do all that stuff from the "I'm infected - What do I do now?" bit.

I might as well add this if it helps? I kinda think you need to know.

failed on Malwarebytes' Anti-Malware, obviously.

DeFogger - Disable was a sucess.

DDS worked

GMER Rootkit Scanner, did the special unchecking, went to hit scan, disapeared. tried to open it again and got the 'windows cannot access the specified... blah blah

OK I hope i've done this right hehee

[ihateviruses2009]

i couldn'v sworn i attatched the file. ah nevermind.

Attatch.zip

[ihateviruses2009]

anyone? thanks

[ihateviruses2009]

I'm defeiently getting shunned here.

[D-FRED-BROWN]

Hello ihateviruses2009 and welcome to Malwarebytes!

I apologize for the delay, however it is important that you do NOT bump your topic, as it causes confusion and makes it appear as if you are already receiving help.

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download maxhandle.exe by noahdfear to your desktop

• Double click and run the application
  
• An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  
• Log is saved to c:\maxhandle.txt
  
• If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
  

Please post the results for my review

-------------

XP

You must first verify that you can logon to the Windows Recovery Console.

To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console

Now, go back to Normal Mode.

Next, please download maxlook, saving the file to your Desktop.

Double click maxlook.exe to run it. Note - you must run it only once!

As instructed when the tool runs, restart the computer and logon to the Recovery Console.

Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat

You will see 1 file copied many times then return to the x:\windows> prompt.

Type Exit to restart your computer then logon in normal mode.

Please run maxlook.exe again now. Note - you must run it only once!

It will produce looklog.txt on the desktop and open it.

Please post the results here.

-------------

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt

how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
In your next reply, please include:

• Maxhandle log (if one is created)
  
• Maxlook looklog.txt
  
• TDSSKiller log
  
• C:\ComboFix.txt

How is your computer running now?

[ihateviruses2009]

couldn't find a maxhandle log but other one I got

Run from C:\Documents and Settings\mike\My Documents\Downloads\maxhandle.exe on 22/07/2011 at 17:41:30.70

Command line: "\\.\globalroot\Device\svchost.exe\svchost.exe"

TDSSKiller:

2011/07/23 00:16:12.0640 3476 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/23 00:16:14.0656 3476 ================================================================================

2011/07/23 00:16:14.0656 3476 SystemInfo:

2011/07/23 00:16:14.0656 3476

2011/07/23 00:16:14.0656 3476 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/23 00:16:14.0656 3476 Product type: Workstation

2011/07/23 00:16:14.0656 3476 ComputerName: MIKE-6692D281E8

2011/07/23 00:16:14.0656 3476 UserName: mike

2011/07/23 00:16:14.0656 3476 Windows directory: C:\WINDOWS

2011/07/23 00:16:14.0656 3476 System windows directory: C:\WINDOWS

2011/07/23 00:16:14.0656 3476 Processor architecture: Intel x86

2011/07/23 00:16:14.0656 3476 Number of processors: 4

2011/07/23 00:16:14.0656 3476 Page size: 0x1000

2011/07/23 00:16:14.0656 3476 Boot type: Normal boot

2011/07/23 00:16:14.0656 3476 ================================================================================

2011/07/23 00:16:15.0484 3476 Initialize success

2011/07/23 00:16:25.0734 2592 ================================================================================

2011/07/23 00:16:25.0734 2592 Scan started

2011/07/23 00:16:25.0734 2592 Mode: Manual;

2011/07/23 00:16:25.0734 2592 ================================================================================

2011/07/23 00:16:26.0093 2592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/23 00:16:26.0140 2592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/23 00:16:26.0187 2592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/23 00:16:26.0203 2592 AegisP (4b66e250c94c92522c33a759d5d273cb) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/23 00:16:26.0234 2592 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/23 00:16:26.0343 2592 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/07/23 00:16:26.0421 2592 AppleCharger (f0a48ce44d3f368990ca8954340bd9a0) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys

2011/07/23 00:16:26.0515 2592 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys

2011/07/23 00:16:26.0515 2592 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys

2011/07/23 00:16:26.0546 2592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/23 00:16:26.0578 2592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/23 00:16:26.0625 2592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/23 00:16:26.0656 2592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/23 00:16:26.0687 2592 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/07/23 00:16:26.0718 2592 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/07/23 00:16:26.0734 2592 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/07/23 00:16:26.0750 2592 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/07/23 00:16:26.0781 2592 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/07/23 00:16:26.0796 2592 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/07/23 00:16:26.0812 2592 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/07/23 00:16:26.0828 2592 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/07/23 00:16:26.0843 2592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/23 00:16:26.0875 2592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/23 00:16:26.0921 2592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/23 00:16:26.0937 2592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/23 00:16:26.0968 2592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/23 00:16:26.0984 2592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/23 00:16:27.0062 2592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/23 00:16:27.0109 2592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/23 00:16:27.0156 2592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/23 00:16:27.0171 2592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/23 00:16:27.0203 2592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/23 00:16:27.0265 2592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/23 00:16:27.0296 2592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/23 00:16:27.0312 2592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/23 00:16:27.0328 2592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/23 00:16:27.0343 2592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/23 00:16:27.0375 2592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/07/23 00:16:27.0390 2592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/23 00:16:27.0437 2592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/23 00:16:27.0453 2592 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys

2011/07/23 00:16:27.0484 2592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/23 00:16:27.0500 2592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/23 00:16:27.0531 2592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/23 00:16:27.0562 2592 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/23 00:16:27.0593 2592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/23 00:16:27.0671 2592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/23 00:16:27.0687 2592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/23 00:16:27.0875 2592 IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/23 00:16:27.0953 2592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/23 00:16:27.0968 2592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/07/23 00:16:27.0984 2592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/23 00:16:28.0000 2592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/23 00:16:28.0031 2592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/23 00:16:28.0046 2592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/23 00:16:28.0078 2592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/23 00:16:28.0093 2592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/23 00:16:28.0109 2592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/23 00:16:28.0140 2592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/23 00:16:28.0156 2592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/23 00:16:28.0171 2592 L1c (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

2011/07/23 00:16:28.0203 2592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/23 00:16:28.0234 2592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/23 00:16:28.0281 2592 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/07/23 00:16:28.0328 2592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/23 00:16:28.0343 2592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/23 00:16:28.0390 2592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/23 00:16:28.0453 2592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/23 00:16:28.0500 2592 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/23 00:16:28.0531 2592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/23 00:16:28.0593 2592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/23 00:16:28.0625 2592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/23 00:16:28.0640 2592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/23 00:16:28.0671 2592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/23 00:16:28.0703 2592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/23 00:16:28.0718 2592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/23 00:16:28.0781 2592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/23 00:16:28.0812 2592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/23 00:16:28.0828 2592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/23 00:16:28.0843 2592 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/23 00:16:28.0875 2592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/23 00:16:28.0906 2592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/23 00:16:28.0921 2592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/23 00:16:28.0937 2592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/23 00:16:28.0953 2592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/23 00:16:28.0984 2592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/23 00:16:29.0000 2592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/23 00:16:29.0031 2592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/23 00:16:29.0296 2592 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/23 00:16:29.0578 2592 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys

2011/07/23 00:16:29.0609 2592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/23 00:16:29.0625 2592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/23 00:16:29.0671 2592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/23 00:16:29.0671 2592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/23 00:16:29.0703 2592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/23 00:16:29.0734 2592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/23 00:16:29.0765 2592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/23 00:16:29.0796 2592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/23 00:16:29.0890 2592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/23 00:16:29.0906 2592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/23 00:16:29.0921 2592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/23 00:16:29.0937 2592 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/23 00:16:30.0000 2592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/23 00:16:30.0031 2592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/23 00:16:30.0031 2592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/23 00:16:30.0046 2592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/23 00:16:30.0062 2592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/23 00:16:30.0078 2592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/23 00:16:30.0125 2592 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/23 00:16:30.0156 2592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/23 00:16:30.0171 2592 rseb (c4c147291504d96ab81f5f793e0e9a69) C:\WINDOWS\system32\drivers\rseb.sys

2011/07/23 00:16:30.0203 2592 RT2500 (aa976b567c3a04ea29a7f3e93920af59) C:\WINDOWS\system32\DRIVERS\RT2500.sys

2011/07/23 00:16:30.0234 2592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/23 00:16:30.0281 2592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/23 00:16:30.0296 2592 Serial (2b2acd13f2426708789b8dc2043ad103) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/23 00:16:30.0312 2592 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 2b2acd13f2426708789b8dc2043ad103, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7

2011/07/23 00:16:30.0312 2592 Serial - detected ForgedFile.Multi.Generic (1)

2011/07/23 00:16:30.0328 2592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/23 00:16:30.0375 2592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/23 00:16:30.0437 2592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/23 00:16:30.0468 2592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/23 00:16:30.0500 2592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/23 00:16:30.0531 2592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/23 00:16:30.0578 2592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/23 00:16:30.0593 2592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/23 00:16:30.0656 2592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/23 00:16:30.0703 2592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/23 00:16:30.0734 2592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/23 00:16:30.0765 2592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/23 00:16:30.0765 2592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/23 00:16:30.0828 2592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/23 00:16:30.0890 2592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/23 00:16:30.0968 2592 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/23 00:16:31.0000 2592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/23 00:16:31.0015 2592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/23 00:16:31.0046 2592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/23 00:16:31.0078 2592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/23 00:16:31.0093 2592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/23 00:16:31.0125 2592 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys

2011/07/23 00:16:31.0156 2592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/23 00:16:31.0171 2592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/23 00:16:31.0218 2592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/23 00:16:31.0265 2592 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/07/23 00:16:31.0328 2592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/23 00:16:31.0375 2592 WudfPf (1903ffcf876720d9bc3432f0c64559e9) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/23 00:16:31.0390 2592 WudfRd (7fda30836fa3a5e52d16a09c686f9c2b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/23 00:16:31.0437 2592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/23 00:16:31.0515 2592 Boot (0x1200) (d03892a87bcf028fa15406fb5614990c) \Device\Harddisk0\DR0\Partition0

2011/07/23 00:16:31.0531 2592 ================================================================================

2011/07/23 00:16:31.0531 2592 Scan finished

2011/07/23 00:16:31.0531 2592 ================================================================================

2011/07/23 00:16:31.0531 0108 Detected object count: 1

2011/07/23 00:16:31.0531 0108 Actual detected object count: 1

2011/07/23 00:17:05.0906 0108 ForgedFile.Multi.Generic(Serial) - User select action: Skip

2011/07/23 00:17:13.0812 3760 ================================================================================

2011/07/23 00:17:13.0812 3760 Scan started

2011/07/23 00:17:13.0812 3760 Mode: Manual;

2011/07/23 00:17:13.0812 3760 ================================================================================

2011/07/23 00:17:14.0015 3760 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/23 00:17:14.0046 3760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/23 00:17:14.0093 3760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/23 00:17:14.0140 3760 AegisP (4b66e250c94c92522c33a759d5d273cb) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/23 00:17:14.0171 3760 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/23 00:17:14.0281 3760 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/07/23 00:17:14.0312 3760 AppleCharger (f0a48ce44d3f368990ca8954340bd9a0) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys

2011/07/23 00:17:14.0375 3760 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys

2011/07/23 00:17:14.0406 3760 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys

2011/07/23 00:17:14.0421 3760 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/23 00:17:14.0453 3760 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/23 00:17:14.0468 3760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/23 00:17:14.0500 3760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/23 00:17:14.0531 3760 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/07/23 00:17:14.0546 3760 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/07/23 00:17:14.0562 3760 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/07/23 00:17:14.0562 3760 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/07/23 00:17:14.0593 3760 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/07/23 00:17:14.0609 3760 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/07/23 00:17:14.0609 3760 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/07/23 00:17:14.0640 3760 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/07/23 00:17:14.0671 3760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/23 00:17:14.0718 3760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/23 00:17:14.0734 3760 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/23 00:17:14.0765 3760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/23 00:17:14.0796 3760 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/23 00:17:14.0828 3760 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/23 00:17:14.0906 3760 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/23 00:17:14.0937 3760 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/23 00:17:14.0968 3760 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/23 00:17:14.0984 3760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/23 00:17:15.0015 3760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/23 00:17:15.0062 3760 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/23 00:17:15.0093 3760 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/23 00:17:15.0109 3760 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/23 00:17:15.0125 3760 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/23 00:17:15.0140 3760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/23 00:17:15.0156 3760 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/07/23 00:17:15.0171 3760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/23 00:17:15.0187 3760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/23 00:17:15.0218 3760 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys

2011/07/23 00:17:15.0250 3760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/23 00:17:15.0265 3760 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/23 00:17:15.0296 3760 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/23 00:17:15.0328 3760 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/23 00:17:15.0359 3760 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/23 00:17:15.0421 3760 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/23 00:17:15.0453 3760 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/23 00:17:15.0625 3760 IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/23 00:17:15.0687 3760 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/23 00:17:15.0703 3760 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/07/23 00:17:15.0734 3760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/23 00:17:15.0734 3760 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/23 00:17:15.0765 3760 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/23 00:17:15.0781 3760 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/23 00:17:15.0796 3760 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/23 00:17:15.0828 3760 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/23 00:17:15.0859 3760 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/23 00:17:15.0890 3760 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/23 00:17:15.0906 3760 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/23 00:17:15.0921 3760 L1c (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

2011/07/23 00:17:15.0968 3760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/23 00:17:15.0984 3760 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/23 00:17:16.0031 3760 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/07/23 00:17:16.0078 3760 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/23 00:17:16.0093 3760 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/23 00:17:16.0109 3760 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/23 00:17:16.0140 3760 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/23 00:17:16.0156 3760 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/23 00:17:16.0187 3760 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/23 00:17:16.0218 3760 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/23 00:17:16.0234 3760 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/23 00:17:16.0265 3760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/23 00:17:16.0281 3760 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/23 00:17:16.0328 3760 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/23 00:17:16.0359 3760 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/23 00:17:16.0390 3760 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/23 00:17:16.0406 3760 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/23 00:17:16.0437 3760 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/23 00:17:16.0453 3760 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/23 00:17:16.0484 3760 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/23 00:17:16.0500 3760 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/23 00:17:16.0515 3760 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/23 00:17:16.0531 3760 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/23 00:17:16.0546 3760 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/23 00:17:16.0593 3760 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/23 00:17:16.0609 3760 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/23 00:17:16.0625 3760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/23 00:17:16.0890 3760 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/23 00:17:16.0968 3760 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys

2011/07/23 00:17:16.0984 3760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/23 00:17:17.0000 3760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/23 00:17:17.0031 3760 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/23 00:17:17.0046 3760 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/23 00:17:17.0062 3760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/23 00:17:17.0093 3760 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/23 00:17:17.0140 3760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/23 00:17:17.0171 3760 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/23 00:17:17.0250 3760 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/23 00:17:17.0265 3760 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/23 00:17:17.0281 3760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/23 00:17:17.0296 3760 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/23 00:17:17.0359 3760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/23 00:17:17.0375 3760 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/23 00:17:17.0390 3760 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/23 00:17:17.0406 3760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/23 00:17:17.0453 3760 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/23 00:17:17.0468 3760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/23 00:17:17.0515 3760 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/23 00:17:17.0546 3760 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/23 00:17:17.0562 3760 rseb (c4c147291504d96ab81f5f793e0e9a69) C:\WINDOWS\system32\drivers\rseb.sys

2011/07/23 00:17:17.0593 3760 RT2500 (aa976b567c3a04ea29a7f3e93920af59) C:\WINDOWS\system32\DRIVERS\RT2500.sys

2011/07/23 00:17:17.0625 3760 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/23 00:17:17.0640 3760 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/23 00:17:17.0656 3760 Serial (2b2acd13f2426708789b8dc2043ad103) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/23 00:17:17.0656 3760 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 2b2acd13f2426708789b8dc2043ad103, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7

2011/07/23 00:17:17.0656 3760 Serial - detected ForgedFile.Multi.Generic (1)

2011/07/23 00:17:17.0687 3760 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/23 00:17:17.0734 3760 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/23 00:17:17.0781 3760 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/23 00:17:17.0812 3760 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/23 00:17:17.0859 3760 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/23 00:17:17.0890 3760 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/23 00:17:17.0906 3760 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/23 00:17:17.0937 3760 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/23 00:17:17.0984 3760 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/23 00:17:18.0015 3760 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/23 00:17:18.0046 3760 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/23 00:17:18.0062 3760 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/23 00:17:18.0078 3760 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/23 00:17:18.0140 3760 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/23 00:17:18.0203 3760 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/23 00:17:18.0234 3760 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/23 00:17:18.0265 3760 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/23 00:17:18.0281 3760 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/23 00:17:18.0312 3760 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/23 00:17:18.0343 3760 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/23 00:17:18.0375 3760 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/23 00:17:18.0421 3760 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys

2011/07/23 00:17:18.0453 3760 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/23 00:17:18.0468 3760 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/23 00:17:18.0500 3760 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/23 00:17:18.0578 3760 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/07/23 00:17:18.0625 3760 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/23 00:17:18.0687 3760 WudfPf (1903ffcf876720d9bc3432f0c64559e9) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/23 00:17:18.0734 3760 WudfRd (7fda30836fa3a5e52d16a09c686f9c2b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/23 00:17:18.0765 3760 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/23 00:17:18.0843 3760 Boot (0x1200) (d03892a87bcf028fa15406fb5614990c) \Device\Harddisk0\DR0\Partition0

2011/07/23 00:17:18.0843 3760 ================================================================================

2011/07/23 00:17:18.0843 3760 Scan finished

2011/07/23 00:17:18.0843 3760 ================================================================================

2011/07/23 00:17:18.0859 2060 Detected object count: 1

2011/07/23 00:17:18.0859 2060 Actual detected object count: 1

2011/07/23 00:17:56.0031 2060 ForgedFile.Multi.Generic(Serial) - User select action: Skip

as for combo fit - I got some mad bleeping from the computer with a message saying it found anti virus running along side and I had to disable it. avg infact. Well I couldn't seem to tempory disable avg2011. I did what the website said but after clicking OK I got a "An error occured when saving the configuration. connection is offline"

So I haven't done this combofix yet

As for how is the computer running now. Well I'm still getting website re-directs to pages I didn't ask for. + anti malware bytes is still not loading and giving me the "windows cannot acress the specified device, path or file. you may not have the appropiate permissions to access the item."

[ihateviruses2009]

sorry I did find this looklog thing..

Run from C:\Documents and Settings\mike\Desktop\maxlook.exe on 23/07/2011 at 0:10:07.34

No infected file found

I don't know how to edit posts sorry for adding a new reply

[D-FRED-BROWN]

Could you please re-run TDSSKiller, and choose "Cure" instead of "Skip"- we need those files fixed

as for combo fit - I got some mad bleeping from the computer with a message saying it found anti virus running along side and I had to disable it. avg infact. Well I couldn't seem to tempory disable avg2011. I did what the website said but after clicking OK I got a "An error occured when saving the configuration. connection is offline"

So I haven't done this combofix yet

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Once in Safe Mode, go ahead and run ComboFix

[ihateviruses2009]

hi. Ok well I ran TDSSKiller again. I couldn't see 'cure' in the pulldown. I did 'delete' and it said cured afterwards ?

I went into safemode (the normal one not the safemode and networking) and combofixer still said the same thing about avg but I want ahead anyway. after a couple of minutes I got a message. I don't have a full quote sorry as I couldn't copy it but I wrote down a little on paper. it said it had found rootkit zero access inserteted into the TCP/IP stack.

[D-FRED-BROWN]

Can you go ahead and post the log it created?

[ihateviruses2009]

2011/07/24 01:08:40.0093 3716 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/24 01:08:40.0390 3716 ================================================================================

2011/07/24 01:08:40.0390 3716 SystemInfo:

2011/07/24 01:08:40.0390 3716

2011/07/24 01:08:40.0390 3716 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/24 01:08:40.0390 3716 Product type: Workstation

2011/07/24 01:08:40.0390 3716 ComputerName: MIKE-6692D281E8

2011/07/24 01:08:40.0390 3716 UserName: mike

2011/07/24 01:08:40.0390 3716 Windows directory: C:\WINDOWS

2011/07/24 01:08:40.0390 3716 System windows directory: C:\WINDOWS

2011/07/24 01:08:40.0390 3716 Processor architecture: Intel x86

2011/07/24 01:08:40.0390 3716 Number of processors: 4

2011/07/24 01:08:40.0390 3716 Page size: 0x1000

2011/07/24 01:08:40.0390 3716 Boot type: Normal boot

2011/07/24 01:08:40.0390 3716 ================================================================================

2011/07/24 01:08:41.0156 3716 Initialize success

2011/07/24 01:08:48.0281 0160 ================================================================================

2011/07/24 01:08:48.0281 0160 Scan started

2011/07/24 01:08:48.0281 0160 Mode: Manual;

2011/07/24 01:08:48.0281 0160 ================================================================================

2011/07/24 01:08:49.0140 0160 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/24 01:08:49.0187 0160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/24 01:08:49.0234 0160 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/24 01:08:49.0265 0160 AegisP (4b66e250c94c92522c33a759d5d273cb) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/24 01:08:49.0296 0160 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/24 01:08:49.0421 0160 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/07/24 01:08:49.0484 0160 AppleCharger (f0a48ce44d3f368990ca8954340bd9a0) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys

2011/07/24 01:08:49.0562 0160 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys

2011/07/24 01:08:49.0562 0160 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys

2011/07/24 01:08:49.0593 0160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/24 01:08:49.0625 0160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/24 01:08:49.0671 0160 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/24 01:08:49.0687 0160 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/24 01:08:49.0718 0160 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/07/24 01:08:49.0734 0160 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/07/24 01:08:49.0765 0160 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/07/24 01:08:49.0781 0160 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/07/24 01:08:49.0812 0160 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/07/24 01:08:49.0828 0160 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/07/24 01:08:49.0843 0160 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/07/24 01:08:49.0859 0160 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/07/24 01:08:49.0875 0160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/24 01:08:49.0921 0160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/24 01:08:49.0953 0160 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/24 01:08:50.0187 0160 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/24 01:08:50.0250 0160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/24 01:08:50.0343 0160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/24 01:08:50.0515 0160 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/24 01:08:50.0562 0160 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/24 01:08:50.0593 0160 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/24 01:08:50.0609 0160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/24 01:08:50.0640 0160 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/24 01:08:50.0687 0160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/24 01:08:50.0718 0160 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/24 01:08:50.0750 0160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/24 01:08:50.0750 0160 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/24 01:08:50.0765 0160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/24 01:08:50.0796 0160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/07/24 01:08:50.0796 0160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/24 01:08:50.0828 0160 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/24 01:08:50.0843 0160 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys

2011/07/24 01:08:51.0093 0160 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/24 01:08:51.0125 0160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/24 01:08:51.0156 0160 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/24 01:08:51.0171 0160 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/24 01:08:51.0218 0160 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/24 01:08:51.0265 0160 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/24 01:08:51.0296 0160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/24 01:08:51.0468 0160 IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/24 01:08:51.0531 0160 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/24 01:08:51.0546 0160 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/07/24 01:08:51.0562 0160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/24 01:08:51.0578 0160 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/24 01:08:51.0609 0160 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/24 01:08:51.0625 0160 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/24 01:08:51.0640 0160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/24 01:08:51.0671 0160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/24 01:08:51.0687 0160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/24 01:08:51.0703 0160 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/24 01:08:51.0750 0160 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/24 01:08:51.0781 0160 L1c (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

2011/07/24 01:08:51.0812 0160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/24 01:08:51.0828 0160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/24 01:08:51.0890 0160 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/07/24 01:08:51.0937 0160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/24 01:08:51.0953 0160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/24 01:08:51.0968 0160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/24 01:08:52.0000 0160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/24 01:08:52.0031 0160 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/24 01:08:52.0078 0160 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/24 01:08:52.0109 0160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/24 01:08:52.0125 0160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/24 01:08:52.0156 0160 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/24 01:08:52.0171 0160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/24 01:08:52.0218 0160 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/24 01:08:52.0218 0160 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/24 01:08:52.0265 0160 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/24 01:08:52.0296 0160 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/24 01:08:52.0328 0160 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/24 01:08:52.0375 0160 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/24 01:08:52.0406 0160 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/24 01:08:52.0421 0160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/24 01:08:52.0453 0160 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/24 01:08:52.0453 0160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/24 01:08:52.0468 0160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/24 01:08:52.0515 0160 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/24 01:08:52.0531 0160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/24 01:08:52.0562 0160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/24 01:08:52.0828 0160 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/24 01:08:53.0062 0160 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys

2011/07/24 01:08:53.0093 0160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/24 01:08:53.0140 0160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/24 01:08:53.0156 0160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/24 01:08:53.0156 0160 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/24 01:08:53.0187 0160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/24 01:08:53.0218 0160 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/24 01:08:53.0250 0160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/24 01:08:53.0281 0160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/24 01:08:53.0375 0160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/24 01:08:53.0390 0160 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/24 01:08:53.0406 0160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/24 01:08:53.0421 0160 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/24 01:08:53.0484 0160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/24 01:08:53.0515 0160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/24 01:08:53.0531 0160 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/24 01:08:53.0531 0160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/24 01:08:53.0562 0160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/24 01:08:53.0578 0160 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/24 01:08:53.0609 0160 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/24 01:08:53.0640 0160 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/24 01:08:53.0671 0160 rseb (c4c147291504d96ab81f5f793e0e9a69) C:\WINDOWS\system32\drivers\rseb.sys

2011/07/24 01:08:53.0703 0160 RT2500 (aa976b567c3a04ea29a7f3e93920af59) C:\WINDOWS\system32\DRIVERS\RT2500.sys

2011/07/24 01:08:53.0734 0160 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/24 01:08:53.0781 0160 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/24 01:08:53.0796 0160 Serial (2b2acd13f2426708789b8dc2043ad103) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/24 01:08:53.0796 0160 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 2b2acd13f2426708789b8dc2043ad103, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7

2011/07/24 01:08:53.0796 0160 Serial - detected ForgedFile.Multi.Generic (1)

2011/07/24 01:08:53.0812 0160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/24 01:08:53.0859 0160 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/24 01:08:53.0906 0160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/24 01:08:53.0937 0160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/24 01:08:53.0968 0160 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/24 01:08:54.0000 0160 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/24 01:08:54.0046 0160 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/24 01:08:54.0062 0160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/24 01:08:54.0125 0160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/24 01:08:54.0156 0160 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/24 01:08:54.0203 0160 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/24 01:08:54.0218 0160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/24 01:08:54.0218 0160 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/24 01:08:54.0281 0160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/24 01:08:54.0343 0160 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/24 01:08:54.0406 0160 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/24 01:08:54.0437 0160 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/24 01:08:54.0453 0160 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/24 01:08:54.0500 0160 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/24 01:08:54.0531 0160 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/24 01:08:54.0546 0160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/24 01:08:54.0578 0160 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys

2011/07/24 01:08:54.0593 0160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/24 01:08:54.0609 0160 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/24 01:08:54.0656 0160 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/24 01:08:54.0703 0160 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/07/24 01:08:54.0765 0160 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/24 01:08:54.0796 0160 WudfPf (1903ffcf876720d9bc3432f0c64559e9) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/24 01:08:54.0828 0160 WudfRd (7fda30836fa3a5e52d16a09c686f9c2b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/24 01:08:54.0859 0160 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/24 01:08:54.0937 0160 Boot (0x1200) (d03892a87bcf028fa15406fb5614990c) \Device\Harddisk0\DR0\Partition0

2011/07/24 01:08:54.0953 0160 ================================================================================

2011/07/24 01:08:54.0953 0160 Scan finished

2011/07/24 01:08:54.0953 0160 ================================================================================

2011/07/24 01:08:54.0953 1464 Detected object count: 1

2011/07/24 01:08:54.0953 1464 Actual detected object count: 1

2011/07/24 01:09:23.0484 1464 ForgedFile.Multi.Generic(Serial) - User select action: Skip

2011/07/24 01:09:28.0125 3488 ================================================================================

2011/07/24 01:09:28.0125 3488 Scan started

2011/07/24 01:09:28.0125 3488 Mode: Manual;

2011/07/24 01:09:28.0125 3488 ================================================================================

2011/07/24 01:09:28.0343 3488 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/24 01:09:28.0359 3488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/24 01:09:28.0406 3488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/24 01:09:28.0437 3488 AegisP (4b66e250c94c92522c33a759d5d273cb) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/24 01:09:28.0468 3488 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/24 01:09:28.0578 3488 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/07/24 01:09:28.0609 3488 AppleCharger (f0a48ce44d3f368990ca8954340bd9a0) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys

2011/07/24 01:09:28.0687 3488 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys

2011/07/24 01:09:28.0703 3488 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys

2011/07/24 01:09:28.0734 3488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/24 01:09:28.0750 3488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/24 01:09:28.0765 3488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/24 01:09:28.0781 3488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/24 01:09:28.0812 3488 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/07/24 01:09:28.0828 3488 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/07/24 01:09:28.0843 3488 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/07/24 01:09:28.0859 3488 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/07/24 01:09:28.0875 3488 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/07/24 01:09:28.0890 3488 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/07/24 01:09:28.0890 3488 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/07/24 01:09:28.0921 3488 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/07/24 01:09:28.0937 3488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/24 01:09:29.0000 3488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/24 01:09:29.0031 3488 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/24 01:09:29.0046 3488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/24 01:09:29.0078 3488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/24 01:09:29.0109 3488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/24 01:09:29.0187 3488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/24 01:09:29.0234 3488 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/24 01:09:29.0250 3488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/24 01:09:29.0265 3488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/24 01:09:29.0296 3488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/24 01:09:29.0343 3488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/24 01:09:29.0375 3488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/24 01:09:29.0390 3488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/24 01:09:29.0406 3488 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/24 01:09:29.0421 3488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/24 01:09:29.0437 3488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/07/24 01:09:29.0453 3488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/24 01:09:29.0468 3488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/24 01:09:29.0500 3488 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys

2011/07/24 01:09:29.0546 3488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/24 01:09:29.0578 3488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/24 01:09:29.0593 3488 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/24 01:09:29.0625 3488 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/24 01:09:29.0656 3488 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/24 01:09:29.0703 3488 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/24 01:09:29.0718 3488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/24 01:09:29.0906 3488 IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/24 01:09:29.0953 3488 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/24 01:09:29.0984 3488 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/07/24 01:09:30.0000 3488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/24 01:09:30.0015 3488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/24 01:09:30.0031 3488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/24 01:09:30.0046 3488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/24 01:09:30.0078 3488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/24 01:09:30.0109 3488 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/24 01:09:30.0140 3488 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/24 01:09:30.0156 3488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/24 01:09:30.0187 3488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/24 01:09:30.0218 3488 L1c (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

2011/07/24 01:09:30.0250 3488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/24 01:09:30.0265 3488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/24 01:09:30.0312 3488 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/07/24 01:09:30.0359 3488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/24 01:09:30.0375 3488 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/24 01:09:30.0390 3488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/24 01:09:30.0406 3488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/24 01:09:30.0437 3488 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/24 01:09:30.0453 3488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/24 01:09:30.0500 3488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/24 01:09:30.0515 3488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/24 01:09:30.0531 3488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/24 01:09:30.0562 3488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/24 01:09:30.0593 3488 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/24 01:09:30.0609 3488 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/24 01:09:30.0640 3488 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/24 01:09:30.0656 3488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/24 01:09:30.0687 3488 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/24 01:09:30.0703 3488 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/24 01:09:30.0734 3488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/24 01:09:30.0750 3488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/24 01:09:30.0765 3488 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/24 01:09:30.0781 3488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/24 01:09:30.0796 3488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/24 01:09:30.0843 3488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/24 01:09:30.0859 3488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/24 01:09:30.0890 3488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/24 01:09:31.0156 3488 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/24 01:09:31.0218 3488 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys

2011/07/24 01:09:31.0250 3488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/24 01:09:31.0250 3488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/24 01:09:31.0281 3488 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/24 01:09:31.0296 3488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/24 01:09:31.0312 3488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/24 01:09:31.0343 3488 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/24 01:09:31.0375 3488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/24 01:09:31.0406 3488 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/24 01:09:31.0500 3488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/24 01:09:31.0515 3488 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/24 01:09:31.0531 3488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/24 01:09:31.0546 3488 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/24 01:09:31.0609 3488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/24 01:09:31.0625 3488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/24 01:09:31.0656 3488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/24 01:09:31.0671 3488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/24 01:09:31.0687 3488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/24 01:09:31.0687 3488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/24 01:09:31.0734 3488 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/24 01:09:31.0765 3488 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/24 01:09:31.0796 3488 rseb (c4c147291504d96ab81f5f793e0e9a69) C:\WINDOWS\system32\drivers\rseb.sys

2011/07/24 01:09:31.0812 3488 RT2500 (aa976b567c3a04ea29a7f3e93920af59) C:\WINDOWS\system32\DRIVERS\RT2500.sys

2011/07/24 01:09:31.0859 3488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/24 01:09:31.0875 3488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/24 01:09:31.0890 3488 Serial (2b2acd13f2426708789b8dc2043ad103) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/24 01:09:31.0890 3488 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 2b2acd13f2426708789b8dc2043ad103, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7

2011/07/24 01:09:31.0890 3488 Serial - detected ForgedFile.Multi.Generic (1)

2011/07/24 01:09:31.0921 3488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/24 01:09:31.0968 3488 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/24 01:09:32.0015 3488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/24 01:09:32.0046 3488 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/24 01:09:32.0078 3488 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/24 01:09:32.0109 3488 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/24 01:09:32.0140 3488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/24 01:09:32.0171 3488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/24 01:09:32.0234 3488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/24 01:09:32.0265 3488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/24 01:09:32.0312 3488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/24 01:09:32.0328 3488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/24 01:09:32.0328 3488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/24 01:09:32.0390 3488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/24 01:09:32.0453 3488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/24 01:09:32.0484 3488 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/24 01:09:32.0515 3488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/24 01:09:32.0531 3488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/24 01:09:32.0562 3488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/24 01:09:32.0593 3488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/24 01:09:32.0625 3488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/24 01:09:32.0656 3488 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys

2011/07/24 01:09:32.0656 3488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/24 01:09:32.0687 3488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/24 01:09:32.0734 3488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/24 01:09:32.0796 3488 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/07/24 01:09:32.0843 3488 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/24 01:09:32.0875 3488 WudfPf (1903ffcf876720d9bc3432f0c64559e9) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/24 01:09:32.0906 3488 WudfRd (7fda30836fa3a5e52d16a09c686f9c2b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/24 01:09:32.0937 3488 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/24 01:09:33.0015 3488 Boot (0x1200) (d03892a87bcf028fa15406fb5614990c) \Device\Harddisk0\DR0\Partition0

2011/07/24 01:09:33.0031 3488 ================================================================================

2011/07/24 01:09:33.0031 3488 Scan finished

2011/07/24 01:09:33.0031 3488 ================================================================================

2011/07/24 01:09:33.0031 3504 Detected object count: 1

2011/07/24 01:09:33.0031 3504 Actual detected object count: 1

2011/07/24 01:09:40.0000 3504 Serial (2b2acd13f2426708789b8dc2043ad103) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/24 01:09:40.0000 3504 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 2b2acd13f2426708789b8dc2043ad103, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7

2011/07/24 01:09:40.0000 3504 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine

2011/07/24 01:09:40.0000 3504 ForgedFile.Multi.Generic(Serial) - User select action: Quarantine

2011/07/24 01:09:47.0609 0428 ================================================================================

2011/07/24 01:09:47.0609 0428 Scan started

2011/07/24 01:09:47.0609 0428 Mode: Manual;

2011/07/24 01:09:47.0609 0428 ================================================================================

2011/07/24 01:09:48.0234 0428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/24 01:09:48.0265 0428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/24 01:09:48.0296 0428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/24 01:09:48.0312 0428 AegisP (4b66e250c94c92522c33a759d5d273cb) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/24 01:09:48.0343 0428 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/24 01:09:48.0453 0428 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/07/24 01:09:48.0515 0428 AppleCharger (f0a48ce44d3f368990ca8954340bd9a0) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys

2011/07/24 01:09:48.0578 0428 asusgsb (d320732bcf5ff856120bd06855c66867) C:\WINDOWS\system32\drivers\asusgsb.sys

2011/07/24 01:09:48.0593 0428 asuskbnt (b3b881eb81013aac11594a5400ada47a) C:\WINDOWS\system32\drivers\atkkbnt.sys

2011/07/24 01:09:48.0625 0428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/24 01:09:48.0640 0428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/24 01:09:48.0671 0428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/24 01:09:48.0687 0428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/24 01:09:48.0718 0428 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/07/24 01:09:48.0718 0428 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/07/24 01:09:48.0734 0428 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/07/24 01:09:48.0750 0428 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/07/24 01:09:48.0765 0428 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/07/24 01:09:48.0781 0428 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/07/24 01:09:48.0796 0428 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/07/24 01:09:48.0828 0428 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/07/24 01:09:48.0843 0428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/24 01:09:48.0875 0428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/24 01:09:48.0906 0428 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/24 01:09:48.0921 0428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/24 01:09:48.0953 0428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/24 01:09:48.0968 0428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/24 01:09:49.0046 0428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/24 01:09:49.0093 0428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/24 01:09:49.0125 0428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/24 01:09:49.0171 0428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/24 01:09:49.0187 0428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/24 01:09:49.0234 0428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/24 01:09:49.0265 0428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/24 01:09:49.0296 0428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/24 01:09:49.0296 0428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/24 01:09:49.0312 0428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/24 01:09:49.0343 0428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/07/24 01:09:49.0343 0428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/24 01:09:49.0359 0428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/24 01:09:49.0390 0428 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys

2011/07/24 01:09:49.0406 0428 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/24 01:09:49.0421 0428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/24 01:09:49.0453 0428 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/24 01:09:49.0468 0428 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/24 01:09:49.0515 0428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/24 01:09:49.0562 0428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/24 01:09:49.0609 0428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/24 01:09:49.0765 0428 IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/24 01:09:49.0828 0428 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/24 01:09:49.0843 0428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/07/24 01:09:49.0875 0428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/24 01:09:49.0890 0428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/24 01:09:49.0906 0428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/24 01:09:49.0921 0428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/24 01:09:49.0953 0428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/24 01:09:50.0046 0428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/24 01:09:50.0109 0428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/24 01:09:50.0203 0428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/24 01:09:50.0296 0428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/24 01:09:50.0375 0428 L1c (96478fe91c5a37c673ebe3da87c1a115) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

2011/07/24 01:09:50.0406 0428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/24 01:09:50.0437 0428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/24 01:09:50.0484 0428 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/07/24 01:09:50.0515 0428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/24 01:09:50.0531 0428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/24 01:09:50.0562 0428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/24 01:09:50.0593 0428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/24 01:09:50.0625 0428 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/24 01:09:50.0656 0428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/24 01:09:50.0687 0428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/24 01:09:50.0718 0428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/24 01:09:50.0734 0428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/24 01:09:50.0765 0428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/24 01:09:50.0796 0428 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/24 01:09:50.0796 0428 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/24 01:09:50.0843 0428 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/24 01:09:50.0859 0428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/24 01:09:50.0890 0428 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/24 01:09:50.0906 0428 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/24 01:09:50.0937 0428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/24 01:09:50.0953 0428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/24 01:09:50.0953 0428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/24 01:09:50.0968 0428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/24 01:09:50.0984 0428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/24 01:09:51.0031 0428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/24 01:09:51.0046 0428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/24 01:09:51.0078 0428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/24 01:09:51.0343 0428 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/24 01:09:51.0421 0428 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys

2011/07/24 01:09:51.0453 0428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/24 01:09:51.0453 0428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/24 01:09:51.0484 0428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/24 01:09:51.0515 0428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/24 01:09:51.0531 0428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/24 01:09:51.0562 0428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/24 01:09:51.0593 0428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/24 01:09:51.0625 0428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/24 01:09:51.0718 0428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/24 01:09:51.0734 0428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/24 01:09:51.0750 0428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/24 01:09:51.0765 0428 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/24 01:09:51.0828 0428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/24 01:09:51.0843 0428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/24 01:09:51.0859 0428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/24 01:09:51.0875 0428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/24 01:09:51.0890 0428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/24 01:09:51.0906 0428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/24 01:09:51.0953 0428 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/24 01:09:51.0984 0428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/24 01:09:52.0000 0428 rseb (c4c147291504d96ab81f5f793e0e9a69) C:\WINDOWS\system32\drivers\rseb.sys

2011/07/24 01:09:52.0031 0428 RT2500 (aa976b567c3a04ea29a7f3e93920af59) C:\WINDOWS\system32\DRIVERS\RT2500.sys

2011/07/24 01:09:52.0062 0428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/24 01:09:52.0093 0428 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/24 01:09:52.0109 0428 Serial (2b2acd13f2426708789b8dc2043ad103) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/24 01:09:52.0109 0428 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 2b2acd13f2426708789b8dc2043ad103, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7

2011/07/24 01:09:52.0109 0428 Serial - detected ForgedFile.Multi.Generic (1)

2011/07/24 01:09:52.0125 0428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/24 01:09:52.0203 0428 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/24 01:09:52.0250 0428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/24 01:09:52.0281 0428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/24 01:09:52.0312 0428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/24 01:09:52.0343 0428 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/24 01:09:52.0375 0428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/24 01:09:52.0390 0428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/24 01:09:52.0437 0428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/24 01:09:52.0468 0428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/24 01:09:52.0500 0428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/24 01:09:52.0515 0428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/24 01:09:52.0531 0428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/24 01:09:52.0593 0428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/24 01:09:52.0656 0428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/24 01:09:52.0687 0428 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/24 01:09:52.0734 0428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/24 01:09:52.0750 0428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/24 01:09:52.0796 0428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/24 01:09:52.0828 0428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/24 01:09:52.0843 0428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/24 01:09:52.0875 0428 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\WINDOWS\system32\Drivers\Video3D32.sys

2011/07/24 01:09:52.0890 0428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/24 01:09:52.0921 0428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/24 01:09:52.0953 0428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/24 01:09:53.0000 0428 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/07/24 01:09:53.0046 0428 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/24 01:09:53.0093 0428 WudfPf (1903ffcf876720d9bc3432f0c64559e9) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/24 01:09:53.0125 0428 WudfRd (7fda30836fa3a5e52d16a09c686f9c2b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/24 01:09:53.0171 0428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/24 01:09:53.0265 0428 Boot (0x1200) (d03892a87bcf028fa15406fb5614990c) \Device\Harddisk0\DR0\Partition0

2011/07/24 01:09:53.0265 0428 ================================================================================

2011/07/24 01:09:53.0265 0428 Scan finished

2011/07/24 01:09:53.0265 0428 ================================================================================

2011/07/24 01:09:53.0281 1352 Detected object count: 1

2011/07/24 01:09:53.0281 1352 Actual detected object count: 1

2011/07/24 01:09:58.0281 1352 HKLM\SYSTEM\ControlSet001\services\Serial - will be deleted after reboot

2011/07/24 01:09:58.0281 1352 HKLM\SYSTEM\ControlSet002\services\Serial - will be deleted after reboot

2011/07/24 01:09:58.0281 1352 C:\WINDOWS\system32\DRIVERS\serial.sys - will be deleted after reboot

2011/07/24 01:09:58.0281 1352 ForgedFile.Multi.Generic(Serial) - User select action: Delete

2011/07/24 01:10:11.0828 3700 Deinitialize success

[D-FRED-BROWN]

Please include the ComboFix log as well

[D-FRED-BROWN]

Also, please just post the logs as they are - please don't put them in "Quote" tags. Thanks

[ihateviruses2009]

ComboFix 11-07-22.02 - mike 24/07/2011 3:09.1.4 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1805 [GMT 1:00]

Running from: c:\documents and settings\mike\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\mike\Application Data\alot

c:\documents and settings\mike\Application Data\alot\Button_0\Button_0.xml

c:\documents and settings\mike\Application Data\alot\Button_0\Button_0.xml.backup

c:\documents and settings\mike\Application Data\alot\Button_1\Button_1.xml

c:\documents and settings\mike\Application Data\alot\Button_1\Button_1.xml.backup

c:\documents and settings\mike\Application Data\alot\Button_2\Button_2.xml

c:\documents and settings\mike\Application Data\alot\Button_2\Button_2.xml.backup

c:\documents and settings\mike\Application Data\alot\Button_3\Button_3.xml

c:\documents and settings\mike\Application Data\alot\Button_3\Button_3.xml.backup

c:\documents and settings\mike\Application Data\alot\Button_4\Button_4.xml

c:\documents and settings\mike\Application Data\alot\Button_4\Button_4.xml.backup

c:\documents and settings\mike\Application Data\alot\Button_5\Button_5.xml

c:\documents and settings\mike\Application Data\alot\Button_5\Button_5.xml.backup

c:\documents and settings\mike\Application Data\alot\Button_6\Button_6.xml

c:\documents and settings\mike\Application Data\alot\Button_6\Button_6.xml.backup

c:\documents and settings\mike\Application Data\alot\Button_7\Button_7.xml

c:\documents and settings\mike\Application Data\alot\Button_7\Button_7.xml.backup

c:\documents and settings\mike\Application Data\alot\Button_8\Button_8.xml

c:\documents and settings\mike\Application Data\alot\Button_8\Button_8.xml.backup

c:\documents and settings\mike\Application Data\alot\Button_9\Button_9.xml

c:\documents and settings\mike\Application Data\alot\Button_9\Button_9.xml.backup

c:\documents and settings\mike\Application Data\alot\configurator\configurator.xml

c:\documents and settings\mike\Application Data\alot\configurator\configurator.xml.backup

c:\documents and settings\mike\Application Data\alot\contextMenu\contextMenu.xml

c:\documents and settings\mike\Application Data\alot\contextMenu\contextMenu.xml.backup

c:\documents and settings\mike\Application Data\alot\postInstallLayout\postInstallLayout.xml

c:\documents and settings\mike\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup

c:\documents and settings\mike\Application Data\alot\products\products.xml

c:\documents and settings\mike\Application Data\alot\products\products.xml.backup

c:\documents and settings\mike\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html

c:\documents and settings\mike\Application Data\alot\Resources\BrowserSearch\images\favicon.ico

c:\documents and settings\mike\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_0\images\alot_logo_button.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_image_search.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_news_search.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_search_button.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_shop_search.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_videos_search.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_1\images\alot_web_search.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_2\images\alot_configure.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_2\images\alot_configure.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_3\images\3952_icon.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_3\images\3952_icon.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_4\images\default_2019_www.hulu.com_button.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_4\images\default_2019_www.hulu.com_button.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_5\images\3562_icon.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_5\images\3562_icon.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_6\images\3953_icon.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_6\images\3953_icon.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_7\images\default_2097_music_videos.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_7\images\default_2097_music_videos.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_8\images\4490_icon.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_8\images\4490_icon.png

c:\documents and settings\mike\Application Data\alot\Resources\Button_9\images\6109_icon.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Button_9\images\6109_icon.png

c:\documents and settings\mike\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp

c:\documents and settings\mike\Application Data\alot\Resources\contextMenu\images\alot_icon.png

c:\documents and settings\mike\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp

c:\documents and settings\mike\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png

c:\documents and settings\mike\Application Data\alot\Resources\Shared\domains.dat

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\alot_splitter.png

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\discover.png

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\intro_popup.png

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\spinner.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_bottom.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_caption.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_error_close.bmp

c:\documents and settings\mike\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp

c:\documents and settings\mike\Application Data\alot\TimerManager\TimerManager.xml

c:\documents and settings\mike\Application Data\alot\TimerManager\TimerManager.xml.backup

c:\documents and settings\mike\Application Data\alot\toolbar.xml

c:\documents and settings\mike\Application Data\alot\toolbar.xml.backup

c:\documents and settings\mike\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml

c:\documents and settings\mike\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup

c:\documents and settings\mike\Application Data\alot\ToolbarSearch\ToolbarSearch.xml

c:\documents and settings\mike\Application Data\alot\Updater\Updater.xml

c:\documents and settings\mike\Application Data\alot\Updater\Updater.xml.backup

c:\documents and settings\mike\Application Data\PriceGong

c:\documents and settings\mike\Application Data\PriceGong\Data\1.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\a.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\b.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\c.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\d.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\e.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\f.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\g.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\h.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\i.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\j.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\k.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\l.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\m.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\n.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\o.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\p.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\q.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\r.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\s.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\t.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\u.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\v.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\w.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\x.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\y.xml

c:\documents and settings\mike\Application Data\PriceGong\Data\z.xml

c:\windows\assembly\GAC_MSIL\desktop.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))

.

.

2011-07-24 00:09 . 2011-07-24 00:09 -------- d-----w- C:\TDSSKiller_Quarantine

2011-07-22 23:05 . 2011-07-22 23:10 -------- d-----w- c:\windows\maxdrive

2011-07-22 17:16 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 17:16 . 2011-07-24 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-22 17:16 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 16:41 . 2011-07-07 12:28 520496 ----a-w- c:\windows\Listdlls.exe

2011-07-22 16:41 . 2011-05-17 11:48 423288 ----a-w- c:\windows\handle.exe

2011-07-19 23:06 . 2011-07-19 23:06 -------- d-----w- c:\program files\Trend Micro

2011-07-19 22:33 . 2011-07-19 22:33 -------- d--h--w- c:\windows\PIF

2011-07-19 22:24 . 2011-07-19 22:24 -------- d-----w- c:\documents and settings\Administrator

2011-07-19 22:23 . 2011-07-22 15:57 56416 --sha-w- c:\windows\system32\c_47991.nl_

2011-07-19 17:22 . 2011-07-19 17:22 -------- d-----w- c:\program files\VSTplugins

2011-07-19 17:22 . 2011-07-19 17:22 -------- d-----w- c:\documents and settings\mike\Application Data\Publish Providers

2011-07-19 16:54 . 2011-07-19 16:54 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\Babylon

2011-07-19 16:54 . 2011-07-19 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2011-07-19 16:54 . 2011-07-19 16:54 -------- d-----w- c:\documents and settings\mike\Application Data\Babylon

2011-07-19 16:53 . 2011-07-19 16:53 71680 --sha-r- c:\windows\system32\ctl3d32D.dll

2011-07-18 23:36 . 2011-07-18 23:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}

2011-07-18 23:33 . 2011-07-18 23:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}

2011-07-18 23:33 . 2011-07-18 23:33 -------- d-----w- c:\program files\Common Files\Native Instruments

2011-07-18 23:32 . 2011-07-18 23:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-07-18 23:32 . 2011-07-18 23:33 -------- d-----w- c:\program files\Native Instruments

2011-07-18 23:32 . 2011-07-18 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments

2011-07-08 16:02 . 2011-07-08 16:02 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-07-08 16:02 . 2011-07-08 16:02 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-07-07 21:23 . 2011-07-07 21:23 -------- d-----w- c:\program files\Audacity

2011-06-29 20:46 . 2011-06-29 20:47 -------- d-----w- c:\program files\Ahead

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-19 14:35 . 2011-04-01 22:40 17488 ----a-w- c:\windows\gdrv.sys

2011-06-02 14:02 . 2008-04-14 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2011-04-01 17:26 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2008-04-14 09:42 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2008-04-14 04:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2008-04-14 09:42 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-26 11:07 . 2008-04-14 09:41 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-25 14:47 . 2008-04-14 09:42 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 2008-04-14 09:41 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 14:47 . 2008-04-14 09:41 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 12:56 . 2008-04-14 04:07 369664 ----a-w- c:\windows\system32\html.iec

2011-07-08 16:02 . 2011-04-02 11:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

.

c:\windows\System32\wuauclt.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}]

2009-11-07 00:07 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-03-18 07:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"iBryte playbryte Desktop"="c:\program files\iBryte\playbryte\ibrytedesktop.exe" [2011-06-16 167936]

"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

GN-WPKG Utility.lnk - c:\program files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe [2011-4-2 524288]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\iBryte\\playbryte\\ibrytedesktop.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISDM.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe"=

"c:\\Documents and Settings\\mike\\Desktop\\TDSSKiller.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgui.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]

R0 rseb;rseb;c:\windows\system32\drivers\rseb.sys [02/04/2011 11:56 15266]

S1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [01/04/2011 23:38 19496]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 04:12 248656]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 13:19 297168]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]

S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]

S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe --> c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [?]

S2 ES lite Service;ES lite Service for program management.;"c:\program files\Gigabyte\EasySaver\ESSVR.EXE" --> c:\program files\Gigabyte\EasySaver\ESSVR.EXE [?]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe --> c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01/04/2011 23:37 1691480]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [02/04/2011 23:28 947528]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 15:23 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 15:23 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 15:23 27216]

S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/04/2011 23:38 44032]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [01/04/2011 23:16 91496]

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-17 c:\windows\Tasks\DriverNavigator Scheduled Scan.job

- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-04-17 10:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Free YouTube Download - c:\documents and settings\mike\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\w30ljmvk.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d97a32a&v=7.005.030.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)

SafeBoot-10200339.sys

AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe

AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe

AddRemove-{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1 - c:\program files\GridinSoft Trojan Killer\unins000.exe

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-24 03:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\$NtUninstallKB3055$:SummaryInformation 0 bytes hidden from API

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

Completion time: 2011-07-24 03:16:21

ComboFix-quarantined-files.txt 2011-07-24 02:16

.

Pre-Run: 55,470,465,024 bytes free

Post-Run: 56,620,748,800 bytes free

.

- - End Of File - - CCDE11B287B14AD2305E61CB4232A978

log.txt

[D-FRED-BROWN]

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Fcopy::

c:\windows\system32\dllcache\wuauclt.exe | c:\windows\System32\wuauclt.exe

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

[ihateviruses2009]

I wasn't sure if you meant normal or safemode so I did this in normal

ComboFix 11-07-22.02 - mike 24/07/2011 23:44:43.2.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1406 [GMT 1:00]

Running from: c:\documents and settings\mike\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\mike\Desktop\CFScript..txt

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\wuauclt.exe --> c:\windows\System32\wuauclt.exe

.

((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))

.

.

2011-07-24 22:44 . 2009-08-06 18:24 53472 -c--a-w- c:\windows\system32\dllcache\wuauclt.exe

2011-07-24 22:44 . 2009-08-06 18:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2011-07-24 22:38 . 2011-07-24 22:39 -------- d-----w- C:\jully2011 trash

2011-07-24 00:09 . 2011-07-24 00:09 -------- d-----w- C:\TDSSKiller_Quarantine

2011-07-22 23:05 . 2011-07-22 23:10 -------- d-----w- c:\windows\maxdrive

2011-07-22 17:16 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 17:16 . 2011-07-24 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-22 17:16 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 16:41 . 2011-07-07 12:28 520496 ----a-w- c:\windows\Listdlls.exe

2011-07-22 16:41 . 2011-05-17 11:48 423288 ----a-w- c:\windows\handle.exe

2011-07-19 23:06 . 2011-07-19 23:06 -------- d-----w- c:\program files\Trend Micro

2011-07-19 22:33 . 2011-07-19 22:33 -------- d--h--w- c:\windows\PIF

2011-07-19 22:24 . 2011-07-19 22:24 -------- d-----w- c:\documents and settings\Administrator

2011-07-19 22:23 . 2011-07-22 15:57 56416 --sha-w- c:\windows\system32\c_47991.nl_

2011-07-19 17:22 . 2011-07-19 17:22 -------- d-----w- c:\program files\VSTplugins

2011-07-19 17:22 . 2011-07-19 17:22 -------- d-----w- c:\documents and settings\mike\Application Data\Publish Providers

2011-07-19 16:54 . 2011-07-19 16:54 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\Babylon

2011-07-19 16:54 . 2011-07-19 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2011-07-19 16:54 . 2011-07-19 16:54 -------- d-----w- c:\documents and settings\mike\Application Data\Babylon

2011-07-19 16:53 . 2011-07-19 16:53 71680 --sha-r- c:\windows\system32\ctl3d32D.dll

2011-07-18 23:36 . 2011-07-18 23:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}

2011-07-18 23:33 . 2011-07-18 23:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}

2011-07-18 23:33 . 2011-07-18 23:33 -------- d-----w- c:\program files\Common Files\Native Instruments

2011-07-18 23:32 . 2011-07-18 23:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-07-18 23:32 . 2011-07-18 23:33 -------- d-----w- c:\program files\Native Instruments

2011-07-18 23:32 . 2011-07-18 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments

2011-07-08 16:02 . 2011-07-08 16:02 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-07-08 16:02 . 2011-07-08 16:02 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-07-07 21:23 . 2011-07-07 21:23 -------- d-----w- c:\program files\Audacity

2011-06-29 20:46 . 2011-06-29 20:47 -------- d-----w- c:\program files\Ahead

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-19 14:35 . 2011-04-01 22:40 17488 ----a-w- c:\windows\gdrv.sys

2011-06-02 14:02 . 2008-04-14 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2011-04-01 17:26 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2008-04-14 09:42 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2008-04-14 04:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2008-04-14 09:42 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-26 11:07 . 2008-04-14 09:41 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-08 16:02 . 2011-04-02 11:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-24_02.15.04 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-17 00:49 . 2011-07-24 01:43 67516 c:\windows\system32\perfc009.dat

+ 2004-08-17 00:49 . 2011-07-24 22:37 67516 c:\windows\system32\perfc009.dat

+ 2004-08-17 00:49 . 2011-07-24 22:37 432686 c:\windows\system32\perfh009.dat

- 2004-08-17 00:49 . 2011-07-24 01:43 432686 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}]

2009-11-07 00:07 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-05-30 10:33 2495816 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"iBryte playbryte Desktop"="c:\program files\iBryte\playbryte\ibrytedesktop.exe" [2011-06-16 167936]

"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

GN-WPKG Utility.lnk - c:\program files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe [2011-4-2 524288]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\iBryte\\playbryte\\ibrytedesktop.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISDM.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe"=

"c:\\Documents and Settings\\mike\\Desktop\\TDSSKiller.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgui.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]

R0 rseb;rseb;c:\windows\system32\drivers\rseb.sys [02/04/2011 11:56 15266]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [01/04/2011 23:38 19496]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 04:12 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 13:19 297168]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 15:23 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 15:23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 15:23 27216]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/04/2011 23:38 44032]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [01/04/2011 23:16 91496]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]

S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]

S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe --> c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [?]

S2 ES lite Service;ES lite Service for program management.;"c:\program files\Gigabyte\EasySaver\ESSVR.EXE" --> c:\program files\Gigabyte\EasySaver\ESSVR.EXE [?]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe --> c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01/04/2011 23:37 1691480]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [02/04/2011 23:28 1025352]

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-17 c:\windows\Tasks\DriverNavigator Scheduled Scan.job

- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-04-17 10:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Free YouTube Download - c:\documents and settings\mike\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\w30ljmvk.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d97a32a&v=7.005.030.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-24 23:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\$NtUninstallKB3055$:SummaryInformation 0 bytes hidden from API

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\wdfmgr.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

.

**************************************************************************

.

Completion time: 2011-07-24 23:51:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-24 22:51

ComboFix2.txt 2011-07-24 02:16

.

Pre-Run: 56,589,881,344 bytes free

Post-Run: 56,582,438,912 bytes free

.

- - End Of File - - B62CEB3E3CB8CD6CF017A46F9F898C18

[D-FRED-BROWN]

Before we do anything else, please tell me know things are running now

[ihateviruses2009]

oh and as for how things are running, well links from google are now going to the proper sites. so that's good.

But i've still get that message when trying to run anti MWB.

I can't even rename it as it says "cannot rename mbam: acess is denied make sure the disk is not full or write-protected and that the file is not currently in use."

[D-FRED-BROWN]

Let's do some more scans

----

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

----

Download Rootkit Unhooker and save it to your Desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.

Vista/Windows 7 users right-click and select Run As Administrator.

• Click the Report tab, then click Scan
  
• Check Drivers, Stealth Code, Files, and Code Hooks
  
• UNcheck the rest, then click OK
  
• When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  
• Wait until the scanner has finished then go File > Save Report
  
• Save the report somewhere you can find it. Click Close
  
• Copy the entire contents of the report and paste it in your next reply.
  Note: You may get the following warning---just ignore it, click OK and continue. Rootkit Unhooker has detected a parasite inside itself!
  It is recommended to remove parasite, okay?
  

[ihateviruses2009]

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000001d

Kernel Drivers (total 123):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xB85A8000 \WINDOWS\system32\KDCOM.DLL

0xB84B8000 \WINDOWS\system32\BOOTVID.dll

0xB7F79000 ACPI.sys

0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB7F68000 pci.sys

0xB80A8000 isapnp.sys

0xB8670000 pciide.sys

0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xB80B8000 MountMgr.sys

0xB7F49000 ftdisk.sys

0xB8330000 PartMgr.sys

0xB80C8000 VolSnap.sys

0xB7F31000 atapi.sys

0xB80D8000 disk.sys

0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB7F11000 fltMgr.sys

0xB7EFF000 sr.sys

0xB80F8000 PxHelp20.sys

0xB7EE8000 KSecDD.sys

0xB7E5B000 Ntfs.sys

0xB7E2E000 NDIS.sys

0xB7E14000 Mup.sys

0xB84BC000 rseb.sys

0xB8338000 avgrkx86.sys

0xB84C0000 AVGIDSEH.Sys

0xB8288000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB7387000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB7373000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB734B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB82B8000 \SystemRoot\system32\DRIVERS\l1c51x86.sys

0xB83F0000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB7327000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xB83F8000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB72F8000 \SystemRoot\system32\DRIVERS\RT2500.sys

0xB8408000 \SystemRoot\system32\DRIVERS\fdc.sys

0xB72E4000 \SystemRoot\system32\DRIVERS\parport.sys

0xB82C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xB8410000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB82D8000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB82E8000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB82F8000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB72C1000 \SystemRoot\system32\DRIVERS\ks.sys

0xB8418000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xB7DE8000 \SystemRoot\system32\drivers\atkkbnt.sys

0xB7DE4000 \SystemRoot\System32\Drivers\Video3D32.sys

0xB7DE0000 \SystemRoot\system32\drivers\asusgsb.sys

0xB876A000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB8308000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB7DDC000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB72AA000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB8318000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB8128000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB8420000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB7299000 \SystemRoot\system32\DRIVERS\psched.sys

0xB8138000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xB8428000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xB8430000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB8148000 \SystemRoot\system32\DRIVERS\termdd.sys

0xB8438000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xB85D6000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB7223000 \SystemRoot\system32\DRIVERS\update.sys

0xB7DD0000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB8158000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB5006000 \SystemRoot\system32\drivers\nvhda32.sys

0xB4FE2000 \SystemRoot\system32\drivers\portcls.sys

0xB8178000 \SystemRoot\system32\drivers\drmk.sys

0xB8450000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0xB49E1000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xB81A8000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xB85DC000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xB81C8000 \SystemRoot\system32\DRIVERS\avgmfx86.sys

0xB85E4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB86D9000 \SystemRoot\System32\Drivers\Null.SYS

0xB85E6000 \SystemRoot\System32\Drivers\Beep.SYS

0xB8468000 \SystemRoot\System32\drivers\vga.sys

0xB85E8000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xB85EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xB8470000 \SystemRoot\System32\Drivers\Msfs.SYS

0xB8478000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB7203000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB491E000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB48C5000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB487E000 \SystemRoot\system32\DRIVERS\avgtdix.sys

0xB4858000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB4830000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB480E000 \SystemRoot\System32\drivers\afd.sys

0xB8208000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB47E3000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB4773000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB8218000 \SystemRoot\System32\Drivers\Fips.SYS

0xB4737000 \SystemRoot\system32\DRIVERS\avgldx86.sys

0xB4FC2000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xB8238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xB8480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xB4FBE000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xB8258000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB8358000 \SystemRoot\system32\DRIVERS\AppleCharger.sys

0xB50BB000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB46F7000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xB8650000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB720B000 \SystemRoot\System32\drivers\Dxapi.sys

0xB8378000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xB86E1000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\atkdisp.dll

0xBD045000 \SystemRoot\System32\nv4_disp.dll

0xBD652000 \SystemRoot\System32\ATMFD.DLL

0xB4353000 \SystemRoot\system32\DRIVERS\AegisP.sys

0xB4347000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB40BA000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB85C0000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB83A8000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

0xB4012000 \SystemRoot\system32\DRIVERS\srv.sys

0xB83B8000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys

0xB3FCA000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys

0xB3E25000 \SystemRoot\system32\drivers\wdmaud.sys

0xB43FF000 \SystemRoot\system32\drivers\sysaudio.sys

0xB3BDE000 \SystemRoot\System32\Drivers\HTTP.sys

0xB1EAC000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 30):

0 System Idle Process

4 System

812 C:\WINDOWS\system32\smss.exe

868 csrss.exe

892 C:\WINDOWS\system32\winlogon.exe

936 C:\WINDOWS\system32\services.exe

948 C:\WINDOWS\system32\lsass.exe

1116 C:\WINDOWS\system32\svchost.exe

1184 svchost.exe

1328 C:\WINDOWS\system32\svchost.exe

1484 svchost.exe

1560 svchost.exe

1844 C:\WINDOWS\system32\spoolsv.exe

1940 svchost.exe

364 wdfmgr.exe

1012 C:\WINDOWS\explorer.exe

1396 alg.exe

1704 C:\WINDOWS\system32\rundll32.exe

256 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

356 C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

380 C:\WINDOWS\RTHDCPL.EXE

2040 C:\Program Files\Winamp\winampa.exe

588 C:\Program Files\AVG\AVG10\avgtray.exe

796 C:\Program Files\Common Files\Java\Java Update\jusched.exe

600 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

1288 C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe

2380 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

3504 wmiprvse.exe

2580 C:\WINDOWS\system32\wuauclt.exe

2720 C:\Documents and Settings\mike\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-23JNA1, Rev: 06.01C06

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

[ihateviruses2009]

RkU Version: 3.8.389.593, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #4

==============================================

>Drivers

==============================================

0xB7387000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )

0xBD045000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )

0xB49E1000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6131712 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2154496 bytes

0x804D7000 RAW 2154496 bytes

0x804D7000 WMIxWDM 2154496 bytes

0xBF800000 Win32k 1859584 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xB7E5B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xB4773000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB7223000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xB48C5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB4012000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBD652000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB487E000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0xB3BDE000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB4737000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xBD012000 C:\WINDOWS\System32\atkdisp.dll 196608 bytes (ASUSTeK Computer Inc., ASUS Windows 2000/XP Display Driver)

0xB72F8000 C:\WINDOWS\system32\DRIVERS\RT2500.sys 192512 bytes (Ralink Technology Inc., RT2500 802.11g Wireless Adapter Driver)

0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB40BA000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB7E2E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB47E3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB734B000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xB4830000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB4858000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB4FE2000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB7327000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB72C1000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xB480E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E5000 ACPI_HAL 134400 bytes

0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB3FCA000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)

0xB7F11000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xB7E14000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB7F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB46F7000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xB7EE8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB72AA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xB5006000 C:\WINDOWS\system32\drivers\nvhda32.sys 86016 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)

0xB3E25000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB72E4000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xB7373000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xB491E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB7EFF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB7299000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xB50BB000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xB82E8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xB8178000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xB82B8000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 61440 bytes (Atheros Communications, Inc., Atheros AR813x/AR815x PCI-E Ethernet Controller ndis miniport driver)

0xB82F8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB43FF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xB81A8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xB82C8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xB8308000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xB81C8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xB8128000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xB8218000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xB82D8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xB8318000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xB8158000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xB80F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xB8148000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xB3E5A000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)

0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xB8238000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xB8288000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xB8138000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xB8208000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB8258000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xB8478000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xB83F8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xB8358000 C:\WINDOWS\system32\DRIVERS\AppleCharger.sys 28672 bytes

0xB8338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)

0xB8408000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xB8480000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xB8418000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xB8410000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xB8438000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xB83F0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xB8468000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xB83B8000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)

0xB83A8000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)

0xB8450000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xB8470000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xB8428000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xB8430000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xB8420000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xB8378000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xB4353000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)

0xB7DE0000 C:\WINDOWS\system32\drivers\asusgsb.sys 16384 bytes (ASUSTeK Computer Inc., ASUS Virtual Video Capture Device Driver)

0xB84C0000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0xB7DD0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xB4347000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xB84BC000 rseb.sys 16384 bytes (Ralink Technology Inc., Ralink Ethernet Bridge Driver)

0xB7DE8000 C:\WINDOWS\system32\drivers\atkkbnt.sys 12288 bytes (ASUSTeK COMPUTER INC., ASUS Help driver For Keyboard Service.)

0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xB720B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xB4FC2000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xB4FBE000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xB7DDC000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xB7203000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB7DE4000 C:\WINDOWS\System32\Drivers\Video3D32.sys 12288 bytes (ASUSTeK COMPUTER INC., ASUS Video3D driver)

0xB85E6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xB8650000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xB85E4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xB85E8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xB85C0000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xB85EA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xB85D6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xB85DC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xB876A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xB86E1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xB86D9000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

==============================================

>Files

==============================================

!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat

!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat

!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\VikPev00

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3198844952

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\click.tlb

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\loader.tlb

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\L\koqhmjoz

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@00000001

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@000000c0

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@000000cb

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@000000cf

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@80000000

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@800000c0

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@800000cb

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@800000cf

!-->[Hidden] C:\WINDOWS\$NtUninstallKB3055$\3272226586\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]

tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB4904428-->B84BD508 [rseb.sys]

tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB4904454-->B84BD556 [rseb.sys]

tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB4904460-->B84BD823 [rseb.sys]

wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB825DB4C-->B84BD508 [rseb.sys]

wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xB825DB1C-->B84BD883 [rseb.sys]

wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB825DB3C-->B84BD556 [rseb.sys]

wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB825DB28-->B84BD823 [rseb.sys]

[1012]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]

[1012]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]

[1012]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]

[1012]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]

[1012]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]

[1012]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]

[1012]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x771B1248-->5CB77774 [shimeng.dll]

[1012]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]

[D-FRED-BROWN]

Little more to do :

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::

C:\WINDOWS\$NtUninstallKB3055$\3198844952

C:\WINDOWS\$NtUninstallKB3055$\3272226586

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

[ihateviruses2009]

still got "windows cannot access the specified device, path of file" on anti malwarebytes.

ComboFix 11-07-22.02 - mike 25/07/2011 17:37:31.3.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1359 [GMT 1:00]

Running from: c:\documents and settings\mike\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\mike\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))

.

.

2011-07-24 22:44 . 2009-08-06 18:24 53472 -c--a-w- c:\windows\system32\dllcache\wuauclt.exe

2011-07-24 22:44 . 2009-08-06 18:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2011-07-24 22:38 . 2011-07-24 22:39 -------- d-----w- C:\jully2011 trash

2011-07-24 00:09 . 2011-07-24 00:09 -------- d-----w- C:\TDSSKiller_Quarantine

2011-07-22 23:05 . 2011-07-22 23:10 -------- d-----w- c:\windows\maxdrive

2011-07-22 17:16 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 17:16 . 2011-07-24 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-22 17:16 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 16:41 . 2011-07-07 12:28 520496 ----a-w- c:\windows\Listdlls.exe

2011-07-22 16:41 . 2011-05-17 11:48 423288 ----a-w- c:\windows\handle.exe

2011-07-19 23:06 . 2011-07-19 23:06 -------- d-----w- c:\program files\Trend Micro

2011-07-19 22:33 . 2011-07-19 22:33 -------- d--h--w- c:\windows\PIF

2011-07-19 22:24 . 2011-07-19 22:24 -------- d-----w- c:\documents and settings\Administrator

2011-07-19 22:23 . 2011-07-22 15:57 56416 --sha-w- c:\windows\system32\c_47991.nl_

2011-07-19 17:22 . 2011-07-19 17:22 -------- d-----w- c:\program files\VSTplugins

2011-07-19 17:22 . 2011-07-19 17:22 -------- d-----w- c:\documents and settings\mike\Application Data\Publish Providers

2011-07-19 16:54 . 2011-07-19 16:54 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\Babylon

2011-07-19 16:54 . 2011-07-19 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2011-07-19 16:54 . 2011-07-19 16:54 -------- d-----w- c:\documents and settings\mike\Application Data\Babylon

2011-07-19 16:53 . 2011-07-19 16:53 71680 --sha-r- c:\windows\system32\ctl3d32D.dll

2011-07-18 23:36 . 2011-07-18 23:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}

2011-07-18 23:33 . 2011-07-18 23:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}

2011-07-18 23:33 . 2011-07-18 23:33 -------- d-----w- c:\program files\Common Files\Native Instruments

2011-07-18 23:32 . 2011-07-18 23:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-07-18 23:32 . 2011-07-18 23:33 -------- d-----w- c:\program files\Native Instruments

2011-07-18 23:32 . 2011-07-18 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments

2011-07-08 16:02 . 2011-07-08 16:02 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-07-08 16:02 . 2011-07-08 16:02 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-07-07 21:23 . 2011-07-07 21:23 -------- d-----w- c:\program files\Audacity

2011-06-29 20:46 . 2011-06-29 20:47 -------- d-----w- c:\program files\Ahead

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-19 14:35 . 2011-04-01 22:40 17488 ----a-w- c:\windows\gdrv.sys

2011-06-02 14:02 . 2008-04-14 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2011-04-01 17:26 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2008-04-14 09:42 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2008-04-14 04:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 16:02 . 2011-04-02 11:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-24_02.15.04 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-17 00:49 . 2011-07-24 01:43 67516 c:\windows\system32\perfc009.dat

+ 2004-08-17 00:49 . 2011-07-25 14:51 67516 c:\windows\system32\perfc009.dat

+ 2004-08-17 00:49 . 2011-07-25 14:51 432686 c:\windows\system32\perfh009.dat

- 2004-08-17 00:49 . 2011-07-24 01:43 432686 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}]

2009-11-07 00:07 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-05-30 10:33 2495816 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"iBryte playbryte Desktop"="c:\program files\iBryte\playbryte\ibrytedesktop.exe" [2011-06-16 167936]

"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

GN-WPKG Utility.lnk - c:\program files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe [2011-4-2 524288]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\iBryte\\playbryte\\ibrytedesktop.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISDM.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe"=

"c:\\Documents and Settings\\mike\\Desktop\\TDSSKiller.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgui.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]

R0 rseb;rseb;c:\windows\system32\drivers\rseb.sys [02/04/2011 11:56 15266]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [01/04/2011 23:38 19496]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 04:12 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 13:19 297168]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 15:23 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 15:23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 15:23 27216]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/04/2011 23:38 44032]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [01/04/2011 23:16 91496]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]

S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]

S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe --> c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [?]

S2 ES lite Service;ES lite Service for program management.;"c:\program files\Gigabyte\EasySaver\ESSVR.EXE" --> c:\program files\Gigabyte\EasySaver\ESSVR.EXE [?]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe --> c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01/04/2011 23:37 1691480]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [02/04/2011 23:28 1025352]

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-17 c:\windows\Tasks\DriverNavigator Scheduled Scan.job

- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-04-17 10:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Free YouTube Download - c:\documents and settings\mike\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\w30ljmvk.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d97a32a&v=7.005.030.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-25 17:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\$NtUninstallKB3055$:SummaryInformation 0 bytes hidden from API

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\wdfmgr.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

.

**************************************************************************

.

Completion time: 2011-07-25 17:43:37 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-25 16:43

ComboFix2.txt 2011-07-24 22:51

ComboFix3.txt 2011-07-24 02:16

.

Pre-Run: 56,408,498,176 bytes free

Post-Run: 56,397,725,696 bytes free

.

- - End Of File - - 54C543BF2E945E132427E81AF5E8EE2C

[D-FRED-BROWN]

Please do the following:

• Download GMER from here. Save it to your Desktop. Take note of the filename, as it is a randomly named .exe file.
• Disconnect from the Internet and close all running programs while scan is running.
• Make sure all antivirus and other real-time security programs are disabled. See here for directions.
• Double-click on the downloaded file to start the program. (If running Vista or Win 7, right click on it and Run as an Administrator)
• If possible rootkit activity is found, you will be asked if you would like to perform a full scan.-->Click on NO, then use the following settings for a more complete scan:
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

  [*]Click the Scan button to begin. (Please be patient: this can take some time.[*]When the scan is finished, click Save and type in gmer.txt and save to Desktop and copy/paste the contents in your next reply.

Note!: These types of scans can produce false positives. Do not take any action until a trained helper has seen the log.

----------

Please do the following:

• Please download aswMBR.exe from here and save it to your Desktop.
  
• Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  
• Click Scan
  
• Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  
• This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

[ihateviruses2009]

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-07-25 23:42:42

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-23JNA1 rev.06.01C06

Running: f7wcitr3.exe; Driver: C:\DOCUME~1\mike\LOCALS~1\Temp\ugwyrfob.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB3055$\3198844952 0 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586 0 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\click.tlb 2144 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\L 0 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\L\koqhmjoz 64512 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\loader.tlb 2540 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\U 0 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@00000001 54368 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@000000c0 2560 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@000000cb 2048 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@000000cf 1536 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@80000000 24576 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@800000c0 33280 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@800000cb 27648 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\U\@800000cf 27648 bytes

File C:\WINDOWS\$NtUninstallKB3055$\3272226586\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes

---- EOF - GMER 1.0.15 ----