Win32/Olmarik Trojan

[Dino21]

Hi

I'm new to all of this. My Nod32 picks up a Win32/Olmarik trojan but no matter what I do i can not get rid of it. Please help.

[miekiemoes]

Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
• Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[Dino21]

This is the log file from the MalwareBytes

Malwarebytes' Anti-Malware 1.51.0.1200
http://www.malwarebytes.org

Database version: 6705

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/5/2011 11:48:42 AM
mbam-log-2011-06-05 (11-48-42).txt

Scan type: Quick scan
Objects scanned: 145267
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



This it the file from the hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:54 AM, on 6/5/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6361C21-9F70-4950-9E3A-0D8EBDDF7099}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 4789 bytes

[miekiemoes]

Hi,

Citaat:Database version: 6705

This database version is outdated. It's currently version 6774, so please update and do a new scan.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix...e-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

[Dino21]

Malwarebytes' Anti-Malware 1.51.0.1200
http://www.malwarebytes.org

Database version: 6775

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/5/2011 10:02:35 PM
mbam-log-2011-06-05 (22-02-35).txt

Scan type: Quick scan
Objects scanned: 144871
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix 11-06-05.02 - dean 06/05/2011 21:32:01.1.4 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2568 [GMT 2:00]
Running from: c:\users\dean\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\csc.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 19:36 . 2011-06-05 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 09:13 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 09:12 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 08:13 . 2011-06-05 08:13 388096 ----a-r- c:\users\dean\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-05 08:13 . 2011-06-05 08:13 -------- d-----w- c:\program files\Trend Micro
2011-06-05 04:15 . 2011-05-24 17:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1A71DC8-5BBB-470B-8AD5-966E1C50305C}\mpengine.dll
2011-06-03 14:09 . 2011-06-03 14:09 -------- d-----w- c:\programdata\Vodafone
2011-06-03 14:09 . 2011-06-03 14:09 -------- d-----w- c:\program files\Vodafone
2011-06-01 19:56 . 2011-06-01 19:56 -------- d-----w- c:\users\dean\AppData\Local\Activision
2011-06-01 19:47 . 2007-03-05 10:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2011-06-01 19:42 . 2011-06-01 19:42 -------- d-----w- c:\program files\Activision
2011-06-01 16:27 . 2011-06-01 16:27 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-01 16:27 . 2011-06-01 16:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-01 16:27 . 2011-06-01 19:41 -------- d-----w- c:\users\dean\AppData\Roaming\DAEMON Tools Lite
2011-06-01 16:27 . 2011-06-01 16:27 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-06-01 15:10 . 2011-06-01 15:16 -------- d-----w- c:\program files\MSI Afterburner
2011-06-01 15:10 . 2011-06-01 15:10 -------- d-----w- c:\users\dean\AppData\Roaming\ATI
2011-06-01 15:10 . 2011-06-01 15:10 -------- d-----w- c:\users\dean\AppData\Local\ATI
2011-06-01 15:10 . 2011-06-01 15:10 -------- d-----w- c:\programdata\ATI
2011-06-01 15:09 . 2011-06-01 15:09 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-01 15:04 . 2011-06-01 15:04 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-06-01 15:04 . 2010-09-24 12:46 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2011-06-01 15:02 . 2010-11-18 09:59 52736 ----a-w- c:\windows\system32\coinst.dll
2011-06-01 15:02 . 2010-11-18 10:27 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-06-01 15:01 . 2011-06-01 15:05 -------- d-----w- c:\program files\ATI Technologies
2011-06-01 15:01 . 2011-06-01 15:01 -------- d-----w- c:\program files\ATI
2011-06-01 05:47 . 2011-06-01 05:47 -------- d-----w- c:\users\dean\AppData\Local\Apps
2011-05-27 15:47 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 20:14 . 2011-05-25 20:14 -------- d-----w- c:\users\dean\AppData\Roaming\Malwarebytes
2011-05-25 20:13 . 2011-05-25 20:13 -------- d-----w- c:\programdata\Malwarebytes
2011-05-25 20:13 . 2011-06-05 09:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-24 15:43 . 2011-05-28 01:19 -------- d-----w- c:\program files\CCleaner
2011-05-23 09:38 . 2011-05-23 09:38 -------- d-----w- c:\users\dean\AppData\Local\ESET
2011-05-22 09:14 . 2011-05-22 09:14 -------- d-----w- c:\users\dean\AppData\Roaming\Research In Motion
2011-05-22 09:12 . 2011-05-22 09:12 -------- d-----w- c:\programdata\Research In Motion
2011-05-22 09:12 . 2011-05-22 09:12 -------- d-----w- c:\program files\Research In Motion
2011-05-22 08:32 . 2011-05-22 09:12 -------- d-----w- c:\program files\Common Files\Research In Motion
2011-05-20 14:50 . 2011-05-22 09:14 -------- d-----w- c:\users\dean\AppData\Local\Research In Motion
2011-05-20 14:47 . 2009-01-09 14:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2011-05-11 21:14 . 2011-05-11 21:14 -------- d-----w- c:\users\dean\AppData\Local\ElevatedDiagnostics
2011-05-11 21:14 . 2011-05-11 03:22 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-11 21:14 . 2011-05-11 21:14 315392 ----a-w- c:\windows\HideWin.exe
2011-05-11 21:13 . 2006-02-07 22:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-05-11 21:13 . 2006-02-07 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-05-11 21:13 . 2006-02-07 22:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-05-11 21:13 . 2006-02-07 22:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-05-11 21:13 . 2006-02-07 22:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-05-11 21:13 . 2011-05-11 21:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-05-11 21:13 . 2011-05-11 21:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-05-11 21:13 . 2011-05-11 21:18 16608 ----a-w- c:\windows\gdrv.sys
2011-05-11 20:28 . 2008-01-07 12:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2011-05-11 20:25 . 2011-05-28 01:18 -------- d-----w- c:\program files\ESET
2011-05-11 03:21 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 03:19 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 03:19 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 03:19 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 03:19 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 03:19 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 03:19 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 03%

[Dino21]

Malwarebytes' Anti-Malware 1.51.0.1200
http://www.malwarebytes.org

Database version: 6775

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/5/2011 10:02:35 PM
mbam-log-2011-06-05 (22-02-35).txt

Scan type: Quick scan
Objects scanned: 144871
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix 11-06-05.02 - dean 06/05/2011 21:32:01.1.4 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2568 [GMT 2:00]
Running from: c:\users\dean\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\csc.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 19:36 . 2011-06-05 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 09:13 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 09:12 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 08:13 . 2011-06-05 08:13 388096 ----a-r- c:\users\dean\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-05 08:13 . 2011-06-05 08:13 -------- d-----w- c:\program files\Trend Micro
2011-06-05 04:15 . 2011-05-24 17:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1A71DC8-5BBB-470B-8AD5-966E1C50305C}\mpengine.dll
2011-06-03 14:09 . 2011-06-03 14:09 -------- d-----w- c:\programdata\Vodafone
2011-06-03 14:09 . 2011-06-03 14:09 -------- d-----w- c:\program files\Vodafone
2011-06-01 19:56 . 2011-06-01 19:56 -------- d-----w- c:\users\dean\AppData\Local\Activision
2011-06-01 19:47 . 2007-03-05 10:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2011-06-01 19:42 . 2011-06-01 19:42 -------- d-----w- c:\program files\Activision
2011-06-01 16:27 . 2011-06-01 16:27 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-01 16:27 . 2011-06-01 16:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-01 16:27 . 2011-06-01 19:41 -------- d-----w- c:\users\dean\AppData\Roaming\DAEMON Tools Lite
2011-06-01 16:27 . 2011-06-01 16:27 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-06-01 15:10 . 2011-06-01 15:16 -------- d-----w- c:\program files\MSI Afterburner
2011-06-01 15:10 . 2011-06-01 15:10 -------- d-----w- c:\users\dean\AppData\Roaming\ATI
2011-06-01 15:10 . 2011-06-01 15:10 -------- d-----w- c:\users\dean\AppData\Local\ATI
2011-06-01 15:10 . 2011-06-01 15:10 -------- d-----w- c:\programdata\ATI
2011-06-01 15:09 . 2011-06-01 15:09 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-01 15:04 . 2011-06-01 15:04 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-06-01 15:04 . 2010-09-24 12:46 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2011-06-01 15:02 . 2010-11-18 09:59 52736 ----a-w- c:\windows\system32\coinst.dll
2011-06-01 15:02 . 2010-11-18 10:27 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-06-01 15:01 . 2011-06-01 15:05 -------- d-----w- c:\program files\ATI Technologies
2011-06-01 15:01 . 2011-06-01 15:01 -------- d-----w- c:\program files\ATI
2011-06-01 05:47 . 2011-06-01 05:47 -------- d-----w- c:\users\dean\AppData\Local\Apps
2011-05-27 15:47 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 20:14 . 2011-05-25 20:14 -------- d-----w- c:\users\dean\AppData\Roaming\Malwarebytes
2011-05-25 20:13 . 2011-05-25 20:13 -------- d-----w- c:\programdata\Malwarebytes
2011-05-25 20:13 . 2011-06-05 09:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-24 15:43 . 2011-05-28 01:19 -------- d-----w- c:\program files\CCleaner
2011-05-23 09:38 . 2011-05-23 09:38 -------- d-----w- c:\users\dean\AppData\Local\ESET
2011-05-22 09:14 . 2011-05-22 09:14 -------- d-----w- c:\users\dean\AppData\Roaming\Research In Motion
2011-05-22 09:12 . 2011-05-22 09:12 -------- d-----w- c:\programdata\Research In Motion
2011-05-22 09:12 . 2011-05-22 09:12 -------- d-----w- c:\program files\Research In Motion
2011-05-22 08:32 . 2011-05-22 09:12 -------- d-----w- c:\program files\Common Files\Research In Motion
2011-05-20 14:50 . 2011-05-22 09:14 -------- d-----w- c:\users\dean\AppData\Local\Research In Motion
2011-05-20 14:47 . 2009-01-09 14:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2011-05-11 21:14 . 2011-05-11 21:14 -------- d-----w- c:\users\dean\AppData\Local\ElevatedDiagnostics
2011-05-11 21:14 . 2011-05-11 03:22 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-11 21:14 . 2011-05-11 21:14 315392 ----a-w- c:\windows\HideWin.exe
2011-05-11 21:13 . 2006-02-07 22:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-05-11 21:13 . 2006-02-07 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-05-11 21:13 . 2006-02-07 22:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-05-11 21:13 . 2006-02-07 22:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-05-11 21:13 . 2006-02-07 22:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-05-11 21:13 . 2011-05-11 21:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-05-11 21:13 . 2011-05-11 21:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-05-11 21:13 . 2011-05-11 21:18 16608 ----a-w- c:\windows\gdrv.sys
2011-05-11 20:28 . 2008-01-07 12:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2011-05-11 20:25 . 2011-05-28 01:18 -------- d-----w- c:\program files\ESET
2011-05-11 03:21 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 03:19 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 03:19 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 03:19 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 03:19 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 03:19 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 03:19 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 03:19 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 03:19 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-06 22:07 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-05-06 22:07 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-05-06 22:06 . 2011-05-06 22:06 -------- d-----w- c:\program files\Microsoft Works
2011-05-06 22:05 . 2011-05-06 22:05 -------- d-----w- c:\windows\PCHEALTH
2011-05-06 22:03 . 2011-05-06 22:03 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-05-06 22:02 . 2011-05-06 22:02 -------- d-----w- c:\users\dean\AppData\Local\Microsoft Help
2011-05-06 22:02 . 2011-05-06 22:07 -------- d-----w- c:\programdata\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 19:37 . 2011-05-04 15:33 388096 ----a-w- c:\windows\system32\drivers\csc.sys
2011-05-24 17:14 . 2011-05-04 15:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-05 00:04 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-04 23:55 . 2011-05-04 23:55 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-04 23:55 . 2011-05-04 23:55 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-04 23:55 . 2011-05-04 23:55 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-04 23:55 . 2011-05-04 23:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-04 23:55 . 2011-05-04 23:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-04 23:55 . 2011-05-04 23:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-04 23:55 . 2011-05-04 23:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-04 23:55 . 2011-05-04 23:55 367104 ----a-w- c:\windows\system32\html.iec
2011-05-04 23:55 . 2011-05-04 23:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-04 23:55 . 2011-05-04 23:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-04 23:55 . 2011-05-04 23:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-04 23:55 . 2011-05-04 23:55 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-05-04 23:55 . 2011-05-04 23:55 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-04 23:55 . 2011-05-04 23:55 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-04 23:55 . 2011-05-04 23:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-04 23:55 . 2011-05-04 23:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-04 23:55 . 2011-05-04 23:55 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-04 23:55 . 2011-05-04 23:55 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-04 23:55 . 2011-05-04 23:55 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-04 23:55 . 2011-05-04 23:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-04 23:55 . 2011-05-04 23:55 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-02 19:32 . 2011-05-02 19:32 737280 ----a-w- c:\windows\iun6002.exe
2011-03-12 11:23 . 2011-05-02 04:41 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:39 . 2011-05-02 04:46 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:39 . 2011-05-02 04:46 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:39 . 2011-05-02 04:46 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:39 . 2011-05-02 04:46 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:38 . 2011-05-02 04:46 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:38 . 2011-05-02 04:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:38 . 2011-05-02 04:46 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:33 . 2011-05-02 04:37 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-05-02 04:37 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-05-02 04:46 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31 . 2011-05-02 04:46 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:28 . 2011-05-02 04:46 741376 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-02 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-02 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-01 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-18 176128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 93312]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-18 6568960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-18 229888]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-24 102416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.za/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{B6361C21-9F70-4950-9E3A-0D8EBDDF7099}: NameServer = 192.168.0.1
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD1600JS-55NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86B42AC8]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8771a7f8; SUB DWORD [EBP-0x4], 0x8771a100; PUSH EDI; CALL 0xffffffffffffe127; }
1 ntkrnlpa!IofCallDriver[0x8304952F] -> \Device\Harddisk0\DR0[0x865DB820]
3 CLASSPNP[0x8B78959E] -> ntkrnlpa!IofCallDriver[0x8304952F] -> [0x860C07E0]
5 ACPI[0x8B21F3D4] -> ntkrnlpa!IofCallDriver[0x8304952F] -> \IdeDeviceP3T0L0-3[0x860DB330]
[0x867C64D0] -> IRP_MJ_CREATE -> 0x86B42AC8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-3 -> \??\IDE#DiskWDC_WD1600JS-55NCB1_____________________10.02E01#5&2aa92c33&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312579693 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-06-05 21:44:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-05 19:44
.
Pre-Run: 128,317,829,120 bytes free
Post-Run: 128,325,697,536 bytes free
.
- - End Of File - - 183FD58512C9CE6B9871922B94CDA184

[miekiemoes]

Hi,

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
• If an infected file is detected, the default action will be Cure, click on Continue
• If a suspicious file is detected, the default action will be Skip, click on Continue
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  

[Dino21]

2011/06/05 23:17:25.0368 1736 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 23:17:25.0383 1736 ================================================================================
2011/06/05 23:17:25.0383 1736 SystemInfo:
2011/06/05 23:17:25.0383 1736
2011/06/05 23:17:25.0383 1736 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/05 23:17:25.0383 1736 Product type: Workstation
2011/06/05 23:17:25.0383 1736 ComputerName: DEAN-PC
2011/06/05 23:17:25.0383 1736 UserName: dean
2011/06/05 23:17:25.0383 1736 Windows directory: C:\Windows
2011/06/05 23:17:25.0383 1736 System windows directory: C:\Windows
2011/06/05 23:17:25.0383 1736 Processor architecture: Intel x86
2011/06/05 23:17:25.0383 1736 Number of processors: 4
2011/06/05 23:17:25.0383 1736 Page size: 0x1000
2011/06/05 23:17:25.0383 1736 Boot type: Normal boot
2011/06/05 23:17:25.0383 1736 ================================================================================
2011/06/05 23:17:31.0514 1736 Initialize success
2011/06/05 23:17:43.0963 3668 ================================================================================
2011/06/05 23:17:43.0963 3668 Scan started
2011/06/05 23:17:43.0963 3668 Mode: Manual;
2011/06/05 23:17:43.0963 3668 ================================================================================
2011/06/05 23:17:44.0462 3668 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/06/05 23:17:44.0540 3668 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/06/05 23:17:44.0634 3668 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/06/05 23:17:44.0696 3668 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/05 23:17:44.0743 3668 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/05 23:17:44.0774 3668 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/05 23:17:44.0852 3668 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/06/05 23:17:44.0915 3668 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/06/05 23:17:44.0993 3668 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/05 23:17:45.0133 3668 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/06/05 23:17:45.0180 3668 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/06/05 23:17:45.0211 3668 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/06/05 23:17:45.0242 3668 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/05 23:17:45.0445 3668 amdkmdag (fa4806ca5eb4e625723aaf9d4bb219e0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/05 23:17:45.0648 3668 amdkmdap (274abffcf3cfb7daf300a16011d6e893) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/05 23:17:45.0695 3668 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/05 23:17:45.0757 3668 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/06/05 23:17:45.0788 3668 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/05 23:17:45.0804 3668 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/06/05 23:17:45.0866 3668 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/06/05 23:17:45.0960 3668 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/05 23:17:45.0991 3668 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/05 23:17:46.0022 3668 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 23:17:46.0085 3668 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/06/05 23:17:46.0178 3668 AtiHDAudioService (c8b17ac82ad2ee9e0e58e3461008c5f7) C:\Windows\system32\drivers\AtihdW73.sys
2011/06/05 23:17:46.0256 3668 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/05 23:17:46.0350 3668 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/05 23:17:46.0443 3668 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/05 23:17:46.0490 3668 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/05 23:17:46.0537 3668 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 23:17:46.0553 3668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/05 23:17:46.0568 3668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/05 23:17:46.0615 3668 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/05 23:17:46.0646 3668 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/05 23:17:46.0662 3668 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/05 23:17:46.0677 3668 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/05 23:17:46.0709 3668 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/05 23:17:46.0927 3668 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 23:17:46.0989 3668 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 23:17:47.0036 3668 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/05 23:17:47.0083 3668 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/05 23:17:47.0130 3668 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/05 23:17:47.0177 3668 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/06/05 23:17:47.0239 3668 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/05 23:17:47.0270 3668 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/05 23:17:47.0333 3668 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/05 23:17:47.0364 3668 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/05 23:17:47.0489 3668 CSC (6e2b261c59f13de0a9e911068ad49311) C:\Windows\system32\drivers\csc.sys
2011/06/05 23:17:47.0489 3668 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: 6e2b261c59f13de0a9e911068ad49311, Fake md5: f8d6dcc6d75cad4fda9b2d4f17b750ce
2011/06/05 23:17:47.0504 3668 CSC - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/05 23:17:47.0598 3668 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 23:17:47.0645 3668 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/05 23:17:47.0691 3668 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/05 23:17:47.0769 3668 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 23:17:47.0832 3668 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/06/05 23:17:47.0894 3668 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 23:17:47.0972 3668 eamon (d4f94d45e25d764462a5b95bc426c8d0) C:\Windows\system32\DRIVERS\eamon.sys
2011/06/05 23:17:48.0128 3668 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/05 23:17:48.0315 3668 ehdrv (9456462c1425d2bbf1616edabfaba5f4) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/06/05 23:17:48.0425 3668 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/05 23:17:48.0456 3668 epfwwfpr (32102f2c07182523b1390c2d9341e397) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/06/05 23:17:48.0518 3668 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/06/05 23:17:48.0565 3668 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/05 23:17:48.0581 3668 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 23:17:48.0612 3668 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 23:17:48.0643 3668 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 23:17:48.0674 3668 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 23:17:48.0690 3668 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 23:17:48.0721 3668 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 23:17:48.0752 3668 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/05 23:17:48.0768 3668 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 23:17:48.0877 3668 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/05 23:17:48.0939 3668 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/05 23:17:49.0033 3668 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\Windows\gdrv.sys
2011/06/05 23:17:49.0049 3668 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/05 23:17:49.0127 3668 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/06/05 23:17:49.0158 3668 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 23:17:49.0189 3668 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/05 23:17:49.0205 3668 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/05 23:17:49.0376 3668 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/05 23:17:49.0657 3668 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 23:17:49.0813 3668 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/05 23:17:49.0891 3668 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 23:17:49.0969 3668 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/06/05 23:17:50.0031 3668 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/05 23:17:50.0094 3668 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/06/05 23:17:50.0172 3668 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/06/05 23:17:50.0406 3668 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/05 23:17:50.0655 3668 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/05 23:17:50.0780 3668 IntcAzAudAddService (7374c8a1e7efbf15a2c2a681f3ef0c69) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/05 23:17:50.0858 3668 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/06/05 23:17:50.0889 3668 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 23:17:50.0921 3668 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 23:17:50.0967 3668 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/05 23:17:50.0999 3668 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/05 23:17:51.0077 3668 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/05 23:17:51.0186 3668 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/06/05 23:17:51.0248 3668 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/06/05 23:17:51.0295 3668 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/05 23:17:51.0357 3668 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/05 23:17:51.0420 3668 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/05 23:17:51.0467 3668 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/05 23:17:51.0529 3668 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/05 23:17:51.0576 3668 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/05 23:17:51.0591 3668 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/05 23:17:51.0607 3668 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/05 23:17:51.0638 3668 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/05 23:17:51.0669 3668 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/05 23:17:51.0701 3668 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/05 23:17:51.0779 3668 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/05 23:17:51.0825 3668 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/05 23:17:51.0841 3668 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/05 23:17:51.0903 3668 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/06/05 23:17:51.0966 3668 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/05 23:17:52.0028 3668 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/05 23:17:52.0075 3668 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/06/05 23:17:52.0106 3668 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/05 23:17:52.0169 3668 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/06/05 23:17:52.0215 3668 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/05 23:17:52.0247 3668 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/05 23:17:52.0262 3668 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/05 23:17:52.0278 3668 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/06/05 23:17:52.0340 3668 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/06/05 23:17:52.0434 3668 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/05 23:17:52.0449 3668 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/05 23:17:52.0527 3668 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/06/05 23:17:52.0605 3668 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/05 23:17:52.0621 3668 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/05 23:17:52.0637 3668 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/05 23:17:52.0668 3668 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/05 23:17:52.0699 3668 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/06/05 23:17:52.0730 3668 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/05 23:17:52.0746 3668 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/05 23:17:52.0761 3668 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/05 23:17:52.0808 3668 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/05 23:17:52.0871 3668 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/06/05 23:17:52.0949 3668 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/05 23:17:52.0980 3668 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/05 23:17:53.0027 3668 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/05 23:17:53.0089 3668 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/05 23:17:53.0151 3668 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/06/05 23:17:53.0198 3668 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/05 23:17:53.0261 3668 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/05 23:17:53.0339 3668 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/05 23:17:53.0370 3668 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/05 23:17:53.0385 3668 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/05 23:17:53.0479 3668 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/06/05 23:17:53.0526 3668 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/05 23:17:53.0666 3668 NVHDA (96c27791d5ae5c77e37c61b15112e38d) C:\Windows\system32\drivers\nvhda32v.sys
2011/06/05 23:17:53.0760 3668 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/06/05 23:17:53.0775 3668 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/06/05 23:17:53.0807 3668 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/06/05 23:17:53.0869 3668 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/06/05 23:17:53.0963 3668 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/05 23:17:54.0009 3668 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/06/05 23:17:54.0072 3668 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/05 23:17:54.0103 3668 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/06/05 23:17:54.0165 3668 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/06/05 23:17:54.0181 3668 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/05 23:17:54.0212 3668 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/05 23:17:54.0259 3668 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/05 23:17:54.0415 3668 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/05 23:17:54.0446 3668 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/05 23:17:54.0493 3668 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/05 23:17:54.0540 3668 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/05 23:17:54.0633 3668 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/05 23:17:54.0649 3668 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/05 23:17:54.0680 3668 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/05 23:17:54.0727 3668 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/05 23:17:54.0758 3668 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/05 23:17:54.0789 3668 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/05 23:17:54.0805 3668 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/05 23:17:54.0867 3668 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/05 23:17:54.0945 3668 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/05 23:17:55.0008 3668 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/05 23:17:55.0070 3668 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/06/05 23:17:55.0148 3668 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/05 23:17:55.0164 3668 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/05 23:17:55.0242 3668 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/06/05 23:17:55.0304 3668 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/06/05 23:17:55.0413 3668 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/06/05 23:17:55.0491 3668 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
2011/06/05 23:17:55.0538 3668 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/06/05 23:17:55.0585 3668 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/05 23:17:55.0710 3668 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/05 23:17:55.0772 3668 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/06/05 23:17:55.0835 3668 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/06/05 23:17:55.0913 3668 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/06/05 23:17:55.0959 3668 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/05 23:17:56.0006 3668 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/05 23:17:56.0069 3668 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/05 23:17:56.0084 3668 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/05 23:17:56.0147 3668 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/05 23:17:56.0209 3668 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/06/05 23:17:56.0240 3668 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/05 23:17:56.0256 3668 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/05 23:17:56.0318 3668 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/05 23:17:56.0427 3668 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/06/05 23:17:56.0443 3668 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/05 23:17:56.0459 3668 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/05 23:17:56.0490 3668 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/05 23:17:56.0568 3668 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/05 23:17:56.0646 3668 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/06/05 23:17:56.0677 3668 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/05 23:17:56.0739 3668 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/05 23:17:56.0786 3668 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/05 23:17:56.0849 3668 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/06/05 23:17:56.0880 3668 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/06/05 23:17:56.0927 3668 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/06/05 23:17:57.0145 3668 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/06/05 23:17:57.0239 3668 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/05 23:17:57.0301 3668 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/05 23:17:57.0363 3668 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/06/05 23:17:57.0379 3668 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/06/05 23:17:57.0426 3668 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/05 23:17:57.0457 3668 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/06/05 23:17:57.0551 3668 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/05 23:17:57.0597 3668 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/05 23:17:57.0691 3668 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/05 23:17:57.0738 3668 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/05 23:17:57.0847 3668 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/05 23:17:58.0019 3668 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/05 23:17:58.0112 3668 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/06/05 23:17:58.0159 3668 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/05 23:17:58.0221 3668 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/05 23:17:58.0299 3668 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/06/05 23:17:58.0331 3668 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/05 23:17:58.0362 3668 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/05 23:17:58.0377 3668 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/05 23:17:58.0409 3668 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/05 23:17:58.0455 3668 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/05 23:17:58.0518 3668 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/05 23:17:58.0565 3668 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/05 23:17:58.0627 3668 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/05 23:17:58.0643 3668 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/05 23:17:58.0705 3668 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/06/05 23:17:58.0783 3668 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/06/05 23:17:58.0799 3668 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/05 23:17:58.0830 3668 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/06/05 23:17:58.0877 3668 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/06/05 23:17:58.0923 3668 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/06/05 23:17:59.0001 3668 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/06/05 23:17:59.0033 3668 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/05 23:17:59.0064 3668 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/06/05 23:17:59.0111 3668 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/05 23:17:59.0126 3668 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/06/05 23:17:59.0157 3668 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/05 23:17:59.0235 3668 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 23:17:59.0251 3668 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 23:17:59.0313 3668 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/05 23:17:59.0345 3668 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/05 23:17:59.0454 3668 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/05 23:17:59.0469 3668 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/05 23:17:59.0610 3668 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/05 23:17:59.0657 3668 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/05 23:17:59.0719 3668 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/06/05 23:17:59.0797 3668 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/05 23:17:59.0844 3668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/06/05 23:17:59.0859 3668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/05 23:17:59.0875 3668 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
2011/06/05 23:17:59.0891 3668 ================================================================================
2011/06/05 23:17:59.0891 3668 Scan finished
2011/06/05 23:17:59.0891 3668 ================================================================================
2011/06/05 23:17:59.0906 2924 Detected object count: 1
2011/06/05 23:17:59.0906 2924 Actual detected object count: 1
2011/06/05 23:18:22.0932 2924 CSC (6e2b261c59f13de0a9e911068ad49311) C:\Windows\system32\drivers\csc.sys
2011/06/05 23:18:22.0932 2924 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: 6e2b261c59f13de0a9e911068ad49311, Fake md5: f8d6dcc6d75cad4fda9b2d4f17b750ce
2011/06/05 23:18:23.0790 2924 Backup copy found, using it..
2011/06/05 23:18:23.0790 2924 C:\Windows\system32\drivers\csc.sys - will be cured after reboot
2011/06/05 23:18:23.0790 2924 Rootkit.Win32.TDSS.tdl3(CSC) - User select action: Cure
2011/06/05 23:18:47.0549 3124 Deinitialize success

[miekiemoes]

Hi,

I assume you have rebooted in a meanwhile? Can you do another scan with TDsKiller after reboot and post the new log?

[Dino21]

It seems to have deleted it. thank you very much.

2011/06/06 17:18:39.0446 2864 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/06 17:18:41.0446 2864 ================================================================================
2011/06/06 17:18:41.0447 2864 SystemInfo:
2011/06/06 17:18:41.0447 2864
2011/06/06 17:18:41.0447 2864 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/06 17:18:41.0447 2864 Product type: Workstation
2011/06/06 17:18:41.0447 2864 ComputerName: DEAN-PC
2011/06/06 17:18:41.0447 2864 UserName: dean
2011/06/06 17:18:41.0447 2864 Windows directory: C:\Windows
2011/06/06 17:18:41.0447 2864 System windows directory: C:\Windows
2011/06/06 17:18:41.0447 2864 Processor architecture: Intel x86
2011/06/06 17:18:41.0447 2864 Number of processors: 4
2011/06/06 17:18:41.0447 2864 Page size: 0x1000
2011/06/06 17:18:41.0447 2864 Boot type: Normal boot
2011/06/06 17:18:41.0447 2864 ================================================================================
2011/06/06 17:18:47.0658 2864 Initialize success
2011/06/06 17:18:54.0574 3724 ================================================================================
2011/06/06 17:18:54.0574 3724 Scan started
2011/06/06 17:18:54.0574 3724 Mode: Manual;
2011/06/06 17:18:54.0574 3724 ================================================================================
2011/06/06 17:18:55.0158 3724 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/06/06 17:18:55.0231 3724 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/06/06 17:18:55.0312 3724 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/06/06 17:18:55.0385 3724 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/06 17:18:55.0427 3724 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/06 17:18:55.0452 3724 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/06 17:18:55.0547 3724 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/06/06 17:18:55.0600 3724 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/06/06 17:18:55.0636 3724 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/06 17:18:55.0719 3724 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/06/06 17:18:55.0788 3724 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/06/06 17:18:55.0842 3724 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/06/06 17:18:55.0880 3724 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/06 17:18:56.0093 3724 amdkmdag (fa4806ca5eb4e625723aaf9d4bb219e0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/06 17:18:56.0149 3724 amdkmdap (274abffcf3cfb7daf300a16011d6e893) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/06 17:18:56.0207 3724 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/06 17:18:56.0271 3724 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/06/06 17:18:56.0314 3724 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/06 17:18:56.0343 3724 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/06/06 17:18:56.0413 3724 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/06/06 17:18:56.0499 3724 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/06 17:18:56.0539 3724 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/06 17:18:56.0575 3724 AsyncMac %2

[miekiemoes]

Hi,

The log appears to be incomplete, but since you said it has deleted it, I assume it said that there no infected files were found

* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

[Dino21]

Combofix is uninstalled nothing is picking up the virus anymore so it all looks good thanks alot for your help i really appreciate it.
just one more thing what does that virus do?

[miekiemoes]

Hi,

You can read a more detailed description of the rootkit family you were dealing with here: http://www.securelist.com/en/analysis/204792131/TDSS

Glad I could help.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[Dino21]

Hi I have another problem and can't remember how to start a new post.
Every time I start my pc a window pops up that says windows 7 restore
Then it says I have a sata ide problem and when I scan for errors it says it
Can't fix them and I need to buy the software. Is it a virus or what?

[miekiemoes]

Hi,

Can you post the exact message please?

[Dino21]

I get a hdd error that says,

Hard drive failure
The system has detected a problem with one or more installed ide/
Sata hard disks.
It is recommended that you restart system.

And I get a critical error, windows can't find hard disk space. Hard drive error

Then this windows 7 restore thing says I have 5 errors and when you try fix errors
It says they can't be fixed and I need to buy a license key for windows 7 restore.

[Dino21]

I can't even open task manager.

[miekiemoes]

Hmm, I rather believe that these are fake errors caused by malware instead of genuine Windows errors.
Can you redownload Combofix, rescan with it and post the log please?