Jump to content

Recommended Posts

I have ran the following

spy-bot search and destroy

Malwarebytes

Super Anti-Spyware

Avast!

MS Malicious Software tool

I also ran ComboFix and TDSSKiller

TDSSKiller found something on the MBR.

2010/10/20 23:32:48.0125 Detected object count: 1

2010/10/20 23:33:43.0171 \HardDisk0\MBR - will be cured after reboot

2010/10/20 23:33:43.0171 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/20 23:33:46.0750 Deinitialize success

I'm not sure if I got everything ...

I added winhelp2002 host file too.

I'm stumped. I know I cleaned a bunch of crap out of this machine but something is lingering I still cannot apply any updates to Windows XP. If I find the install disks I'm gonna start from scratch .....

ComboFix 10-10-20.01 - 007 10/20/2010 23:46:51.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.187 [GMT -4:00]

Running from: c:\documents and settings\007\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\007\Application Data\PriceGong

c:\documents and settings\007\Application Data\PriceGong\Data\1.xml

c:\documents and settings\007\Application Data\PriceGong\Data\a.xml

c:\documents and settings\007\Application Data\PriceGong\Data\b.xml

c:\documents and settings\007\Application Data\PriceGong\Data\c.xml

c:\documents and settings\007\Application Data\PriceGong\Data\d.xml

c:\documents and settings\007\Application Data\PriceGong\Data\e.xml

c:\documents and settings\007\Application Data\PriceGong\Data\f.xml

c:\documents and settings\007\Application Data\PriceGong\Data\g.xml

c:\documents and settings\007\Application Data\PriceGong\Data\h.xml

c:\documents and settings\007\Application Data\PriceGong\Data\i.xml

c:\documents and settings\007\Application Data\PriceGong\Data\J.xml

c:\documents and settings\007\Application Data\PriceGong\Data\k.xml

c:\documents and settings\007\Application Data\PriceGong\Data\l.xml

c:\documents and settings\007\Application Data\PriceGong\Data\m.xml

c:\documents and settings\007\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\007\Application Data\PriceGong\Data\n.xml

c:\documents and settings\007\Application Data\PriceGong\Data\o.xml

c:\documents and settings\007\Application Data\PriceGong\Data\p.xml

c:\documents and settings\007\Application Data\PriceGong\Data\q.xml

c:\documents and settings\007\Application Data\PriceGong\Data\r.xml

c:\documents and settings\007\Application Data\PriceGong\Data\s.xml

c:\documents and settings\007\Application Data\PriceGong\Data\t.xml

c:\documents and settings\007\Application Data\PriceGong\Data\u.xml

c:\documents and settings\007\Application Data\PriceGong\Data\v.xml

c:\documents and settings\007\Application Data\PriceGong\Data\w.xml

c:\documents and settings\007\Application Data\PriceGong\Data\x.xml

c:\documents and settings\007\Application Data\PriceGong\Data\y.xml

c:\documents and settings\007\Application Data\PriceGong\Data\z.xml

c:\documents and settings\All Users\Application Data\14f4f99

c:\documents and settings\All Users\Application Data\14f4f99\67.mof

c:\documents and settings\All Users\Application Data\14f4f99\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk

c:\documents and settings\All Users\Application Data\14f4f99\SAV.ico

c:\windows\system32\service

c:\windows\system32\service\02102010_TIS17_SfFniAU.log

c:\windows\system32\service\04042010_TIS17_SfFniAU.log

c:\windows\system32\service\17102010_TIS17_SfFniAU.log

c:\windows\system32\service\19032010_TIS17_SfFniAU.log

c:\windows\system32\service\20092010_TIS17_SfFniAU.log

c:\windows\system32\service\22092010_TIS17_SfFniAU.log

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))

.

2010-10-21 03:00 . 2001-08-17 15:52 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys

2010-10-21 02:31 . 2010-04-10 21:05 9728 ----a-w- c:\windows\system32\drivers\TheStubwareDriver.SYS

2010-10-21 02:31 . 2010-04-10 21:01 44032 ----a-w- c:\windows\system32\drivers\ActiveMonitor.SYS

2010-10-21 02:31 . 2010-10-21 03:19 -------- d-----w- c:\program files\TheStubware

2010-10-21 02:24 . 2010-10-21 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2010-10-21 02:24 . 2010-10-21 02:24 -------- d-----w- c:\documents and settings\007\Application Data\Yahoo!

2010-10-21 02:24 . 2010-10-21 02:24 -------- d-----w- c:\program files\Yahoo!

2010-10-21 02:23 . 2010-10-21 02:24 -------- d-----w- c:\program files\CCleaner

2010-10-20 22:03 . 2010-10-18 13:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{114BC6D1-6723-4E25-86D6-D116709ACBE3}\mpengine.dll

2010-10-20 21:58 . 2010-10-20 21:59 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-10-20 21:55 . 2010-10-20 21:55 -------- d-----w- c:\program files\Windows Defender

2010-10-20 21:41 . 2010-10-20 21:41 -------- d-----w- c:\documents and settings\007\Local Settings\Application Data\Mozilla

2010-10-20 19:38 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-10-20 19:38 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-10-20 19:38 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-10-20 19:38 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-10-20 19:38 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-10-20 19:38 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-10-20 19:38 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-10-20 19:37 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-10-20 19:37 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-10-20 19:36 . 2010-10-20 19:36 -------- d-----w- c:\program files\Alwil Software

2010-10-20 19:36 . 2010-10-20 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-10-20 18:35 . 2010-10-20 18:35 -------- d-----w- c:\documents and settings\007\Application Data\MSNInstaller

2010-10-20 18:14 . 2010-10-20 18:16 -------- d-----w- c:\documents and settings\007\Local Settings\Application Data\Trend Micro

2010-10-20 12:35 . 2010-10-20 12:47 -------- d-----w- c:\program files\Windows Live Safety Center

2010-10-20 05:07 . 2010-10-20 05:07 -------- d-----w- c:\documents and settings\007\Application Data\SUPERAntiSpyware.com

2010-10-20 05:07 . 2010-10-20 05:07 -------- d-----w- c:\documents and settings\007\Application Data\Malwarebytes

2010-10-19 21:56 . 2010-10-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-19 21:56 . 2010-10-19 21:56 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-19 21:55 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-19 21:55 . 2010-10-19 21:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-19 21:55 . 2010-10-19 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-19 21:55 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-19 19:53 . 2010-10-21 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-10-19 19:53 . 2010-10-19 20:45 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-10-19 19:48 . 2010-10-19 19:49 -------- d-----w- c:\documents and settings\Administrator

2010-10-19 19:48 . 2008-04-14 07:41 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-10-19 19:48 . 2008-04-14 02:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-10-19 19:48 . 2001-08-17 15:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-10-19 19:46 . 2008-04-14 02:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-10-18 19:58 . 2010-10-18 19:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-10-13 19:11 . 2010-10-13 19:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-10-12 22:13 . 2010-10-12 22:13 65536 ----a-w- c:\windows\system32\cb.exe

2010-10-01 21:18 . 2010-10-01 21:18 -------- d-----w- c:\documents and settings\007\Application Data\845C7C5D5AE75FEE5C40C447C2ECCDF3

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

c:\documents and settings\007\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2009-8-23 947]

OneNote Table Of Contents.onetoc2 [2010-5-6 3656]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AlcxMonitor"=ALCXMNTR.EXE

"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

"HotKeysCmds"=c:\windows\system32\hkcmd.exe

"IgfxTray"=c:\windows\system32\igfxtray.exe

"KBD"=c:\hp\KBD\KBD.EXE

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

"Nikon Transfer Monitor"=c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe"

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 TheStubwareDriver;TheStubware Driver;c:\windows\system32\drivers\TheStubwareDriver.SYS [10/20/2010 10:31 PM 9728]

R1 ActiveMonitor;ActiveMonitor Driver;c:\windows\system32\drivers\ActiveMonitor.SYS [10/20/2010 10:31 PM 44032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/20/2010 3:38 PM 165584]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/20/2010 3:38 PM 17744]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

.

Contents of the 'Scheduled Tasks' folder

2010-10-21 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-10-21 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-10-19 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\007\Application Data\Mozilla\Firefox\Profiles\dlg6yw8z.default\

FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Notify-WgaLogon - (no file)

SafeBoot-bdqjyll

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2010-10-20 23:59:44

ComboFix-quarantined-files.txt 2010-10-21 03:59

Pre-Run: 68,400,881,664 bytes free

Post-Run: 68,628,713,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7FFC5239415FD818942E5E986182724A

2010/10/20 23:30:44.0281 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/20 23:30:44.0281 ================================================================================

2010/10/20 23:30:44.0296 SystemInfo:

2010/10/20 23:30:44.0296

2010/10/20 23:30:44.0296 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/20 23:30:44.0296 Product type: Workstation

2010/10/20 23:30:44.0296 ComputerName: CHANGEME

2010/10/20 23:30:44.0296 UserName: 007

2010/10/20 23:30:44.0296 Windows directory: C:\WINDOWS

2010/10/20 23:30:44.0296 System windows directory: C:\WINDOWS

2010/10/20 23:30:44.0296 Processor architecture: Intel x86

2010/10/20 23:30:44.0296 Number of processors: 2

2010/10/20 23:30:44.0296 Page size: 0x1000

2010/10/20 23:30:44.0296 Boot type: Normal boot

2010/10/20 23:30:44.0296 ================================================================================

2010/10/20 23:30:47.0031 Initialize success

2010/10/20 23:30:50.0984 ================================================================================

2010/10/20 23:30:50.0984 Scan started

2010/10/20 23:30:50.0984 Mode: Manual;

2010/10/20 23:30:50.0984 ================================================================================

2010/10/20 23:30:56.0984 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/10/20 23:30:58.0265 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\drivers\abp480n5.sys

2010/10/20 23:30:59.0218 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/20 23:31:00.0312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/20 23:31:01.0562 ActiveMonitor (679bdc7004fbe459dee1ba605bb5c33c) C:\WINDOWS\system32\drivers\ActiveMonitor.sys

2010/10/20 23:31:04.0437 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\drivers\adpu160m.sys

2010/10/20 23:31:05.0890 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/20 23:31:07.0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/20 23:31:09.0218 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\drivers\Aha154x.sys

2010/10/20 23:31:10.0687 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\drivers\aic78u2.sys

2010/10/20 23:31:12.0406 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\drivers\aic78xx.sys

2010/10/20 23:31:16.0500 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/10/20 23:31:20.0828 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\drivers\AliIde.sys

2010/10/20 23:31:22.0265 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\drivers\amsint.sys

2010/10/20 23:31:24.0062 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/20 23:31:25.0468 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\drivers\asc.sys

2010/10/20 23:31:27.0468 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\drivers\asc3350p.sys

2010/10/20 23:31:29.0125 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\drivers\asc3550.sys

2010/10/20 23:31:30.0828 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010/10/20 23:31:31.0859 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/10/20 23:31:32.0765 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/10/20 23:31:33.0531 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/10/20 23:31:34.0437 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/10/20 23:31:35.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/20 23:31:36.0359 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/20 23:31:37.0750 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/20 23:31:38.0390 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/20 23:31:38.0875 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/20 23:31:39.0390 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/20 23:31:39.0859 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\drivers\cd20xrnt.sys

2010/10/20 23:31:40.0203 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/20 23:31:40.0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/20 23:31:41.0843 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/20 23:31:42.0812 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys

2010/10/20 23:31:43.0578 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\drivers\CmdIde.sys

2010/10/20 23:31:44.0390 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\drivers\Cpqarray.sys

2010/10/20 23:31:44.0765 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\drivers\dac2w2k.sys

2010/10/20 23:31:45.0453 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\drivers\dac960nt.sys

2010/10/20 23:31:47.0812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/20 23:31:48.0515 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/20 23:31:49.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/20 23:31:50.0250 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/20 23:31:50.0828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/20 23:31:51.0046 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\drivers\dpti2o.sys

2010/10/20 23:31:51.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/20 23:31:51.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/20 23:31:51.0859 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/20 23:31:52.0062 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/20 23:31:52.0296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/20 23:31:52.0593 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/10/20 23:31:52.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/20 23:31:53.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/20 23:31:53.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/20 23:31:53.0625 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/20 23:31:54.0062 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\drivers\hpn.sys

2010/10/20 23:31:54.0296 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/10/20 23:31:54.0640 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/10/20 23:31:54.0906 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/10/20 23:31:55.0390 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/20 23:31:55.0781 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/20 23:31:56.0078 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\drivers\i2omp.sys

2010/10/20 23:31:56.0343 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/20 23:31:56.0906 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/10/20 23:31:58.0578 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/20 23:32:00.0312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\drivers\ini910u.sys

2010/10/20 23:32:02.0125 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/20 23:32:02.0687 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/20 23:32:03.0062 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/10/20 23:32:03.0421 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/20 23:32:03.0937 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/20 23:32:04.0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/20 23:32:04.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/20 23:32:06.0125 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/20 23:32:07.0390 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/20 23:32:08.0109 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/20 23:32:09.0203 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/20 23:32:10.0125 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/20 23:32:10.0812 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/20 23:32:11.0406 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys

2010/10/20 23:32:12.0640 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

2010/10/20 23:32:14.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/20 23:32:15.0203 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/20 23:32:16.0078 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/20 23:32:16.0562 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/20 23:32:17.0296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/20 23:32:18.0093 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/20 23:32:18.0812 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\drivers\mraid35x.sys

2010/10/20 23:32:19.0140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/20 23:32:19.0546 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/20 23:32:20.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/20 23:32:20.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/20 23:32:20.0734 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/20 23:32:21.0000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/20 23:32:21.0265 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/20 23:32:21.0796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/20 23:32:22.0250 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/20 23:32:22.0500 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/20 23:32:22.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/20 23:32:23.0078 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/20 23:32:23.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/20 23:32:23.0656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/20 23:32:24.0046 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/20 23:32:24.0375 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/20 23:32:24.0703 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/20 23:32:25.0171 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/20 23:32:25.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/20 23:32:25.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/20 23:32:26.0281 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/20 23:32:26.0593 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/20 23:32:26.0937 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/20 23:32:27.0281 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/20 23:32:27.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/20 23:32:27.0937 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/20 23:32:28.0593 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

2010/10/20 23:32:28.0937 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/20 23:32:30.0328 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\drivers\perc2.sys

2010/10/20 23:32:30.0625 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\drivers\perc2hib.sys

2010/10/20 23:32:31.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/20 23:32:31.0312 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys

2010/10/20 23:32:31.0609 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/20 23:32:32.0015 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/20 23:32:32.0343 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/20 23:32:32.0531 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\drivers\ql1080.sys

2010/10/20 23:32:32.0781 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\drivers\Ql10wnt.sys

2010/10/20 23:32:32.0984 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\drivers\ql12160.sys

2010/10/20 23:32:33.0156 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\drivers\ql1240.sys

2010/10/20 23:32:33.0421 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\drivers\ql1280.sys

2010/10/20 23:32:33.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/20 23:32:33.0937 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/20 23:32:34.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/20 23:32:34.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/20 23:32:34.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/20 23:32:34.0937 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/20 23:32:35.0203 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/20 23:32:35.0453 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/20 23:32:35.0718 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/20 23:32:36.0312 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

2010/10/20 23:32:36.0437 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/10/20 23:32:36.0750 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/10/20 23:32:37.0078 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/20 23:32:37.0343 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/20 23:32:37.0656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/20 23:32:38.0078 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/20 23:32:38.0515 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\drivers\Sparrow.sys

2010/10/20 23:32:38.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/20 23:32:39.0000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/20 23:32:39.0312 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/20 23:32:39.0609 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/20 23:32:39.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/20 23:32:40.0125 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\drivers\symc810.sys

2010/10/20 23:32:40.0421 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\drivers\symc8xx.sys

2010/10/20 23:32:40.0593 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\drivers\sym_hi.sys

2010/10/20 23:32:40.0890 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\drivers\sym_u3.sys

2010/10/20 23:32:41.0125 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/20 23:32:41.0406 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/20 23:32:41.0796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/20 23:32:42.0046 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/20 23:32:42.0265 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/20 23:32:42.0609 TheStubwareDriver (3b1be307c55e000c5148cc12adfc3354) C:\WINDOWS\system32\drivers\TheStubwareDriver.sys

2010/10/20 23:32:42.0828 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\drivers\TosIde.sys

2010/10/20 23:32:43.0171 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/20 23:32:43.0437 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\drivers\ultra.sys

2010/10/20 23:32:43.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/20 23:32:44.0109 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/20 23:32:44.0343 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/20 23:32:44.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/20 23:32:45.0031 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/20 23:32:45.0359 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/20 23:32:45.0750 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/20 23:32:46.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/20 23:32:46.0234 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/20 23:32:46.0468 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\drivers\ViaIde.sys

2010/10/20 23:32:46.0671 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/20 23:32:47.0031 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/20 23:32:47.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/20 23:32:47.0984 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/20 23:32:48.0093 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/20 23:32:48.0093 ================================================================================

2010/10/20 23:32:48.0093 Scan finished

2010/10/20 23:32:48.0093 ================================================================================

2010/10/20 23:32:48.0125 Detected object count: 1

2010/10/20 23:33:43.0171 \HardDisk0\MBR - will be cured after reboot

2010/10/20 23:33:43.0171 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/20 23:33:46.0750 Deinitialize success

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4886

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/21/2010 9:45:38 AM

mbam-log-2010-10-21 (09-45-38).txt

Scan type: Full scan (C:\|)

Objects scanned: 175739

Time elapsed: 1 hour(s), 29 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

combofix_log.txt

TDSSKiller.2.4.4.0_20.10.2010_23.30.44_log.txt

mbam_log_2010_10_21__09_45_38_.txt

Link to post
Share on other sites

:)

Looks like you're running 2 anti-virus programs.

AV: avast! Antivirus

AV: Microsoft Security Essentials

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

avast! Antivirus

Microsoft Security Essentials

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

currently it seems to be having normally except for the fact I can not apply any of the 20+ windows updates.

the spurious connects to "Mal URL" has stopped and the search hijacking no longer is occurring.

I ran AFT and rebooted.

windows defender just popped up for the first time in the task bar.

Link to post
Share on other sites

FWIW .....

Review Your Installation Results

The software upgrade is complete

You can now use the website to find and install the latest updates for your computer.

Continue

More high-priority updates are available

Your computer might be at risk until you install them. Check for the remaining updates and install them now.

Restart now to finish installing updates

Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now.

Installation Summary

Successful: 0

Failed: 22

Remaining: 0

--------------------------------------------------------------------------------

Successful Updates

--------------------------------------------------------------------------------

Failed Updates

For help installing an update successfully, see the solution under each problem description.

Problem: End User License Agreement (EULA) Not Accepted

Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.

Problem: Not Enough Disk Space

Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don

Link to post
Share on other sites

First thing is to uninstall combofix and all the bad guys it found.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Issues with getting Windows Updates.

This is a free service and toll-free call.

1-866-PCSAFETY

or

1-866-727-2338

It is available 24 hours a day for the U.S. and Canada.

For support outside the United States and Canada, please contact your Microsoft Help and Support worldwide. Go to this page and choose your region from the box in the upper right corner: http://support.microsoft.com/?pr=SecurityHome

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.