All of a sudden a virus pops up.

T

TryingToProve

New Member
I am playing online then all of a sudden a virus pops up. I am not sure if my husband or me clicked the wrong link. Here is my malwarebytes code and hijack list:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6733

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/1/2011 6:13:51 PM
mbam-log-2011-06-01 (18-13-51).txt

Scan type: Quick scan
Objects scanned: 141415
Time elapsed: 7 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\QuentinAshleyAli\Local Settings\Application Data\knm.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\QuentinAshleyAli\Local Settings\Application Data\knm.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\QuentinAshleyAli\Local Settings\Application Data\knm.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\QuentinAshleyAli\Local Settings\Application Data\knm.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\quentinashleyali\local settings\temporary internet files\Content.IE5\5ZBV8B6Z\windows-update-sp4-kb69093-setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\quentinashleyali\local settings\temporary internet files\Content.IE5\GQLF0GZI\windows-update-sp4-kb96275-setup[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\quentinashleyali\local settings\temporary internet files\Content.IE5\N55DFLV0\windows-update-sp4-kb60264-setup[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\quentinashleyali\local settings\temporary internet files\Content.IE5\N55DFLV0\windows-update-sp4-kb67032-setup[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\quentinashleyali\local settings\temp\0.5493111068182225.exe (Trojan.Dropper) -> Delete on reboot.
c:\documents and settings\quentinashleyali\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\quentinashleyali\application data\Adobe\plugs\mmc52.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\quentinashleyali\application data\Adobe\plugs\mmc9.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:16:28 PM, on 6/1/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\AOL\1300136716\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\DOCUME~1\QUENTI~1\LOCALS~1\Temp\0.5493111068182225.exe
C:\Program Files\AOL 9.5\waol.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - !{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1300136716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)

--
End of file - 4623 bytes


Can you tell me how to fix this and also where did it come from? Thanks!
 
You have a malware infection still running. Please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Combofix log:

ComboFix 11-06-03.02 - QuentinAshleyAli 06/03/2011 5:06.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.661 [GMT -5:00]
Running from: c:\documents and settings\QuentinAshleyAli\My Documents\ComboFixfix26.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\18276132.exe
c:\documents and settings\All Users\Application Data\kqAIrvwyxLeS.exe
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\QuentinAshleyAli\Application Data\Adobe\plugs
c:\documents and settings\QuentinAshleyAli\Application Data\Adobe\plugs\mmc12.exe
c:\documents and settings\QuentinAshleyAli\Application Data\Adobe\plugs\mmc99.exe
c:\documents and settings\QuentinAshleyAli\Application Data\Adobe\shed
c:\documents and settings\QuentinAshleyAli\Application Data\Adobe\shed\thr1.chm
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 10:14 . 2011-06-03 10:14 41680 ----a-w- c:\windows\system32\drivers\vwvgafre.sys
2011-06-03 09:55 . 2011-06-03 09:55 -------- d-----w- C:\ComboFixfix26
2011-06-03 09:45 . 2011-06-03 09:45 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKslbf4fc3b3.sys
2011-06-03 09:40 . 2011-06-03 09:40 116224 ----a-w- c:\windows\system32\drivers\136430.sys
2011-06-01 23:42 . 2011-06-01 23:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKsl25736a73.sys
2011-06-01 22:48 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\mpengine.dll
2011-05-17 19:20 . 2011-05-17 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2011-05-17 19:20 . 2011-06-01 23:46 -------- d-----w- c:\documents and settings\QuentinAshleyAli\Application Data\NCH Swift Sound
2011-05-16 14:02 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 14:02 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 16:21 . 2011-05-05 21:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-05 16:17 . 2011-05-05 16:18 -------- d-----w- c:\program files\CCleaner
2011-05-05 16:16 . 2011-05-13 15:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-05 16:16 . 2011-05-05 21:21 -------- d-----w- c:\documents and settings\QuentinAshleyAli\Local Settings\Application Data\Temp
2011-05-05 16:16 . 2011-05-05 16:18 -------- d-----w- c:\documents and settings\QuentinAshleyAli\Local Settings\Application Data\Google
2011-05-05 16:14 . 2011-05-05 16:14 388096 ----a-r- c:\documents and settings\QuentinAshleyAli\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2011-02-08 12:11 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
.
Code: 
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Driver Fetch\2.1.0.0\DriverFetch .exe
c:\program files\Enigma Software Group\SpyHunter\SpyHunter4 .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Roxio\Drag-to-Disc\DrgToDsc .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot@2011-02-07_22.37.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 10:00 . 2011-05-29 02:10 40836 c:\windows\system32\perfc009.dat
+ 2011-02-23 11:44 . 2011-03-18 11:11 44576 c:\windows\system32\mlfcache.dat
+ 2010-10-07 18:23 . 2010-10-07 18:23 75040 c:\windows\system32\jdns_sd.dll
+ 2009-12-03 23:15 . 2006-02-21 03:01 23040 c:\windows\system32\fltmc.exe
- 2009-12-03 23:15 . 2004-08-04 10:00 16896 c:\windows\system32\fltlib.dll
+ 2009-12-03 23:15 . 2006-02-21 06:57 16896 c:\windows\system32\fltlib.dll
+ 2011-03-14 21:05 . 2003-01-10 21:13 33588 c:\windows\system32\drivers\wanatw4.sys
- 2009-12-04 20:42 . 2003-01-10 21:13 33588 c:\windows\system32\drivers\wanatw4.sys
+ 2010-10-07 18:23 . 2010-10-07 18:23 91424 c:\windows\system32\dnssd.dll
+ 2009-12-03 23:15 . 2006-02-21 03:01 23040 c:\windows\system32\dllcache\fltmc.exe
- 2009-12-03 23:15 . 2004-08-04 10:00 16896 c:\windows\system32\dllcache\fltlib.dll
+ 2009-12-03 23:15 . 2006-02-21 06:57 16896 c:\windows\system32\dllcache\fltlib.dll
+ 2011-06-01 03:26 . 2011-06-01 03:26 21504 c:\windows\Installer\b53c1c8.msi
+ 2011-05-12 08:00 . 2011-05-12 08:00 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-12-04 16:26 . 2009-12-04 16:26 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
+ 2009-12-04 16:26 . 2011-02-10 09:03 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
- 2009-12-04 16:26 . 2009-12-04 16:26 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
+ 2009-12-04 16:26 . 2011-02-10 09:03 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
- 2009-12-04 16:26 . 2009-12-04 16:26 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
+ 2009-12-04 16:26 . 2011-02-10 09:03 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
- 2009-12-04 16:26 . 2009-12-04 16:26 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2009-12-04 16:26 . 2011-02-10 09:03 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2007-03-23 01:07 . 2007-03-23 01:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 01:07 . 2007-03-23 01:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 01:05 . 2007-03-23 01:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 69984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-23 01:07 . 2007-03-23 01:07 80224 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-23 01:07 . 2007-03-23 01:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2011-02-08 12:03 . 2004-08-04 10:00 22528 c:\windows\$NtUninstallKB914882$\fltmc.exe
+ 2011-02-08 12:03 . 2004-08-04 10:00 16896 c:\windows\$NtUninstallKB914882$\fltlib.dll
+ 2011-02-08 12:03 . 2005-10-12 23:12 22752 c:\windows\$hf_mig$\KB914882\update\spcustom.dll
+ 2011-02-08 12:03 . 2005-10-12 23:12 14048 c:\windows\$hf_mig$\KB914882\spmsg.dll
+ 2011-02-08 12:02 . 2006-02-21 03:37 23040 c:\windows\$hf_mig$\KB914882\SP2QFE\fltmc.exe
+ 2011-02-08 12:02 . 2006-02-21 07:20 16896 c:\windows\$hf_mig$\KB914882\SP2QFE\fltlib.dll
- 2009-12-04 20:00 . 2011-02-06 19:05 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-12-04 16:26 . 2009-12-04 16:26 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
+ 2009-12-04 16:26 . 2011-02-10 09:03 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
+ 2009-12-04 16:26 . 2011-02-10 09:03 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
- 2009-12-04 16:26 . 2009-12-04 16:26 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
- 2007-11-07 07:19 . 2007-11-07 07:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
- 2007-11-07 07:19 . 2007-11-07 07:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
- 2007-11-07 02:23 . 2007-11-07 02:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 01:23 . 2007-11-07 01:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2005-09-23 04:48 . 2005-09-23 04:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 04:48 . 2005-09-23 04:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 04:48 . 2005-09-23 04:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2004-08-04 10:00 . 2011-05-29 02:10 314508 c:\windows\system32\perfh009.dat
+ 2004-01-27 12:13 . 2004-01-27 12:13 421888 c:\windows\system32\OpenQuicktimeLib_dec.dll
+ 2011-02-08 20:09 . 2009-08-07 01:23 215920 c:\windows\system32\muweb.dll
+ 2011-02-08 20:09 . 2009-08-07 01:23 274288 c:\windows\system32\mucltui.dll
+ 2011-02-08 12:11 . 2010-10-19 20:51 222080 c:\windows\system32\MpSigStub.exe
+ 2011-03-10 14:07 . 2011-03-10 14:07 234656 c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
+ 2011-03-10 14:07 . 2011-03-10 14:07 311456 c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.dll
+ 2011-02-07 23:16 . 2010-11-13 00:53 157472 c:\windows\system32\javaws.exe
+ 2011-02-07 23:16 . 2010-11-13 00:53 145184 c:\windows\system32\javaw.exe
- 2009-12-13 00:58 . 2009-12-13 00:58 145184 c:\windows\system32\javaw.exe
- 2009-12-13 00:58 . 2009-12-13 00:58 145184 c:\windows\system32\java.exe
+ 2011-02-07 23:16 . 2010-11-13 00:53 145184 c:\windows\system32\java.exe
+ 2009-12-03 08:09 . 2011-03-27 18:52 221632 c:\windows\system32\FNTCACHE.DAT
+ 2010-10-25 03:25 . 2010-10-25 03:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2009-12-03 23:15 . 2006-02-21 03:01 128896 c:\windows\system32\drivers\fltmgr.sys
+ 2010-10-07 18:23 . 2010-10-07 18:23 197920 c:\windows\system32\dnssdX.dll
+ 2010-10-07 18:23 . 2010-10-07 18:23 107808 c:\windows\system32\dns-sd.exe
+ 2009-12-03 23:15 . 2006-02-21 03:01 128896 c:\windows\system32\dllcache\fltmgr.sys
+ 2011-02-07 23:16 . 2010-11-13 00:53 472808 c:\windows\system32\deployJava1.dll
- 2010-05-02 02:13 . 2010-05-02 02:13 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-05-02 02:13 . 2011-05-05 16:18 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2004-01-27 13:35 . 2004-01-27 13:35 270336 c:\windows\system32\3ivxVfWCodec_dec.dll
+ 2004-01-27 13:35 . 2004-01-27 13:35 958464 c:\windows\system32\3ivx_dec.dll
+ 2009-09-09 21:40 . 2009-09-09 21:40 632320 c:\windows\Installer\c892f27.msp
+ 2008-07-28 20:59 . 2008-07-28 20:59 180736 c:\windows\Installer\c892e30.msp
+ 2010-11-12 17:08 . 2010-11-12 17:08 889344 c:\windows\Installer\c892e1c.msp
+ 2011-03-15 19:14 . 2011-03-15 19:14 381440 c:\windows\Installer\4c3cbc7.msi
+ 2011-03-27 00:40 . 2011-03-27 00:40 811008 c:\windows\Installer\3e942955.msi
+ 2011-03-14 21:05 . 2011-03-14 21:05 133632 c:\windows\Installer\32e97.msi
+ 2011-02-08 12:08 . 2011-02-08 12:08 786432 c:\windows\Installer\2e7efc4.msi
+ 2011-02-08 12:08 . 2011-02-08 12:08 479744 c:\windows\Installer\2e7efbe.msi
+ 2011-02-08 12:08 . 2011-02-08 12:08 301056 c:\windows\Installer\2e7efb9.msi
+ 2011-02-07 23:16 . 2011-02-07 23:16 180224 c:\windows\Installer\22e6dd.msi
- 2009-12-04 20:00 . 2011-02-06 19:05 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-12-04 20:00 . 2011-05-12 08:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-12-04 20:00 . 2011-02-06 19:05 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-12-04 16:26 . 2009-12-04 16:26 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2009-12-04 16:26 . 2011-02-10 09:03 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2011-02-23 11:42 . 2011-02-23 11:42 897024 c:\windows\Installer\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}\SafariIco.exe
+ 2007-03-23 01:22 . 2007-03-23 01:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-10 19:34 . 2007-05-10 19:34 562528 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-05-31 19:36 . 2007-05-31 19:36 612184 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-31 19:35 . 2007-05-31 19:35 133976 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 19:42 . 2007-05-31 19:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 19:53 . 2007-04-19 19:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2007-04-19 20:01 . 2007-04-19 20:01 238424 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-17 02:32 . 2007-01-17 02:32 136032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 19:54 . 2007-04-19 19:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 20:09 . 2007-04-19 20:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 19:53 . 2007-04-19 19:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-04-19 19:54 . 2007-04-19 19:54 169312 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2003-07-08 17:48 . 2003-07-08 17:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-15 09:18 . 2003-07-15 09:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2005-08-22 19:16 . 2005-08-22 19:16 929792 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20987_wkwpqd.dll
+ 2005-08-22 19:18 . 2005-08-22 19:18 147456 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20985_wkwpqrtf.dll
+ 2005-08-18 11:11 . 2005-08-18 11:11 225280 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20963_wkssole.dll
+ 2011-02-08 12:03 . 2006-01-19 19:29 371424 c:\windows\$NtUninstallKB914882$\spuninst\updspapi.dll
+ 2011-02-08 12:03 . 2005-10-12 23:12 213216 c:\windows\$NtUninstallKB914882$\spuninst\spuninst.exe
+ 2011-02-08 12:03 . 2004-08-04 10:00 124800 c:\windows\$NtUninstallKB914882$\fltmgr.sys
+ 2011-02-08 12:03 . 2006-01-19 19:29 371424 c:\windows\$hf_mig$\KB914882\update\updspapi.dll
+ 2011-02-08 12:03 . 2005-10-12 23:12 716000 c:\windows\$hf_mig$\KB914882\update\update.exe
+ 2011-02-08 12:03 . 2005-10-12 23:12 213216 c:\windows\$hf_mig$\KB914882\spuninst.exe
+ 2011-02-08 12:02 . 2006-02-21 03:37 128768 c:\windows\$hf_mig$\KB914882\SP2QFE\fltmgr.sys
+ 2008-09-05 08:09 . 2008-09-05 08:09 1376528 c:\windows\system32\msvbvm60.dll
+ 2009-08-05 01:52 . 2009-08-05 01:52 1193832 c:\windows\system32\FM20.DLL
+ 2010-08-05 16:57 . 2010-08-05 16:57 4066304 c:\windows\Installer\c892fbf.msp
+ 2009-10-17 00:07 . 2009-10-17 00:07 6115328 c:\windows\Installer\c892f9b.msp
+ 2005-10-26 20:59 . 2005-10-26 20:59 2883072 c:\windows\Installer\c892f71.msp
+ 2010-10-22 21:45 . 2010-10-22 21:45 8444928 c:\windows\Installer\c892f5c.msp
+ 2011-01-17 22:06 . 2011-01-17 22:06 5518848 c:\windows\Installer\c892f3d.msp
+ 2009-08-20 11:02 . 2009-08-20 11:02 5204992 c:\windows\Installer\c892f13.msp
+ 2010-06-11 23:55 . 2010-06-11 23:55 1827328 c:\windows\Installer\c892efd.msp
+ 2009-07-01 19:21 . 2009-07-01 19:21 8891904 c:\windows\Installer\c892ee4.msp
+ 2010-08-23 23:09 . 2010-08-23 23:09 7673344 c:\windows\Installer\c892ecc.msp
+ 2008-01-14 22:53 . 2008-01-14 22:53 5213696 c:\windows\Installer\c892eb7.msp
+ 2010-10-01 23:42 . 2010-10-01 23:42 5054464 c:\windows\Installer\c892ea3.msp
+ 2009-12-17 04:58 . 2009-12-17 04:58 5382144 c:\windows\Installer\c892e8c.msp
+ 2008-10-25 15:15 . 2008-10-25 15:15 6227456 c:\windows\Installer\c892e74.msp
+ 2009-11-18 00:29 . 2009-11-18 00:29 4870656 c:\windows\Installer\c892e60.msp
+ 2009-09-29 15:08 . 2009-09-29 15:08 6747648 c:\windows\Installer\c892e45.msp
+ 2010-08-25 23:06 . 2010-08-25 23:06 6479360 c:\windows\Installer\c892e03.msp
+ 2010-10-02 03:53 . 2010-10-02 03:53 4147712 c:\windows\Installer\c892dee.msp
+ 2010-08-24 15:49 . 2010-08-24 15:49 6825472 c:\windows\Installer\c892dd6.msp
+ 2010-03-30 18:34 . 2010-03-30 18:34 3826688 c:\windows\Installer\c892dc1.msp
+ 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\7813ecc.msp
+ 2010-08-13 22:59 . 2010-08-13 22:59 8182272 c:\windows\Installer\7813ec4.msp
+ 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\7813ebc.msp
+ 2010-08-04 20:12 . 2010-08-04 20:12 1004544 c:\windows\Installer\7813eb4.msp
+ 2011-02-23 11:42 . 2011-02-23 11:42 3140608 c:\windows\Installer\500c883c.msi
+ 2011-02-23 11:41 . 2011-02-23 11:41 1984000 c:\windows\Installer\500c8838.msi
+ 2011-04-27 16:14 . 2011-04-27 16:14 5520384 c:\windows\Installer\40698227.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\40698212.msp
+ 2011-04-29 17:30 . 2011-04-29 17:30 1197056 c:\windows\Installer\406981fd.msp
+ 2011-03-27 00:41 . 2011-03-27 00:41 9472000 c:\windows\Installer\3e9429e4.msi
+ 2011-01-27 19:49 . 2011-01-27 19:49 6825472 c:\windows\Installer\213a8099.msp
+ 2011-04-05 17:52 . 2011-04-05 17:52 5519872 c:\windows\Installer\213a806f.msp
+ 2010-11-21 04:34 . 2010-11-21 04:34 1198080 c:\windows\Installer\213a805a.msp
+ 2011-03-18 01:01 . 2011-03-18 01:01 9563648 c:\windows\Installer\213a8052.msp
+ 2011-03-03 16:25 . 2011-03-03 16:25 5051904 c:\windows\Installer\213a804a.msp
+ 2011-01-11 22:50 . 2011-01-11 22:50 8177152 c:\windows\Installer\213a8035.msp
+ 2011-02-22 16:32 . 2011-02-22 16:32 5520384 c:\windows\Installer\1f81efb6.msp
+ 2011-05-05 16:14 . 2011-05-05 16:14 1094656 c:\windows\Installer\1e211def.msi
+ 2007-05-09 23:19 . 2007-05-09 23:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-04-19 19:49 . 2007-04-19 19:49 1661280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-05-31 19:35 . 2007-05-31 19:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 19:45 . 2007-05-10 19:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 19:10 . 2007-03-14 19:10 7255384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2007-05-31 19:43 . 2007-05-31 19:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-05-10 19:35 . 2007-05-10 19:35 6747480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-05-10 19:43 . 2007-05-10 19:43 6688096 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2007-04-30 20:57 . 2007-04-30 20:57 7084384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE
+ 2007-06-06 16:53 . 2007-06-06 16:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2003-07-07 19:36 . 2003-07-07 19:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2005-08-18 11:36 . 2005-08-18 11:36 2023424 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F22194_wksssdb.dll
+ 2004-08-04 08:57 . 2004-08-04 08:57 1712128 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20954_gdiplus.dll
+ 2009-08-19 23:04 . 2009-08-19 23:04 4542296 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\WRD12CNV.DLL
+ 2009-08-17 20:32 . 2009-08-17 20:32 1787728 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\PPCNV.DLL
+ 2011-02-08 12:02 . 2006-02-21 04:01 2180992 c:\windows\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
+ 2011-02-08 12:02 . 2006-02-21 03:36 2015744 c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrpamp.exe
+ 2011-02-08 12:02 . 2006-02-21 03:36 2057984 c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
+ 2011-02-08 12:02 . 2006-02-21 03:59 2136576 c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlmp.exe
+ 2010-10-14 22:57 . 2010-10-14 22:57 11189248 c:\windows\Installer\c892f86.msp
+ 2010-06-11 23:52 . 2010-06-11 23:52 45542912 c:\windows\Installer\c892efe.msp
+ 2009-07-01 19:19 . 2009-07-01 19:19 10607104 c:\windows\Installer\c892ee5.msp
+ 2011-02-24 14:38 . 2011-02-24 14:38 10984448 c:\windows\Installer\213a8084.msp
+ 2007-05-31 19:37 . 2007-05-31 19:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-06-18 23:16 . 2007-06-18 23:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 19:41 . 2007-05-31 19:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2009-08-17 22:39 . 2009-08-17 22:39 15119720 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\XL12CNV.EXE
+ 2009-08-17 21:40 . 2009-08-17 21:40 17309040 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
"kqAIrvwyxLeS"="c:\documents and settings\All Users\Application Data\kqAIrvwyxLeS.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"HostManager"="c:\program files\Common Files\AOL\1300136716\ee\AOLSoftware.exe" [2009-07-20 41264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1300136716\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
.
S1 MpKsl25736a73;MpKsl25736a73;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKsl25736a73.sys [6/1/2011 6:42 PM 28752]
S1 MpKsl3671b97e;MpKsl3671b97e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ACC8150-C52F-40C0-B11E-5422323D812C}\MpKsl3671b97e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ACC8150-C52F-40C0-B11E-5422323D812C}\MpKsl3671b97e.sys [?]
S1 MpKsl4a9e1d01;MpKsl4a9e1d01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA6F2495-9A0C-4E11-AD47-C4E84256E3BB}\MpKsl4a9e1d01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA6F2495-9A0C-4E11-AD47-C4E84256E3BB}\MpKsl4a9e1d01.sys [?]
S1 MpKsl4e5f59ff;MpKsl4e5f59ff;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16B70A1F-E9B8-4D67-BDC7-A90E63E179D0}\MpKsl4e5f59ff.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16B70A1F-E9B8-4D67-BDC7-A90E63E179D0}\MpKsl4e5f59ff.sys [?]
S1 MpKsl676b6e26;MpKsl676b6e26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E76A253C-76EB-43A8-A038-458BD269B0E5}\MpKsl676b6e26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E76A253C-76EB-43A8-A038-458BD269B0E5}\MpKsl676b6e26.sys [?]
S1 MpKsl6e7306ee;MpKsl6e7306ee;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9CEFB25-30AC-4DFA-9A90-EBF37D0B28A8}\MpKsl6e7306ee.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9CEFB25-30AC-4DFA-9A90-EBF37D0B28A8}\MpKsl6e7306ee.sys [?]
S1 MpKsl7ed93d1e;MpKsl7ed93d1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9CEFB25-30AC-4DFA-9A90-EBF37D0B28A8}\MpKsl7ed93d1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9CEFB25-30AC-4DFA-9A90-EBF37D0B28A8}\MpKsl7ed93d1e.sys [?]
S1 MpKsl82a78a7b;MpKsl82a78a7b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC40FAB4-008D-4F2D-A368-0428B1C412F8}\MpKsl82a78a7b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC40FAB4-008D-4F2D-A368-0428B1C412F8}\MpKsl82a78a7b.sys [?]
S1 MpKslb8c6a8bc;MpKslb8c6a8bc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{955D3C13-2394-4F7B-A781-9775921CE499}\MpKslb8c6a8bc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{955D3C13-2394-4F7B-A781-9775921CE499}\MpKslb8c6a8bc.sys [?]
S1 MpKslbf4fc3b3;MpKslbf4fc3b3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKslbf4fc3b3.sys [6/3/2011 4:45 AM 28752]
S1 MpKsld035d297;MpKsld035d297;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ACC8150-C52F-40C0-B11E-5422323D812C}\MpKsld035d297.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ACC8150-C52F-40C0-B11E-5422323D812C}\MpKsld035d297.sys [?]
S1 MpKsld94df21a;MpKsld94df21a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54D9EB97-A98F-44BB-ADCA-A23C4B81A4C5}\MpKsld94df21a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54D9EB97-A98F-44BB-ADCA-A23C4B81A4C5}\MpKsld94df21a.sys [?]
S1 MpKslda4f5b63;MpKslda4f5b63;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60D80D41-DAFE-45C6-B01A-266C35C0A10F}\MpKslda4f5b63.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60D80D41-DAFE-45C6-B01A-266C35C0A10F}\MpKslda4f5b63.sys [?]
S1 MpKsle0642e50;MpKsle0642e50;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ACC8150-C52F-40C0-B11E-5422323D812C}\MpKsle0642e50.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ACC8150-C52F-40C0-B11E-5422323D812C}\MpKsle0642e50.sys [?]
S1 MpKslfe1ba7f0;MpKslfe1ba7f0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{310FC98A-34D4-4C98-AE6E-3A2768A1A811}\MpKslfe1ba7f0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{310FC98A-34D4-4C98-AE6E-3A2768A1A811}\MpKslfe1ba7f0.sys [?]
S1 vwvgafre;vwvgafre;c:\windows\system32\drivers\vwvgafre.sys [6/3/2011 5:14 AM 41680]
S1 xvtebljv;xvtebljv;\??\c:\windows\system32\drivers\xvtebljv.sys --> c:\windows\system32\drivers\xvtebljv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2011 11:16 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2011 11:16 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-06-02 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-06-03 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-06-03 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-06-02 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 16:16]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 16:16]
.
2011-06-02 c:\windows\Tasks\hpwebreg_CN0AF22KXT05D2.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\hpwebreg.exe [2010-06-14 22:10]
.
2011-06-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 76.85.229.110 76.85.229.111
FF - ProfilePath - c:\documents and settings\QuentinAshleyAli\Application Data\Mozilla\Firefox\Profiles\bdg8hvb6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CL-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: protocol-handler.warn-external.dnUpdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 05:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600AAJS-22WAA0 rev.58.01D58 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x850DA31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-03 05:17:30
ComboFix-quarantined-files.txt 2011-06-03 10:17
ComboFix2.txt 2011-02-07 22:39
.
Pre-Run: 144,385,298,432 bytes free
Post-Run: 144,581,394,432 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A3C3CB1226D0817B2BEFBE77E7C8D4EE

HIjack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:18:53 AM, on 6/3/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - !{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1300136716\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b
O4 - HKCU\..\Run: [kqAIrvwyxLeS] C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)

--
End of file - 3488 bytes
malware bytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6733

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/3/2011 5:20:40 AM
mbam-log-2011-06-03 (05-20-40).txt

Scan type: Quick scan
Objects scanned: 135603
Time elapsed: 1 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\drivers\136430.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
 
I did the Microsoft security virus scan and it cannot remove this:

Security Essentials encountered the following error: Error code 0x80070032. The request is not supported.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
rootkit:AlureonMbr

This is after I did malwarebytes and combofix. I cannot get rid of this one thing. Help please.
 
Please update malwarebytes as you aren't running the latest version and then rescan your system doing a quickscan and post the results. Open Malwarebytes, click on the update tab, click on check for updates and then rescan your system and post the log.


You are still severely infected. I will post a combofix script in a little bit for you to run.
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6761

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/3/2011 8:16:28 AM
mbam-log-2011-06-03 (08-16-28).txt

Scan type: Quick scan
Objects scanned: 149895
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
I'm working on your script now but in the mean time please do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.
 
Thats fine. Here is the script you need to run. Just reply back with the results from tdsskiller and the script whenever you can.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Killall::

File::
c:\windows\system32\drivers\vwvgafre.sys
c:\windows\system32\drivers\136430.sys
c:\documents and settings\All Users\Application Data\kqAIrvwyxLeS.exe

Folder::
C:\ComboFixfix26

Renv::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Driver Fetch\2.1.0.0\DriverFetch .exe
c:\program files\Enigma Software Group\SpyHunter\SpyHunter4 .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Roxio\Drag-to-Disc\DrgToDsc .exe

Registry::
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"kqAIrvwyxLeS"="c:\documents and settings\All Users\Application Data\kqAIrvwyxLeS.exe" [N/A]

Driver::
MpKsl25736a73
MpKsl3671b97e
MpKsl4a9e1d01
MpKsl4e5f59ff
MpKsl676b6e26
MpKsl6e7306ee
MpKsl7ed93d1e
MpKsl82a78a7b
MpKslb8c6a8bc
MpKslbf4fc3b3
MpKsld035d297
MpKsld94df21a
MpKslda4f5b63
MpKsle0642e50
MpKslfe1ba7f0
vwvgafre
xvtebljv

Firefox::
prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
first one:
2011/01/01 21:25:41.0671 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/01 21:25:41.0671 ================================================================================
2011/01/01 21:25:41.0671 SystemInfo:
2011/01/01 21:25:41.0671
2011/01/01 21:25:41.0671 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/01 21:25:41.0671 Product type: Workstation
2011/01/01 21:25:41.0671 ComputerName: ASHLEY-F3EDA773
2011/01/01 21:25:41.0671 UserName: Ashley
2011/01/01 21:25:41.0671 Windows directory: C:\WINDOWS
2011/01/01 21:25:41.0671 System windows directory: C:\WINDOWS
2011/01/01 21:25:41.0671 Processor architecture: Intel x86
2011/01/01 21:25:41.0671 Number of processors: 1
2011/01/01 21:25:41.0671 Page size: 0x1000
2011/01/01 21:25:41.0671 Boot type: Normal boot
2011/01/01 21:25:41.0671 ================================================================================
2011/01/01 21:25:42.0062 Initialize success
2011/01/01 21:25:45.0546 ================================================================================
2011/01/01 21:25:45.0546 Scan started
2011/01/01 21:25:45.0546 Mode: Manual;
2011/01/01 21:25:45.0546 ================================================================================
2011/01/01 21:25:46.0562 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/01 21:25:46.0625 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/01 21:25:46.0718 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/01 21:25:46.0765 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/01 21:25:47.0187 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/01 21:25:47.0218 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/01 21:25:47.0281 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/01 21:25:47.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/01 21:25:47.0437 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/01/01 21:25:47.0484 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/01/01 21:25:47.0562 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/01/01 21:25:47.0625 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/01 21:25:47.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/01 21:25:47.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/01 21:25:47.0812 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/01 21:25:47.0875 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/01 21:25:47.0953 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/01/01 21:25:48.0156 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/01 21:25:48.0234 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/01/01 21:25:48.0265 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/01 21:25:48.0312 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/01 21:25:48.0343 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/01/01 21:25:48.0375 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/01 21:25:48.0406 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/01 21:25:48.0453 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/01 21:25:48.0484 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/01/01 21:25:48.0515 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/01 21:25:48.0562 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/01 21:25:48.0656 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/01 21:25:48.0718 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/01 21:25:48.0781 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/01 21:25:48.0843 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/01 21:25:48.0921 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/01 21:25:48.0968 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/01 21:25:49.0015 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/01 21:25:49.0078 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/01 21:25:49.0140 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/01 21:25:49.0187 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/01 21:25:49.0218 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/01 21:25:49.0281 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/01 21:25:49.0343 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/01 21:25:49.0390 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/01 21:25:49.0421 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/01 21:25:49.0500 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/01 21:25:49.0531 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/01 21:25:49.0656 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/01/01 21:25:49.0718 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/01 21:25:49.0828 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/01 21:25:49.0937 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/01 21:25:50.0031 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/01 21:25:50.0250 IntcAzAudAddService (574c9b2f9406d28f8f7e5c7b46b470e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/01 21:25:50.0484 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/01 21:25:50.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/01 21:25:50.0562 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/01 21:25:50.0625 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/01 21:25:50.0671 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/01 21:25:50.0718 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/01 21:25:50.0812 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/01 21:25:50.0890 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/01 21:25:50.0968 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/01 21:25:51.0031 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/01 21:25:51.0093 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/01 21:25:51.0187 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/01 21:25:51.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/01 21:25:51.0328 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/01 21:25:51.0343 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/01 21:25:51.0390 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/01 21:25:51.0421 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/01 21:25:51.0468 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/01 21:25:51.0546 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/01 21:25:51.0578 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/01 21:25:51.0656 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/01 21:25:51.0687 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/01 21:25:51.0718 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/01 21:25:51.0796 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/01 21:25:51.0828 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/01 21:25:51.0890 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/01 21:25:51.0968 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/01 21:25:52.0046 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/01 21:25:52.0078 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/01 21:25:52.0109 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/01 21:25:52.0140 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/01 21:25:52.0218 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/01 21:25:52.0296 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/01 21:25:52.0375 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/01 21:25:52.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/01 21:25:52.0468 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/01/01 21:25:52.0531 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/01/01 21:25:52.0593 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/01 21:25:52.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/01 21:25:52.0687 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/01 21:25:52.0718 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/01 21:25:52.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/01 21:25:52.0828 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/01 21:25:52.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/01 21:25:52.0937 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/01 21:25:53.0156 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/01 21:25:53.0234 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/01 21:25:53.0281 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/01 21:25:53.0312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/01 21:25:53.0343 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/01 21:25:53.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/01 21:25:53.0484 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/01 21:25:53.0515 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/01 21:25:53.0531 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/01 21:25:53.0593 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/01 21:25:53.0625 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/01 21:25:53.0687 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/01 21:25:53.0734 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/01 21:25:53.0828 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/01 21:25:53.0859 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/01 21:25:53.0890 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/01 21:25:53.0953 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/01 21:25:54.0031 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/01 21:25:54.0093 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/01 21:25:54.0140 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/01 21:25:54.0171 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/01 21:25:54.0218 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/01 21:25:54.0312 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/01 21:25:54.0375 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/01 21:25:54.0421 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/01 21:25:54.0453 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/01 21:25:54.0500 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/01 21:25:54.0578 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/01 21:25:54.0625 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/01 21:25:54.0671 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/01 21:25:54.0718 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/01 21:25:54.0765 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/01 21:25:54.0812 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/01 21:25:54.0859 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/01 21:25:54.0937 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/01 21:25:55.0000 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/01 21:25:55.0046 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/01 21:25:55.0109 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/01 21:25:55.0156 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/01 21:25:55.0218 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/01/01 21:25:55.0281 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/01 21:25:55.0328 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/01 21:25:55.0453 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/01 21:25:55.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/01 21:25:55.0671 ================================================================================
2011/01/01 21:25:55.0671 Scan finished
2011/01/01 21:25:55.0671 ================================================================================
2011/01/01 21:26:29.0468 ================================================================================
2011/01/01 21:26:29.0468 Scan started
2011/01/01 21:26:29.0468 Mode: Manual;
2011/01/01 21:26:29.0468 ================================================================================
2011/01/01 21:26:29.0750 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/01 21:26:29.0812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/01 21:26:29.0890 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/01 21:26:29.0953 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/01 21:26:30.0203 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/01 21:26:30.0218 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/01 21:26:30.0265 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/01 21:26:30.0312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/01 21:26:30.0390 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/01/01 21:26:30.0406 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/01/01 21:26:30.0468 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/01/01 21:26:30.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/01 21:26:30.0578 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/01 21:26:30.0656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/01 21:26:30.0703 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/01 21:26:30.0750 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/01 21:26:30.0796 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/01/01 21:26:31.0000 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/01 21:26:31.0078 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/01/01 21:26:31.0093 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/01 21:26:31.0125 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/01 21:26:31.0171 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/01/01 21:26:31.0187 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/01 21:26:31.0218 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/01 21:26:31.0234 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/01 21:26:31.0265 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/01/01 21:26:31.0281 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/01 21:26:31.0312 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/01 21:26:31.0375 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/01 21:26:31.0421 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/01 21:26:31.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/01 21:26:31.0531 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/01 21:26:31.0609 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/01 21:26:31.0656 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/01 21:26:31.0671 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/01 21:26:31.0734 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/01 21:26:31.0812 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/01 21:26:31.0828 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/01 21:26:31.0843 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/01 21:26:31.0921 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/01 21:26:31.0937 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/01 21:26:31.0968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/01 21:26:32.0000 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/01 21:26:32.0046 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/01 21:26:32.0093 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/01 21:26:32.0187 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/01/01 21:26:32.0234 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/01 21:26:32.0296 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/01 21:26:32.0421 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/01 21:26:32.0453 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/01 21:26:32.0671 IntcAzAudAddService (574c9b2f9406d28f8f7e5c7b46b470e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/01 21:26:32.0750 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/01 21:26:32.0812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/01 21:26:32.0828 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/01 21:26:32.0875 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/01 21:26:32.0906 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/01 21:26:32.0953 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/01 21:26:33.0000 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/01 21:26:33.0062 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/01 21:26:33.0093 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/01 21:26:33.0156 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/01 21:26:33.0203 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/01 21:26:33.0296 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/01 21:26:33.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/01 21:26:33.0406 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/01 21:26:33.0437 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/01 21:26:33.0468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/01 21:26:33.0500 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/01 21:26:33.0562 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/01 21:26:33.0625 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/01 21:26:33.0656 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/01 21:26:33.0718 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/01 21:26:33.0750 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/01 21:26:33.0781 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/01 21:26:33.0828 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/01 21:26:33.0843 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/01 21:26:33.0890 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/01 21:26:33.0953 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/01 21:26:33.0984 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/01 21:26:34.0015 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/01 21:26:34.0031 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/01 21:26:34.0062 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/01 21:26:34.0093 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/01 21:26:34.0171 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/01 21:26:34.0203 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/01 21:26:34.0234 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/01 21:26:34.0281 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/01/01 21:26:34.0343 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/01/01 21:26:34.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/01 21:26:34.0406 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/01 21:26:34.0468 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/01 21:26:34.0484 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/01 21:26:34.0515 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/01 21:26:34.0546 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/01 21:26:34.0593 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/01 21:26:34.0640 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/01 21:26:34.0890 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/01 21:26:34.0953 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/01 21:26:34.0968 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/01 21:26:35.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/01 21:26:35.0031 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/01 21:26:35.0203 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/01 21:26:35.0234 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/01 21:26:35.0265 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/01 21:26:35.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/01 21:26:35.0328 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/01 21:26:35.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/01 21:26:35.0453 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/01 21:26:35.0500 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/01 21:26:35.0609 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/01 21:26:35.0671 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/01 21:26:35.0703 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/01 21:26:35.0718 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/01 21:26:35.0843 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/01 21:26:35.0906 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/01 21:26:35.0953 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/01 21:26:36.0015 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/01 21:26:36.0093 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/01 21:26:36.0328 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/01 21:26:36.0406 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/01 21:26:36.0453 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/01 21:26:36.0484 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/01 21:26:36.0531 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/01 21:26:36.0656 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/01 21:26:36.0703 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/01 21:26:36.0781 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/01 21:26:36.0828 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/01 21:26:36.0843 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/01 21:26:36.0875 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/01 21:26:36.0937 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/01 21:26:36.0984 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/01 21:26:37.0046 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/01 21:26:37.0109 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/01 21:26:37.0203 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/01 21:26:37.0250 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/01 21:26:37.0296 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/01/01 21:26:37.0375 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/01 21:26:37.0437 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/01 21:26:37.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/01 21:26:37.0609 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/01 21:26:37.0812 ================================================================================
2011/01/01 21:26:37.0812 Scan finished
2011/01/01 21:26:37.0812 ================================================================================
2011/01/01 21:31:32.0062 ================================================================================
2011/01/01 21:31:32.0062 Scan started
2011/01/01 21:31:32.0062 Mode: Manual;
2011/01/01 21:31:32.0062 ================================================================================
2011/01/01 21:31:32.0562 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/01 21:31:32.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/01 21:31:32.0796 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/01 21:31:32.0875 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/01 21:31:33.0281 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/01 21:31:33.0390 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/01 21:31:33.0437 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/01 21:31:33.0546 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/01 21:31:33.0671 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/01/01 21:31:33.0781 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/01/01 21:31:33.0875 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/01/01 21:31:35.0078 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/01 21:31:35.0203 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/01 21:31:35.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/01 21:31:35.0359 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/01 21:31:35.0421 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/01 21:31:35.0500 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/01/01 21:31:35.0812 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/01 21:31:35.0890 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/01/01 21:31:35.0906 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/01 21:31:35.0953 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/01 21:31:36.0031 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/01/01 21:31:36.0093 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/01 21:31:37.0640 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/01 21:31:37.0671 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/01 21:31:37.0718 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/01/01 21:31:37.0750 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/01 21:31:37.0781 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/01 21:31:37.0906 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/01 21:31:37.0968 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/01 21:31:38.0000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/01 21:31:38.0078 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/01 21:31:38.0171 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/01 21:31:38.0218 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/01 21:31:38.0250 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/01 21:31:38.0328 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/01 21:31:38.0390 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/01 21:31:38.0468 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/01 21:31:38.0515 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/01 21:31:38.0609 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/01 21:31:38.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/01 21:31:38.0671 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/01 21:31:38.0718 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/01 21:31:38.0828 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/01 21:31:38.0921 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/01 21:31:39.0062 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/01/01 21:31:39.0109 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/01 21:31:39.0156 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/01 21:31:39.0328 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/01 21:31:39.0421 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/01 21:31:39.0843 IntcAzAudAddService (574c9b2f9406d28f8f7e5c7b46b470e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/01 21:31:40.0078 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/01 21:31:40.0125 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/01 21:31:40.0156 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/01 21:31:40.0203 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/01 21:31:40.0265 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/01 21:31:40.0343 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/01 21:31:40.0406 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/01 21:31:40.0484 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/01 21:31:40.0546 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/01 21:31:40.0640 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/01 21:31:40.0734 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/01 21:31:40.0968 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/01/01 21:31:41.0062 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/01 21:31:41.0156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/01 21:31:41.0265 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/01 21:31:41.0359 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/01 21:31:41.0468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/01 21:31:41.0515 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/01 21:31:41.0796 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/01 21:31:41.0953 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/01 21:31:42.0000 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/01 21:31:42.0109 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/01 21:31:42.0156 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/01 21:31:42.0187 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/01 21:31:42.0296 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/01 21:31:42.0406 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/01 21:31:42.0546 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/01 21:31:42.0640 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/01 21:31:42.0750 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/01 21:31:42.0859 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/01 21:31:42.0890 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/01 21:31:43.0000 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/01 21:31:43.0125 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/01 21:31:43.0234 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/01 21:31:43.0343 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/01 21:31:43.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/01 21:31:43.0562 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/01/01 21:31:43.0640 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/01/01 21:31:43.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/01 21:31:43.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/01 21:31:44.0000 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/01 21:31:44.0078 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/01 21:31:44.0156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/01 21:31:44.0203 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/01 21:31:44.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/01 21:31:44.0390 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/01 21:31:44.0781 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/01 21:31:44.0859 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/01 21:31:44.0890 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/01 21:31:44.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/01 21:31:45.0015 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/01 21:31:45.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/01 21:31:45.0421 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/01 21:31:45.0468 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/01 21:31:45.0500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/01 21:31:45.0546 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/01 21:31:45.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/01 21:31:45.0687 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/01 21:31:45.0750 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/01 21:31:45.0890 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/01 21:31:45.0937 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/01 21:31:45.0968 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/01 21:31:46.0015 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/01 21:31:46.0140 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/01 21:31:46.0234 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/01 21:31:46.0312 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/01 21:31:46.0453 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/01 21:31:46.0531 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/01 21:31:46.0890 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/01 21:31:47.0078 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/01 21:31:47.0218 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/01 21:31:47.0343 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/01 21:31:47.0500 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/01 21:31:48.0000 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/01 21:31:48.0375 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/01 21:31:48.0593 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/01 21:31:48.0718 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/01 21:31:48.0921 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/01 21:31:49.0203 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/01 21:31:49.0437 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/01 21:31:49.0687 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/01 21:31:49.0921 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/01 21:31:50.0156 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/01 21:31:50.0468 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/01 21:31:50.0796 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/01 21:31:51.0078 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/01/01 21:31:51.0515 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/01 21:31:52.0046 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/01 21:31:52.0390 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/01 21:31:52.0453 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/01 21:31:55.0250 ================================================================================
2011/01/01 21:31:55.0250 Scan finished
2011/01/01 21:31:55.0250 ================================================================================
2011/01/01 21:34:38.0781 Deinitialize success
 
second one:

2011/06/03 11:37:58.0706 3596 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 11:37:59.0034 3596 ================================================================================
2011/06/03 11:37:59.0034 3596 SystemInfo:
2011/06/03 11:37:59.0034 3596
2011/06/03 11:37:59.0034 3596 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/03 11:37:59.0034 3596 Product type: Workstation
2011/06/03 11:37:59.0034 3596 ComputerName: ASHLEY-F3EDA773
2011/06/03 11:37:59.0034 3596 UserName: QuentinAshleyAli
2011/06/03 11:37:59.0034 3596 Windows directory: C:\WINDOWS
2011/06/03 11:37:59.0034 3596 System windows directory: C:\WINDOWS
2011/06/03 11:37:59.0050 3596 Processor architecture: Intel x86
2011/06/03 11:37:59.0050 3596 Number of processors: 1
2011/06/03 11:37:59.0050 3596 Page size: 0x1000
2011/06/03 11:37:59.0050 3596 Boot type: Normal boot
2011/06/03 11:37:59.0050 3596 ================================================================================
2011/06/03 11:38:02.0347 3596 Initialize success
2011/06/03 11:38:30.0347 1164 ================================================================================
2011/06/03 11:38:30.0347 1164 Scan started
2011/06/03 11:38:30.0347 1164 Mode: Manual;
2011/06/03 11:38:30.0347 1164 ================================================================================
2011/06/03 11:38:31.0519 1164 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/03 11:38:31.0566 1164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/03 11:38:31.0644 1164 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/06/03 11:38:31.0706 1164 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/03 11:38:31.0941 1164 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/03 11:38:32.0019 1164 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/03 11:38:32.0066 1164 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/03 11:38:32.0128 1164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/03 11:38:32.0175 1164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/03 11:38:32.0706 1164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/03 11:38:32.0784 1164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/03 11:38:32.0831 1164 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/03 11:38:32.0909 1164 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/03 11:38:32.0972 1164 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/06/03 11:38:33.0112 1164 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/03 11:38:33.0159 1164 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/03 11:38:33.0222 1164 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/03 11:38:33.0237 1164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/03 11:38:33.0284 1164 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/03 11:38:33.0316 1164 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/03 11:38:33.0362 1164 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/03 11:38:33.0425 1164 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/03 11:38:33.0456 1164 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/03 11:38:33.0472 1164 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/03 11:38:33.0566 1164 FltMgr (54fd90f0038f07920cb9fb6591bde82f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/03 11:38:33.0597 1164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/03 11:38:33.0659 1164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/03 11:38:33.0706 1164 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/03 11:38:33.0769 1164 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/03 11:38:33.0816 1164 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/03 11:38:33.0909 1164 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/06/03 11:38:34.0003 1164 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/03 11:38:34.0066 1164 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/03 11:38:34.0159 1164 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/03 11:38:34.0222 1164 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/03 11:38:34.0394 1164 IntcAzAudAddService (574c9b2f9406d28f8f7e5c7b46b470e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/03 11:38:34.0581 1164 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/03 11:38:34.0612 1164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/03 11:38:34.0612 1164 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/03 11:38:34.0644 1164 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/03 11:38:34.0706 1164 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/03 11:38:34.0737 1164 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/03 11:38:34.0784 1164 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/03 11:38:34.0816 1164 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/03 11:38:34.0847 1164 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/03 11:38:34.0909 1164 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/03 11:38:34.0956 1164 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/03 11:38:35.0019 1164 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/03 11:38:35.0050 1164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/03 11:38:35.0097 1164 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/03 11:38:35.0128 1164 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/03 11:38:35.0175 1164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/03 11:38:35.0206 1164 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/03 11:38:35.0253 1164 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/03 11:38:35.0409 1164 MpKsl25736a73 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKsl25736a73.sys
2011/06/03 11:38:35.0566 1164 MpKslbf4fc3b3 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKslbf4fc3b3.sys
2011/06/03 11:38:35.0628 1164 MpKsle9354670 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKsle9354670.sys
2011/06/03 11:38:35.0675 1164 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/03 11:38:35.0784 1164 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/03 11:38:35.0831 1164 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/03 11:38:36.0034 1164 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/03 11:38:36.0050 1164 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/03 11:38:36.0066 1164 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/03 11:38:36.0112 1164 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/03 11:38:36.0159 1164 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/03 11:38:36.0237 1164 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/03 11:38:36.0284 1164 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/03 11:38:36.0331 1164 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/03 11:38:36.0362 1164 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/03 11:38:36.0378 1164 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/03 11:38:36.0441 1164 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/03 11:38:36.0487 1164 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/03 11:38:36.0566 1164 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/03 11:38:36.0612 1164 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/03 11:38:36.0659 1164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/03 11:38:36.0691 1164 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/03 11:38:36.0722 1164 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/03 11:38:36.0784 1164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/03 11:38:36.0800 1164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/03 11:38:36.0847 1164 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/03 11:38:36.0894 1164 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/03 11:38:36.0925 1164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/03 11:38:36.0972 1164 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/03 11:38:37.0050 1164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/03 11:38:37.0081 1164 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/03 11:38:37.0206 1164 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/03 11:38:37.0253 1164 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/03 11:38:37.0269 1164 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/03 11:38:37.0284 1164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/03 11:38:37.0362 1164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/03 11:38:37.0394 1164 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/03 11:38:37.0409 1164 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/03 11:38:37.0425 1164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/03 11:38:37.0487 1164 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/03 11:38:37.0519 1164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/03 11:38:37.0550 1164 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/03 11:38:37.0597 1164 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/03 11:38:37.0675 1164 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/03 11:38:37.0894 1164 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/03 11:38:37.0941 1164 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/03 11:38:37.0972 1164 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/03 11:38:38.0034 1164 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/03 11:38:38.0097 1164 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/03 11:38:38.0144 1164 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/03 11:38:38.0206 1164 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/03 11:38:38.0253 1164 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/03 11:38:38.0347 1164 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/03 11:38:38.0441 1164 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/03 11:38:38.0487 1164 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/03 11:38:38.0503 1164 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/03 11:38:38.0566 1164 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/03 11:38:38.0644 1164 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/03 11:38:38.0722 1164 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/03 11:38:38.0784 1164 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/03 11:38:38.0831 1164 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/03 11:38:38.0862 1164 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/03 11:38:38.0909 1164 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/03 11:38:38.0972 1164 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/03 11:38:39.0003 1164 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/03 11:38:39.0034 1164 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/03 11:38:39.0097 1164 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/03 11:38:39.0191 1164 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/03 11:38:39.0269 1164 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/03 11:38:39.0331 1164 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/06/03 11:38:39.0409 1164 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/03 11:38:39.0472 1164 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/03 11:38:39.0644 1164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/03 11:38:39.0675 1164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/03 11:38:39.0769 1164 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/03 11:38:39.0784 1164 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/03 11:38:39.0784 1164 ================================================================================
2011/06/03 11:38:39.0784 1164 Scan finished
2011/06/03 11:38:39.0784 1164 ================================================================================
2011/06/03 11:38:39.0816 3628 Detected object count: 1
2011/06/03 11:38:39.0816 3628 Actual detected object count: 1
2011/06/03 11:38:55.0253 3628 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/03 11:38:55.0253 3628 \Device\Harddisk0\DR0 - ok
2011/06/03 11:38:55.0253 3628 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/03 11:39:23.0691 3568 Deinitialize success
 
ComboFix 11-06-03.02 - QuentinAshleyAli 06/03/2011 11:53:35.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.582 [GMT -5:00]
Running from: c:\documents and settings\QuentinAshleyAli\My Documents\ComboFixfix26.exe
Command switches used :: c:\documents and settings\QuentinAshleyAli\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users\Application Data\kqAIrvwyxLeS.exe"
"c:\windows\system32\drivers\136430.sys"
"c:\windows\system32\drivers\vwvgafre.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ComboFixfix26
c:\combofixfix26\023.dat
c:\combofixfix26\023v.dat
c:\combofixfix26\023w7.dat
c:\combofixfix26\AppDataFile.cfx
c:\combofixfix26\AppDataFolder.cfx
c:\combofixfix26\appinit.bad
c:\combofixfix26\asp.str
c:\combofixfix26\Assoc.cmd
c:\combofixfix26\ATTRIB.cfxxe
c:\combofixfix26\Auto-RC.cmd
c:\combofixfix26\av.cmd
c:\combofixfix26\av.vbs
c:\combofixfix26\AWF.cmd
c:\combofixfix26\badclsid.c
c:\combofixfix26\Boot-Rk.cmd
c:\combofixfix26\Boot.bat
c:\combofixfix26\BootDrv.vbs
c:\combofixfix26\c.bat
c:\combofixfix26\c.mrk
c:\combofixfix26\Catch-sub.cmd
c:\combofixfix26\catchme.cfxxe
c:\combofixfix26\CCS.bat
c:\combofixfix26\CF-Script.cmd
c:\combofixfix26\CF29487.cfxxe
c:\combofixfix26\CHCP.bat
c:\combofixfix26\clsid.c
c:\combofixfix26\Combobatch.bat
c:\combofixfix26\ComboFix-Download.cfxxe
c:\combofixfix26\Create.cmd
c:\combofixfix26\Creg.dat
c:\combofixfix26\CregC.cmd
c:\combofixfix26\CregC.dat
c:\combofixfix26\CSCRIPT.cfxxe
c:\combofixfix26\CSet.cmd
c:\combofixfix26\dd.cfxxe
c:\combofixfix26\ddsDo.sed
c:\combofixfix26\DelClsid.bat
c:\combofixfix26\DelClsid64.bat
c:\combofixfix26\desktop.ini
c:\combofixfix26\DesktopFile.cfx
c:\combofixfix26\DisclaimED.dat
c:\combofixfix26\DPF.str
c:\combofixfix26\DrvRun.vbs
c:\combofixfix26\dumphive.cfxxe
c:\combofixfix26\embedded.sed
c:\combofixfix26\ERDNT.e_e
c:\combofixfix26\ERDNTDOS.LOC
c:\combofixfix26\ERDNTWIN.LOC
c:\combofixfix26\ERUNT.cfxxe
c:\combofixfix26\erunt.dat
c:\combofixfix26\ERUNT.LOC
c:\combofixfix26\Exe.reg
c:\combofixfix26\extract.cfxxe
c:\combofixfix26\FavoriteFolder.cfx
c:\combofixfix26\FavoritesFile.cfx
c:\combofixfix26\FD-SV.cmd
c:\combofixfix26\ffdefstr.dll
c:\combofixfix26\FileKill.cfxxe
c:\combofixfix26\files.pif
c:\combofixfix26\Fin.dat
c:\combofixfix26\FIND3M.bat
c:\combofixfix26\FIXLSP.bat
c:\combofixfix26\FKMGen.cmd
c:\combofixfix26\ForeignWht
c:\combofixfix26\GetHive.cmd
c:\combofixfix26\grep.cfxxe
c:\combofixfix26\gsar.cfxxe
c:\combofixfix26\handle.cfxxe
c:\combofixfix26\HDPEInfo.cfxxe
c:\combofixfix26\hidec.cfxxe
c:\combofixfix26\history.bat
c:\combofixfix26\hwid.pif
c:\combofixfix26\iexplore.exe
c:\combofixfix26\image001.gif
c:\combofixfix26\Imefile.dat
c:\combofixfix26\Install-RC.cmd
c:\combofixfix26\katch.cmd
c:\combofixfix26\Kill-All.cmd
c:\combofixfix26\kmd.dat
c:\combofixfix26\Lang.bat
c:\combofixfix26\List-B.bat
c:\combofixfix26\List-C.bat
c:\combofixfix26\List-D.bat
c:\combofixfix26\List.bat
c:\combofixfix26\lnkread.vbs
c:\combofixfix26\LocalAppDataFile.cfx
c:\combofixfix26\LocalAppDataFolder.cfx
c:\combofixfix26\LocalService.dat
c:\combofixfix26\LocalServiceNetworkRestricted.dat
c:\combofixfix26\LocalSettingsFile.cfx
c:\combofixfix26\LocalSystemNetworkRestricted.dat
c:\combofixfix26\mbr.cfxxe
c:\combofixfix26\mbr.chk
c:\combofixfix26\md5sum.pif
c:\combofixfix26\Mirrors
c:\combofixfix26\MoveIt.bat
c:\combofixfix26\mtee.cfxxe
c:\combofixfix26\MtPt00
c:\combofixfix26\mynul.dat
c:\combofixfix26\N_\10352
c:\combofixfix26\N_\11340
c:\combofixfix26\N_\1514
c:\combofixfix26\N_\17351
c:\combofixfix26\N_\18557
c:\combofixfix26\N_\19014
c:\combofixfix26\N_\19984
c:\combofixfix26\N_\20782
c:\combofixfix26\N_\21434
c:\combofixfix26\N_\23122
c:\combofixfix26\N_\24829
c:\combofixfix26\N_\26742
c:\combofixfix26\N_\27918
c:\combofixfix26\N_\28519
c:\combofixfix26\N_\28759
c:\combofixfix26\N_\30628
c:\combofixfix26\N_\30871
c:\combofixfix26\N_\7451
c:\combofixfix26\N_\8227
c:\combofixfix26\N_\pingtest
c:\combofixfix26\ncmd.com
c:\combofixfix26\ND_.bat
c:\combofixfix26\ND_64.bat
c:\combofixfix26\ndis_combofix.dat
c:\combofixfix26\netsvc.bad.dat
c:\combofixfix26\netsvc.dat
c:\combofixfix26\netsvc.vista.dat
c:\combofixfix26\netsvc.xp.dat
c:\combofixfix26\NetworkService.dat
c:\combofixfix26\NirCmd.cfxxe
c:\combofixfix26\NircmdB.exe
c:\combofixfix26\NirCmdC.cfxxe
c:\combofixfix26\NIRKMD.cfxxe
c:\combofixfix26\NlsLanguageDefault
c:\combofixfix26\NT-OS.cmd
c:\combofixfix26\NULL
c:\combofixfix26\OSid.vbs
c:\combofixfix26\OsVer
c:\combofixfix26\pausep.cfxxe
c:\combofixfix26\PersonalFile.cfx
c:\combofixfix26\PersonalFolder.cfx
c:\combofixfix26\pev.cfxxe
c:\combofixfix26\pevb.cfxxe
c:\combofixfix26\PING.cfxxe
c:\combofixfix26\Policies.dat
c:\combofixfix26\powp.dat
c:\combofixfix26\Prep.inf
c:\combofixfix26\ProfilesFile.cfx
c:\combofixfix26\ProfilesFolder.cfx
c:\combofixfix26\ProgramsFile.cfx
c:\combofixfix26\ProgramsFolder.cfx
c:\combofixfix26\Purity.dat
c:\combofixfix26\PV.cfxxe
c:\combofixfix26\pv.com
c:\combofixfix26\rar_sfx.cmd
c:\combofixfix26\RCLink.dat
c:\combofixfix26\REGDACL.sed
c:\combofixfix26\RegDo.sed
c:\combofixfix26\region.dat
c:\combofixfix26\RegScan.cmd
c:\combofixfix26\RegScan64.cmd
c:\combofixfix26\Resident.txt
c:\combofixfix26\restore_pt.vbs
c:\combofixfix26\Rkey.cmd
c:\combofixfix26\rmbr.cfxxe
c:\combofixfix26\rogues.dat
c:\combofixfix26\ROUTE.cfxxe
c:\combofixfix26\run2.sed
c:\combofixfix26\Rust.str
c:\combofixfix26\s0rt.cfxxe
c:\combofixfix26\safeboot.dat
c:\combofixfix26\safeboot.def.dat
c:\combofixfix26\safeboot.def.vista.dat
c:\combofixfix26\Safeboot.def.w7.dat
c:\combofixfix26\sed.cfxxe
c:\combofixfix26\SetEnvmt.bat
c:\combofixfix26\setpath.cfxxe
c:\combofixfix26\setpath_N.cmd
c:\combofixfix26\SF.exe
c:\combofixfix26\sfx.cmd
c:\combofixfix26\SnapShot.cmd
c:\combofixfix26\SRestore.cmd
c:\combofixfix26\srizbi.md5
c:\combofixfix26\Start_dat
c:\combofixfix26\StartMenuFile.cfx
c:\combofixfix26\StartMenuFolder.cfx
c:\combofixfix26\StartUpFile.cfx
c:\combofixfix26\SuppScan.cmd
c:\combofixfix26\svc_wht.dat
c:\combofixfix26\SvcDrv.vbs
c:\combofixfix26\svchost.dat
c:\combofixfix26\svchost.vista.dat
c:\combofixfix26\svchost.vista.x64.dat
c:\combofixfix26\svchost.w7.dat
c:\combofixfix26\svchost.w7.x64.dat
c:\combofixfix26\swreg.cfxxe
c:\combofixfix26\swsc.cfxxe
c:\combofixfix26\swxcacls.cfxxe
c:\combofixfix26\system_ini.dat
c:\combofixfix26\tail.cfxxe
c:\combofixfix26\TemplatesFile.cfx
c:\combofixfix26\TemplatesFolder.cfx
c:\combofixfix26\toolbar.sed
c:\combofixfix26\Update-CF.cmd
c:\combofixfix26\VerCF.bat
c:\combofixfix26\version.txt
c:\combofixfix26\VikPev00
c:\combofixfix26\VInfo
c:\combofixfix26\VInfo2
c:\combofixfix26\Vipev.dat
c:\combofixfix26\vistaMcode.dat
c:\combofixfix26\vistareg.dat
c:\combofixfix26\vun.dat
c:\combofixfix26\VwinTemp.dacl
c:\combofixfix26\w_sock.dll
c:\combofixfix26\w2k_sock.dll
c:\combofixfix26\w2kreg.dat
c:\combofixfix26\w7Mcode.dat
c:\combofixfix26\w7reg.dat
c:\combofixfix26\Wmi_rem.vbs
c:\combofixfix26\XP.mac
c:\combofixfix26\xpmcode.dat
c:\combofixfix26\xpreg.dat
c:\combofixfix26\XPSBoot.reg
c:\combofixfix26\zDomain.dat
c:\combofixfix26\zhsvc.dat
c:\combofixfix26\zip.cfxxe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL25736A73
-------\Legacy_MPKSL3671B97E
-------\Legacy_MPKSL4A9E1D01
-------\Legacy_MPKSL4E5F59FF
-------\Legacy_MPKSL676B6E26
-------\Legacy_MPKSL6E7306EE
-------\Legacy_MPKSL7ED93D1E
-------\Legacy_MPKSL82A78A7B
-------\Legacy_MPKSLB8C6A8BC
-------\Legacy_MPKSLD035D297
-------\Legacy_MPKSLD94DF21A
-------\Legacy_MPKSLDA4F5B63
-------\Legacy_MPKSLE0642E50
-------\Legacy_MPKSLFE1BA7F0
-------\Service_MpKsl3671b97e
-------\Service_MpKsl4a9e1d01
-------\Service_MpKsl4e5f59ff
-------\Service_MpKsl676b6e26
-------\Service_MpKsl6e7306ee
-------\Service_MpKsl7ed93d1e
-------\Service_MpKsl82a78a7b
-------\Service_MpKslb8c6a8bc
-------\Service_MpKslbf4fc3b3
-------\Service_MpKsld035d297
-------\Service_MpKsld94df21a
-------\Service_MpKslda4f5b63
-------\Service_MpKsle0642e50
-------\Service_MpKslfe1ba7f0
-------\Service_xvtebljv
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 17:02 . 2011-06-03 17:02 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKslb819d8ee.sys
2011-06-03 16:40 . 2011-06-03 16:40 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKsl62027b3a.sys
2011-06-03 09:45 . 2011-06-03 09:45 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKslbf4fc3b3.sys
2011-06-01 22:48 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\mpengine.dll
2011-05-17 19:20 . 2011-05-17 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2011-05-17 19:20 . 2011-06-01 23:46 -------- d-----w- c:\documents and settings\QuentinAshleyAli\Application Data\NCH Swift Sound
2011-05-16 14:02 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-16 14:02 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 16:21 . 2011-05-05 21:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-05 16:17 . 2011-05-05 16:18 -------- d-----w- c:\program files\CCleaner
2011-05-05 16:16 . 2011-05-13 15:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-05 16:16 . 2011-05-05 21:21 -------- d-----w- c:\documents and settings\QuentinAshleyAli\Local Settings\Application Data\Temp
2011-05-05 16:16 . 2011-05-05 16:18 -------- d-----w- c:\documents and settings\QuentinAshleyAli\Local Settings\Application Data\Google
2011-05-05 16:14 . 2011-05-05 16:14 388096 ----a-r- c:\documents and settings\QuentinAshleyAli\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2011-02-08 12:11 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-03_10.15.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-03 17:02 . 2011-06-03 17:02 16384 c:\windows\temp\Perflib_Perfdata_630.dat
+ 2009-12-05 01:45 . 2011-04-29 16:29 42829768 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"HostManager"="c:\program files\Common Files\AOL\1300136716\ee\AOLSoftware.exe" [2009-07-20 41264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1300136716\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
.
R1 MpKsl62027b3a;MpKsl62027b3a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKsl62027b3a.sys [6/3/2011 11:40 AM 28752]
R1 MpKslb819d8ee;MpKslb819d8ee;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKslb819d8ee.sys [6/3/2011 12:02 PM 28752]
S1 MpKslf2687b69;MpKslf2687b69;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKslf2687b69.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B274C892-B322-42AF-BC78-4B4A78AC5295}\MpKslf2687b69.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2011 11:16 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2011 11:16 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB819D8EE
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-06-03 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-06-03 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-06-03 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-06-02 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 16:16]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 16:16]
.
2011-06-03 c:\windows\Tasks\hpwebreg_CN0AF22KXT05D2.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\hpwebreg.exe [2010-06-14 22:10]
.
2011-06-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 76.85.229.110 76.85.229.111
FF - ProfilePath - c:\documents and settings\QuentinAshleyAli\Application Data\Mozilla\Firefox\Profiles\bdg8hvb6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CL-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: protocol-handler.warn-external.dnUpdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-kqAIrvwyxLeS - c:\documents and settings\All Users\Application Data\kqAIrvwyxLeS.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 12:03
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\RTHDCPL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AOL 9.5\waol.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AOL 9.5\shellmon.exe
.
**************************************************************************
.
Completion time: 2011-06-03 12:05:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-03 17:05
ComboFix2.txt 2011-06-03 10:17
ComboFix3.txt 2011-02-07 22:39
.
Pre-Run: 144,251,834,368 bytes free
Post-Run: 144,534,966,272 bytes free
.
- - End Of File - - 816ED44E24D48C40A63F691927C25A77
 
I ran my Microsoft windows one more time and 3 viruses popped up so I removed them fast. So it has been running fine. Thanks so much for that script you had me run. It was awesome. You are so nice :)
 
You must log in or register to reply here.
Back
Top