Zabala

Members
  • Content count

    15
  • Joined

  • Last visited

About Zabala

  • Rank
    New Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Philippines
  • Interests
    Reading, internet, PS3.
  1. Ooh, sorry. It wasn't done when I copied. Here is the whole log: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: Inspiron 1520 Logical Drives Mask: 0x0000001c \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS) Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! Press ENTER to exit...
  2. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: Inspiron 1520 Logical Drives Mask: 0x0000001c
  3. No dice LT...combofix still won't run even if renamed. Is it because I'm running Windows 7?
  4. SystemLook 04.09.10 by jpshortstuff Log created at 23:19 on 20/12/2010 by Jay Administrator - Elevation successful ========== filefind ========== Searching for "netbt.sys" C:\Windows\System32\drivers\netbt.sys ------- 187904 bytes [23:12 13/07/2009] [23:12 13/07/2009] BC1ACB2FEDA26704285D15342270D264 -= EOF =-
  5. Hmm, scanned and it still found these: C:\Windows\System32\drivers\netbt.sys a variant of Win32/Rootkit.Agent.NSF trojan unable to clean C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys a variant of Win32/Rootkit.Agent.NSF trojan cleaned by deleting - quarantined Still can't run Combofix, it installs but quits suddenly.
  6. Tried running combofix after the scan but it hanged or my system hanged at the combofix install bar. Re-scanning again right now and will try to run combofix immediately.
  7. Contents of logfile: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XA7PPJLK\script_card[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XA7PPJLK\uninstall[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined C:\Windows\System32\drivers\netbt.sys a variant of Win32/Rootkit.Agent.NSF trojan unable to clean C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys a variant of Win32/Rootkit.Agent.NSF trojan cleaned by deleting - quarantined C:\Windows\winsxs\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll probably a variant of Win32/Kryptik.YQ trojan cleaned by deleting (after the next restart) - quarantined
  8. Yes, it's installed. I can update it but when I try scan it closes the MBAM window and then I can't access the .exe anymore. What I did is reinstall MBAM again then update it again, the try to scan. It then quits again and I can't access the file.
  9. Rebooted and ran TDSSKiller and then ComboFix. Combofix installs but won't run anything and here is the TDSSKiller log. the forged NetBT is back.. 2010/12/19 09:26:01.0266 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/19 09:26:01.0266 ================================================================================ 2010/12/19 09:26:01.0266 SystemInfo: 2010/12/19 09:26:01.0266 2010/12/19 09:26:01.0266 OS Version: 6.1.7600 ServicePack: 0.0 2010/12/19 09:26:01.0266 Product type: Workstation 2010/12/19 09:26:01.0266 ComputerName: ZERO 2010/12/19 09:26:01.0282 UserName: Jay 2010/12/19 09:26:01.0282 Windows directory: C:\Windows 2010/12/19 09:26:01.0282 System windows directory: C:\Windows 2010/12/19 09:26:01.0282 Processor architecture: Intel x86 2010/12/19 09:26:01.0282 Number of processors: 2 2010/12/19 09:26:01.0282 Page size: 0x1000 2010/12/19 09:26:01.0282 Boot type: Normal boot 2010/12/19 09:26:01.0282 ================================================================================ 2010/12/19 09:26:01.0812 Initialize success 2010/12/19 09:26:02.0702 ================================================================================ 2010/12/19 09:26:02.0702 Scan started 2010/12/19 09:26:02.0702 Mode: Manual; 2010/12/19 09:26:02.0702 ================================================================================ 2010/12/19 09:26:05.0151 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2010/12/19 09:26:05.0229 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2010/12/19 09:26:05.0759 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2010/12/19 09:26:06.0243 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/12/19 09:26:06.0352 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2010/12/19 09:26:06.0648 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2010/12/19 09:26:06.0882 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2010/12/19 09:26:07.0148 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2010/12/19 09:26:07.0319 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2010/12/19 09:26:07.0756 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2010/12/19 09:26:08.0255 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2010/12/19 09:26:08.0567 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2010/12/19 09:26:08.0786 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2010/12/19 09:26:09.0004 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2010/12/19 09:26:09.0254 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2010/12/19 09:26:09.0659 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/12/19 09:26:10.0002 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2010/12/19 09:26:10.0517 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2010/12/19 09:26:11.0048 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2010/12/19 09:26:11.0282 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2010/12/19 09:26:11.0531 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/12/19 09:26:11.0750 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2010/12/19 09:26:12.0015 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/12/19 09:26:12.0608 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/12/19 09:26:13.0060 avipbb (7cefb5eca1f711d0ab996c98b38a2d5a) C:\Windows\system32\DRIVERS\avipbb.sys 2010/12/19 09:26:14.0012 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2010/12/19 09:26:14.0355 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2010/12/19 09:26:14.0636 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys 2010/12/19 09:26:14.0948 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2010/12/19 09:26:15.0119 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2010/12/19 09:26:15.0213 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/12/19 09:26:15.0634 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2010/12/19 09:26:15.0697 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/12/19 09:26:16.0149 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/12/19 09:26:16.0679 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2010/12/19 09:26:17.0023 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/12/19 09:26:17.0506 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/12/19 09:26:17.0865 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/12/19 09:26:18.0427 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2010/12/19 09:26:18.0988 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/12/19 09:26:19.0706 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2010/12/19 09:26:20.0377 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2010/12/19 09:26:20.0891 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2010/12/19 09:26:21.0406 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys 2010/12/19 09:26:21.0578 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2010/12/19 09:26:22.0139 cdrom (656d1ec977e3c5316a62dbbe52cb9663) C:\Windows\system32\DRIVERS\cdrom.sys 2010/12/19 09:26:22.0576 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2010/12/19 09:26:22.0732 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2010/12/19 09:26:23.0091 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/12/19 09:26:23.0606 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2010/12/19 09:26:23.0996 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2010/12/19 09:26:24.0183 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2010/12/19 09:26:24.0760 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/12/19 09:26:25.0150 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/12/19 09:26:25.0353 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2010/12/19 09:26:25.0743 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2010/12/19 09:26:25.0993 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2010/12/19 09:26:26.0195 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2010/12/19 09:26:26.0492 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2010/12/19 09:26:26.0819 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2010/12/19 09:26:27.0553 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2010/12/19 09:26:28.0223 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2010/12/19 09:26:28.0645 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2010/12/19 09:26:28.0894 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2010/12/19 09:26:29.0003 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2010/12/19 09:26:29.0284 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2010/12/19 09:26:29.0471 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2010/12/19 09:26:29.0549 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2010/12/19 09:26:29.0815 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/12/19 09:26:30.0049 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2010/12/19 09:26:30.0267 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2010/12/19 09:26:30.0454 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2010/12/19 09:26:30.0501 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2010/12/19 09:26:30.0579 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/12/19 09:26:30.0797 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/12/19 09:26:31.0031 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2010/12/19 09:26:31.0343 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2010/12/19 09:26:31.0780 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/12/19 09:26:31.0983 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/12/19 09:26:32.0155 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2010/12/19 09:26:32.0654 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2010/12/19 09:26:32.0810 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2010/12/19 09:26:33.0059 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\Windows\system32\drivers\hitmanpro35.sys 2010/12/19 09:26:33.0293 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/12/19 09:26:33.0496 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2010/12/19 09:26:33.0730 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2010/12/19 09:26:33.0980 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2010/12/19 09:26:34.0089 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2010/12/19 09:26:34.0214 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/12/19 09:26:34.0307 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2010/12/19 09:26:34.0510 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2010/12/19 09:26:34.0713 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2010/12/19 09:26:34.0791 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2010/12/19 09:26:34.0963 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/12/19 09:26:35.0228 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2010/12/19 09:26:35.0509 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2010/12/19 09:26:35.0930 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2010/12/19 09:26:36.0335 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2010/12/19 09:26:36.0959 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/12/19 09:26:37.0427 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/12/19 09:26:37.0817 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/12/19 09:26:38.0161 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2010/12/19 09:26:38.0644 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2010/12/19 09:26:38.0909 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/12/19 09:26:39.0065 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/12/19 09:26:39.0221 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/12/19 09:26:39.0409 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/12/19 09:26:39.0627 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/12/19 09:26:39.0845 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2010/12/19 09:26:40.0017 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2010/12/19 09:26:40.0235 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2010/12/19 09:26:40.0423 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/12/19 09:26:40.0532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2010/12/19 09:26:40.0594 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2010/12/19 09:26:40.0922 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2010/12/19 09:26:41.0062 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2010/12/19 09:26:41.0125 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2010/12/19 09:26:41.0405 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2010/12/19 09:26:41.0452 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2010/12/19 09:26:41.0639 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2010/12/19 09:26:41.0764 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/12/19 09:26:41.0889 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/12/19 09:26:41.0936 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/12/19 09:26:42.0154 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2010/12/19 09:26:42.0217 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2010/12/19 09:26:42.0388 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2010/12/19 09:26:42.0435 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2010/12/19 09:26:42.0653 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2010/12/19 09:26:42.0809 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2010/12/19 09:26:42.0872 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/12/19 09:26:43.0153 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2010/12/19 09:26:43.0231 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2010/12/19 09:26:43.0293 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/12/19 09:26:43.0433 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2010/12/19 09:26:43.0823 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/12/19 09:26:43.0917 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2010/12/19 09:26:44.0073 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2010/12/19 09:26:44.0229 NDIS (779e9149d3662ed6beb58a67e3c775f4) C:\Windows\system32\drivers\ndis.sys 2010/12/19 09:26:44.0401 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/12/19 09:26:44.0479 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/12/19 09:26:44.0603 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/12/19 09:26:44.0744 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/12/19 09:26:44.0915 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2010/12/19 09:26:44.0978 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2010/12/19 09:26:45.0212 NetBT (bc1acb2feda26704285d15342270d264) C:\Windows\system32\DRIVERS\netbt.sys 2010/12/19 09:26:45.0212 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: bc1acb2feda26704285d15342270d264, Fake md5: dd52a733bf4ca5af84562a5e2f963b91 2010/12/19 09:26:45.0227 NetBT - detected Forged file (1) 2010/12/19 09:26:45.0493 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/12/19 09:26:45.0649 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys 2010/12/19 09:26:45.0883 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys 2010/12/19 09:26:46.0117 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys 2010/12/19 09:26:46.0257 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys 2010/12/19 09:26:46.0507 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2010/12/19 09:26:46.0928 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2010/12/19 09:26:47.0037 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2010/12/19 09:26:47.0193 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2010/12/19 09:26:47.0677 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/12/19 09:26:48.0067 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2010/12/19 09:26:48.0160 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2010/12/19 09:26:48.0254 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2010/12/19 09:26:48.0566 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 2010/12/19 09:26:48.0628 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 2010/12/19 09:26:48.0753 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/12/19 09:26:49.0112 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2010/12/19 09:26:49.0174 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2010/12/19 09:26:49.0221 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2010/12/19 09:26:49.0424 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2010/12/19 09:26:49.0673 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2010/12/19 09:26:49.0736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2010/12/19 09:26:49.0798 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/12/19 09:26:49.0892 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2010/12/19 09:26:49.0954 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2010/12/19 09:26:50.0297 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2010/12/19 09:26:50.0360 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2010/12/19 09:26:50.0485 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2010/12/19 09:26:50.0594 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2010/12/19 09:26:50.0687 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/12/19 09:26:50.0921 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2010/12/19 09:26:50.0984 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2010/12/19 09:26:51.0155 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/12/19 09:26:51.0218 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/12/19 09:26:51.0452 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/12/19 09:26:51.0499 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2010/12/19 09:26:51.0608 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2010/12/19 09:26:51.0655 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/12/19 09:26:51.0717 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/12/19 09:26:51.0951 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2010/12/19 09:26:52.0045 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2010/12/19 09:26:52.0138 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2010/12/19 09:26:52.0232 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2010/12/19 09:26:52.0310 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2010/12/19 09:26:52.0575 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2010/12/19 09:26:52.0700 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2010/12/19 09:26:52.0903 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2010/12/19 09:26:53.0074 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/12/19 09:26:53.0277 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2010/12/19 09:26:53.0433 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2010/12/19 09:26:53.0651 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys 2010/12/19 09:26:53.0932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/12/19 09:26:54.0151 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2010/12/19 09:26:54.0260 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2010/12/19 09:26:54.0338 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2010/12/19 09:26:54.0587 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/12/19 09:26:54.0681 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2010/12/19 09:26:54.0775 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/12/19 09:26:55.0009 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/12/19 09:26:55.0227 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2010/12/19 09:26:55.0367 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/12/19 09:26:55.0523 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/12/19 09:26:55.0757 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2010/12/19 09:26:56.0225 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2010/12/19 09:26:56.0459 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2010/12/19 09:26:56.0506 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2010/12/19 09:26:56.0693 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2010/12/19 09:26:56.0849 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2010/12/19 09:26:57.0021 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2010/12/19 09:26:57.0146 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2010/12/19 09:26:57.0380 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/12/19 09:26:57.0536 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys 2010/12/19 09:26:57.0676 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2010/12/19 09:26:58.0035 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys 2010/12/19 09:26:58.0160 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2010/12/19 09:26:58.0238 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2010/12/19 09:26:58.0597 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2010/12/19 09:26:59.0096 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys 2010/12/19 09:26:59.0954 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2010/12/19 09:27:01.0030 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2010/12/19 09:27:01.0529 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2010/12/19 09:27:01.0607 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2010/12/19 09:27:01.0670 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2010/12/19 09:27:01.0717 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2010/12/19 09:27:01.0763 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2010/12/19 09:27:02.0091 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/12/19 09:27:02.0169 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2010/12/19 09:27:02.0231 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2010/12/19 09:27:02.0341 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2010/12/19 09:27:02.0653 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2010/12/19 09:27:02.0731 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys 2010/12/19 09:27:02.0777 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2010/12/19 09:27:02.0933 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 2010/12/19 09:27:03.0277 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2010/12/19 09:27:03.0651 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/12/19 09:27:03.0823 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2010/12/19 09:27:03.0994 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2010/12/19 09:27:04.0072 usbhub (0db84eda895894ba222e27acf597c806) C:\Windows\system32\DRIVERS\usbhub.sys 2010/12/19 09:27:04.0166 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2010/12/19 09:27:04.0322 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2010/12/19 09:27:04.0525 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys 2010/12/19 09:27:04.0618 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 2010/12/19 09:27:04.0743 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/12/19 09:27:04.0852 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/12/19 09:27:05.0133 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 2010/12/19 09:27:05.0164 Suspicious service (NoAccess): vbmaf29c 2010/12/19 09:27:05.0305 vbmaf29c (d88e4ab2589207e77d7e1113476b515f) C:\Windows\system32\drivers\vbmaf29c.sys 2010/12/19 09:27:05.0305 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: d88e4ab2589207e77d7e1113476b515f 2010/12/19 09:27:05.0320 vbmaf29c - detected Locked service (1) 2010/12/19 09:27:05.0476 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2010/12/19 09:27:05.0632 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/12/19 09:27:05.0741 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2010/12/19 09:27:05.0804 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2010/12/19 09:27:05.0897 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2010/12/19 09:27:06.0053 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2010/12/19 09:27:06.0163 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2010/12/19 09:27:06.0272 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2010/12/19 09:27:06.0397 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/12/19 09:27:06.0459 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2010/12/19 09:27:06.0631 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2010/12/19 09:27:06.0693 volsnap (70f41d1ebdd9ee6ed2fd0fc05aa1fc13) C:\Windows\system32\DRIVERS\volsnap.sys 2010/12/19 09:27:06.0802 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys 2010/12/19 09:27:06.0911 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys 2010/12/19 09:27:07.0036 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys 2010/12/19 09:27:07.0208 vpcvmm (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys 2010/12/19 09:27:07.0348 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/12/19 09:27:07.0411 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2010/12/19 09:27:07.0535 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2010/12/19 09:27:07.0691 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2010/12/19 09:27:07.0769 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2010/12/19 09:27:07.0910 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/19 09:27:07.0925 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/19 09:27:08.0097 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2010/12/19 09:27:08.0175 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2010/12/19 09:27:08.0378 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/12/19 09:27:08.0425 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2010/12/19 09:27:08.0581 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2010/12/19 09:27:08.0861 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys 2010/12/19 09:27:09.0095 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/12/19 09:27:09.0251 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/12/19 09:27:09.0345 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2010/12/19 09:27:09.0439 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/12/19 09:27:09.0641 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 2010/12/19 09:27:09.0922 ZTEusbmdm6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 2010/12/19 09:27:10.0047 ZTEusbnmea (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 2010/12/19 09:27:10.0109 ZTEusbser6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 2010/12/19 09:27:10.0203 ================================================================================ 2010/12/19 09:27:10.0203 Scan finished 2010/12/19 09:27:10.0203 ================================================================================ 2010/12/19 09:27:10.0219 Detected object count: 2 2010/12/19 09:55:40.0652 NetBT (bc1acb2feda26704285d15342270d264) C:\Windows\system32\DRIVERS\netbt.sys 2010/12/19 09:55:40.0652 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: bc1acb2feda26704285d15342270d264, Fake md5: dd52a733bf4ca5af84562a5e2f963b91 2010/12/19 09:55:40.0668 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine 2010/12/19 09:55:40.0668 Forged file(NetBT) - User select action: Quarantine 2010/12/19 09:55:40.0762 vbmaf29c (d88e4ab2589207e77d7e1113476b515f) C:\Windows\system32\drivers\vbmaf29c.sys 2010/12/19 09:55:40.0762 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: d88e4ab2589207e77d7e1113476b515f 2010/12/19 09:55:40.0762 C:\Windows\system32\drivers\vbmaf29c.sys - copied to quarantine 2010/12/19 09:55:40.0777 Locked service(vbmaf29c) - User select action: Quarantine
  10. Ran it again and quarantined the results. Here is the log: 2010/12/18 22:19:32.0968 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/18 22:19:32.0968 ================================================================================ 2010/12/18 22:19:32.0968 SystemInfo: 2010/12/18 22:19:32.0968 2010/12/18 22:19:32.0968 OS Version: 6.1.7600 ServicePack: 0.0 2010/12/18 22:19:32.0969 Product type: Workstation 2010/12/18 22:19:32.0969 ComputerName: ZERO 2010/12/18 22:19:32.0970 UserName: Jay 2010/12/18 22:19:32.0970 Windows directory: C:\Windows 2010/12/18 22:19:32.0970 System windows directory: C:\Windows 2010/12/18 22:19:32.0970 Processor architecture: Intel x86 2010/12/18 22:19:32.0970 Number of processors: 2 2010/12/18 22:19:32.0970 Page size: 0x1000 2010/12/18 22:19:32.0970 Boot type: Normal boot 2010/12/18 22:19:32.0970 ================================================================================ 2010/12/18 22:19:33.0445 Initialize success 2010/12/18 22:19:34.0577 ================================================================================ 2010/12/18 22:19:34.0577 Scan started 2010/12/18 22:19:34.0577 Mode: Manual; 2010/12/18 22:19:34.0577 ================================================================================ 2010/12/18 22:19:36.0458 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2010/12/18 22:19:36.0537 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2010/12/18 22:19:36.0662 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2010/12/18 22:19:36.0774 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/12/18 22:19:37.0003 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2010/12/18 22:19:37.0105 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2010/12/18 22:19:37.0264 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2010/12/18 22:19:37.0324 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2010/12/18 22:19:37.0578 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2010/12/18 22:19:37.0676 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2010/12/18 22:19:37.0847 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2010/12/18 22:19:37.0903 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2010/12/18 22:19:38.0143 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2010/12/18 22:19:38.0211 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2010/12/18 22:19:38.0298 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2010/12/18 22:19:38.0417 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/12/18 22:19:38.0487 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2010/12/18 22:19:38.0795 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2010/12/18 22:19:38.0964 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2010/12/18 22:19:39.0043 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2010/12/18 22:19:39.0293 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/12/18 22:19:39.0355 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2010/12/18 22:19:39.0600 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/12/18 22:19:39.0899 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/12/18 22:19:40.0053 avipbb (7cefb5eca1f711d0ab996c98b38a2d5a) C:\Windows\system32\DRIVERS\avipbb.sys 2010/12/18 22:19:40.0204 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2010/12/18 22:19:40.0479 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2010/12/18 22:19:40.0759 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys 2010/12/18 22:19:40.0887 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2010/12/18 22:19:40.0997 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2010/12/18 22:19:41.0358 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/12/18 22:19:41.0458 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2010/12/18 22:19:41.0513 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/12/18 22:19:41.0620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/12/18 22:19:41.0764 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2010/12/18 22:19:41.0898 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/12/18 22:19:41.0974 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/12/18 22:19:42.0029 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/12/18 22:19:42.0247 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2010/12/18 22:19:42.0425 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/12/18 22:19:42.0544 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2010/12/18 22:19:42.0609 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2010/12/18 22:19:42.0737 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2010/12/18 22:19:42.0931 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys 2010/12/18 22:19:43.0139 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2010/12/18 22:19:43.0222 cdrom (656d1ec977e3c5316a62dbbe52cb9663) C:\Windows\system32\DRIVERS\cdrom.sys 2010/12/18 22:19:43.0362 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2010/12/18 22:19:43.0493 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2010/12/18 22:19:43.0700 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/12/18 22:19:43.0763 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2010/12/18 22:19:43.0868 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2010/12/18 22:19:43.0965 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2010/12/18 22:19:44.0158 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/12/18 22:19:44.0384 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/12/18 22:19:44.0578 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2010/12/18 22:19:44.0728 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2010/12/18 22:19:44.0859 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2010/12/18 22:19:44.0965 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2010/12/18 22:19:45.0191 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2010/12/18 22:19:45.0336 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2010/12/18 22:19:45.0595 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2010/12/18 22:19:45.0837 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2010/12/18 22:19:45.0968 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2010/12/18 22:19:46.0136 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2010/12/18 22:19:46.0196 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2010/12/18 22:19:46.0456 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2010/12/18 22:19:46.0748 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2010/12/18 22:19:46.0795 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2010/12/18 22:19:46.0853 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/12/18 22:19:47.0042 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2010/12/18 22:19:47.0272 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2010/12/18 22:19:47.0319 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2010/12/18 22:19:47.0393 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2010/12/18 22:19:47.0565 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/12/18 22:19:47.0691 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/12/18 22:19:47.0814 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2010/12/18 22:19:47.0952 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2010/12/18 22:19:48.0133 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/12/18 22:19:48.0198 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/12/18 22:19:48.0313 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2010/12/18 22:19:48.0407 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2010/12/18 22:19:48.0497 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2010/12/18 22:19:48.0707 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\Windows\system32\drivers\hitmanpro35.sys 2010/12/18 22:19:48.0888 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/12/18 22:19:49.0073 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2010/12/18 22:19:49.0279 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2010/12/18 22:19:49.0437 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2010/12/18 22:19:49.0501 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2010/12/18 22:19:49.0675 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/12/18 22:19:49.0893 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2010/12/18 22:19:49.0987 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2010/12/18 22:19:50.0160 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2010/12/18 22:19:50.0294 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2010/12/18 22:19:50.0464 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/12/18 22:19:50.0539 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2010/12/18 22:19:50.0666 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2010/12/18 22:19:50.0879 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2010/12/18 22:19:51.0049 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2010/12/18 22:19:51.0379 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/12/18 22:19:51.0587 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/12/18 22:19:51.0748 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/12/18 22:19:51.0839 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2010/12/18 22:19:51.0965 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2010/12/18 22:19:52.0203 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/12/18 22:19:52.0362 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/12/18 22:19:52.0452 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/12/18 22:19:52.0663 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/12/18 22:19:52.0874 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/12/18 22:19:53.0010 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2010/12/18 22:19:53.0164 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2010/12/18 22:19:53.0321 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2010/12/18 22:19:53.0422 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/12/18 22:19:53.0586 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2010/12/18 22:19:53.0911 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2010/12/18 22:19:54.0176 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2010/12/18 22:19:54.0294 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2010/12/18 22:19:54.0349 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2010/12/18 22:19:54.0500 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2010/12/18 22:19:54.0554 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2010/12/18 22:19:54.0625 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2010/12/18 22:19:54.0817 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/12/18 22:19:54.0893 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/12/18 22:19:55.0015 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/12/18 22:19:55.0126 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2010/12/18 22:19:55.0255 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2010/12/18 22:19:55.0368 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2010/12/18 22:19:55.0420 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2010/12/18 22:19:55.0469 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2010/12/18 22:19:55.0675 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2010/12/18 22:19:55.0782 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/12/18 22:19:55.0855 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2010/12/18 22:19:55.0912 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2010/12/18 22:19:55.0980 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/12/18 22:19:56.0168 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2010/12/18 22:19:56.0281 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/12/18 22:19:56.0335 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2010/12/18 22:19:56.0421 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2010/12/18 22:19:56.0640 NDIS (779e9149d3662ed6beb58a67e3c775f4) C:\Windows\system32\drivers\ndis.sys 2010/12/18 22:19:56.0837 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/12/18 22:19:56.0895 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/12/18 22:19:57.0097 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/12/18 22:19:57.0290 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/12/18 22:19:57.0355 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2010/12/18 22:19:57.0421 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2010/12/18 22:19:57.0591 NetBT (bc1acb2feda26704285d15342270d264) C:\Windows\system32\DRIVERS\netbt.sys 2010/12/18 22:19:57.0818 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/12/18 22:19:57.0972 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys 2010/12/18 22:19:58.0152 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys 2010/12/18 22:19:58.0386 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys 2010/12/18 22:19:58.0516 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys 2010/12/18 22:19:58.0769 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2010/12/18 22:19:59.0204 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2010/12/18 22:19:59.0307 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2010/12/18 22:19:59.0397 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2010/12/18 22:19:59.0927 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/12/18 22:20:00.0576 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2010/12/18 22:20:00.0663 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2010/12/18 22:20:00.0825 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2010/12/18 22:20:00.0988 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 2010/12/18 22:20:01.0243 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 2010/12/18 22:20:01.0351 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/12/18 22:20:01.0504 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2010/12/18 22:20:01.0553 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2010/12/18 22:20:01.0609 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2010/12/18 22:20:01.0867 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2010/12/18 22:20:02.0035 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2010/12/18 22:20:02.0096 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2010/12/18 22:20:02.0174 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/12/18 22:20:02.0340 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2010/12/18 22:20:02.0463 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2010/12/18 22:20:02.0711 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2010/12/18 22:20:02.0782 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2010/12/18 22:20:02.0978 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2010/12/18 22:20:03.0198 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2010/12/18 22:20:03.0362 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/12/18 22:20:03.0442 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2010/12/18 22:20:03.0619 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2010/12/18 22:20:03.0782 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/12/18 22:20:03.0923 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/12/18 22:20:04.0125 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/12/18 22:20:04.0245 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2010/12/18 22:20:04.0565 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2010/12/18 22:20:04.0625 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/12/18 22:20:04.0781 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/12/18 22:20:04.0845 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2010/12/18 22:20:04.0990 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2010/12/18 22:20:05.0487 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2010/12/18 22:20:05.0722 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2010/12/18 22:20:05.0795 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2010/12/18 22:20:05.0967 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2010/12/18 22:20:06.0104 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2010/12/18 22:20:06.0371 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2010/12/18 22:20:06.0490 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/12/18 22:20:06.0580 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2010/12/18 22:20:06.0644 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2010/12/18 22:20:06.0845 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys 2010/12/18 22:20:07.0026 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/12/18 22:20:07.0162 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2010/12/18 22:20:07.0252 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2010/12/18 22:20:07.0360 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2010/12/18 22:20:07.0614 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/12/18 22:20:07.0671 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2010/12/18 22:20:07.0778 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/12/18 22:20:07.0922 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/12/18 22:20:08.0082 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2010/12/18 22:20:08.0186 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/12/18 22:20:08.0303 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/12/18 22:20:08.0434 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2010/12/18 22:20:08.0604 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2010/12/18 22:20:08.0805 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2010/12/18 22:20:08.0921 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2010/12/18 22:20:09.0148 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2010/12/18 22:20:09.0382 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2010/12/18 22:20:09.0520 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2010/12/18 22:20:09.0660 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2010/12/18 22:20:09.0848 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/12/18 22:20:10.0081 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys 2010/12/18 22:20:10.0278 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2010/12/18 22:20:10.0414 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys 2010/12/18 22:20:10.0596 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2010/12/18 22:20:10.0663 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2010/12/18 22:20:10.0929 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2010/12/18 22:20:11.0067 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys 2010/12/18 22:20:11.0379 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2010/12/18 22:20:11.0740 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2010/12/18 22:20:11.0869 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2010/12/18 22:20:11.0938 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2010/12/18 22:20:12.0109 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2010/12/18 22:20:12.0169 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2010/12/18 22:20:12.0301 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2010/12/18 22:20:12.0494 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/12/18 22:20:12.0698 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2010/12/18 22:20:12.0787 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2010/12/18 22:20:12.0921 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2010/12/18 22:20:13.0065 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2010/12/18 22:20:13.0223 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys 2010/12/18 22:20:13.0301 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2010/12/18 22:20:13.0513 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 2010/12/18 22:20:13.0700 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2010/12/18 22:20:13.0875 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/12/18 22:20:13.0937 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2010/12/18 22:20:14.0058 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2010/12/18 22:20:14.0209 usbhub (0db84eda895894ba222e27acf597c806) C:\Windows\system32\DRIVERS\usbhub.sys 2010/12/18 22:20:14.0391 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2010/12/18 22:20:14.0480 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2010/12/18 22:20:14.0643 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys 2010/12/18 22:20:14.0721 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 2010/12/18 22:20:14.0844 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/12/18 22:20:15.0019 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/12/18 22:20:15.0358 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 2010/12/18 22:20:15.0387 Suspicious service (NoAccess): vbmaf29c 2010/12/18 22:20:15.0540 vbmaf29c (d88e4ab2589207e77d7e1113476b515f) C:\Windows\system32\drivers\vbmaf29c.sys 2010/12/18 22:20:15.0540 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: d88e4ab2589207e77d7e1113476b515f 2010/12/18 22:20:15.0551 vbmaf29c - detected Locked service (1) 2010/12/18 22:20:15.0813 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2010/12/18 22:20:15.0913 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/12/18 22:20:15.0974 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2010/12/18 22:20:16.0039 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2010/12/18 22:20:16.0285 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2010/12/18 22:20:16.0353 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2010/12/18 22:20:16.0432 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2010/12/18 22:20:16.0507 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2010/12/18 22:20:16.0579 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/12/18 22:20:16.0796 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2010/12/18 22:20:16.0854 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2010/12/18 22:20:16.0936 volsnap (70f41d1ebdd9ee6ed2fd0fc05aa1fc13) C:\Windows\system32\DRIVERS\volsnap.sys 2010/12/18 22:20:17.0003 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys 2010/12/18 22:20:17.0258 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys 2010/12/18 22:20:17.0371 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys 2010/12/18 22:20:17.0442 vpcvmm (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys 2010/12/18 22:20:17.0565 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/12/18 22:20:17.0768 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2010/12/18 22:20:17.0864 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2010/12/18 22:20:17.0951 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2010/12/18 22:20:18.0040 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2010/12/18 22:20:18.0280 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/18 22:20:18.0300 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/18 22:20:18.0432 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2010/12/18 22:20:18.0506 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2010/12/18 22:20:18.0627 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/12/18 22:20:18.0821 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2010/12/18 22:20:18.0993 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2010/12/18 22:20:19.0194 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys 2010/12/18 22:20:19.0364 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/12/18 22:20:19.0584 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/12/18 22:20:19.0674 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2010/12/18 22:20:19.0727 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/12/18 22:20:19.0867 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 2010/12/18 22:20:20.0141 ZTEusbmdm6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 2010/12/18 22:20:20.0273 ZTEusbnmea (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 2010/12/18 22:20:20.0340 ZTEusbser6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 2010/12/18 22:20:20.0448 ================================================================================ 2010/12/18 22:20:20.0448 Scan finished 2010/12/18 22:20:20.0448 ================================================================================ 2010/12/18 22:20:20.0467 Detected object count: 1 2010/12/18 22:20:32.0275 vbmaf29c (d88e4ab2589207e77d7e1113476b515f) C:\Windows\system32\drivers\vbmaf29c.sys 2010/12/18 22:20:32.0276 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: d88e4ab2589207e77d7e1113476b515f 2010/12/18 22:20:32.0282 C:\Windows\system32\drivers\vbmaf29c.sys - copied to quarantine 2010/12/18 22:20:32.0285 Locked service(vbmaf29c) - User select action: Quarantine
  11. Combofix won't run...when I run it as administrator, it will start to install but when it fills up the bar it does nothing. It does create a folder named '32788R22FWJFW' in my C:\ drive. Is there an executable there that I can run?
  12. Still two threats, copied both to quarantine. Here's the new log: 2010/12/18 03:16:56.0939 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/18 03:16:56.0939 ================================================================================ 2010/12/18 03:16:56.0939 SystemInfo: 2010/12/18 03:16:56.0939 2010/12/18 03:16:56.0939 OS Version: 6.1.7600 ServicePack: 0.0 2010/12/18 03:16:56.0939 Product type: Workstation 2010/12/18 03:16:56.0939 ComputerName: ZERO 2010/12/18 03:16:56.0946 UserName: Jay 2010/12/18 03:16:56.0946 Windows directory: C:\Windows 2010/12/18 03:16:56.0946 System windows directory: C:\Windows 2010/12/18 03:16:56.0946 Processor architecture: Intel x86 2010/12/18 03:16:56.0946 Number of processors: 2 2010/12/18 03:16:56.0947 Page size: 0x1000 2010/12/18 03:16:56.0947 Boot type: Normal boot 2010/12/18 03:16:56.0947 ================================================================================ 2010/12/18 03:16:57.0396 Initialize success 2010/12/18 03:16:58.0398 ================================================================================ 2010/12/18 03:16:58.0398 Scan started 2010/12/18 03:16:58.0398 Mode: Manual; 2010/12/18 03:16:58.0398 ================================================================================ 2010/12/18 03:17:00.0480 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2010/12/18 03:17:00.0556 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2010/12/18 03:17:00.0684 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2010/12/18 03:17:00.0784 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/12/18 03:17:01.0013 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2010/12/18 03:17:01.0105 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2010/12/18 03:17:01.0264 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2010/12/18 03:17:01.0323 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2010/12/18 03:17:01.0578 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2010/12/18 03:17:01.0675 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2010/12/18 03:17:01.0791 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2010/12/18 03:17:01.0847 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2010/12/18 03:17:02.0087 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2010/12/18 03:17:02.0155 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2010/12/18 03:17:02.0297 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2010/12/18 03:17:02.0373 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/12/18 03:17:02.0431 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2010/12/18 03:17:02.0705 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2010/12/18 03:17:02.0864 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2010/12/18 03:17:02.0931 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2010/12/18 03:17:03.0182 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/12/18 03:17:03.0232 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2010/12/18 03:17:03.0466 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/12/18 03:17:03.0765 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/12/18 03:17:03.0817 avipbb (7cefb5eca1f711d0ab996c98b38a2d5a) C:\Windows\system32\DRIVERS\avipbb.sys 2010/12/18 03:17:04.0004 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2010/12/18 03:17:04.0274 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2010/12/18 03:17:04.0491 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys 2010/12/18 03:17:04.0609 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2010/12/18 03:17:04.0764 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2010/12/18 03:17:04.0948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/12/18 03:17:05.0026 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2010/12/18 03:17:05.0080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/12/18 03:17:05.0142 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/12/18 03:17:05.0309 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2010/12/18 03:17:05.0599 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/12/18 03:17:05.0661 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/12/18 03:17:05.0718 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/12/18 03:17:05.0888 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2010/12/18 03:17:05.0993 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/12/18 03:17:06.0155 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2010/12/18 03:17:06.0228 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2010/12/18 03:17:06.0393 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2010/12/18 03:17:06.0521 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys 2010/12/18 03:17:06.0762 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2010/12/18 03:17:06.0900 cdrom (656d1ec977e3c5316a62dbbe52cb9663) C:\Windows\system32\DRIVERS\cdrom.sys 2010/12/18 03:17:06.0975 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2010/12/18 03:17:07.0092 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2010/12/18 03:17:07.0344 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/12/18 03:17:07.0453 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2010/12/18 03:17:07.0502 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2010/12/18 03:17:07.0577 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2010/12/18 03:17:07.0625 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/12/18 03:17:07.0874 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/12/18 03:17:08.0012 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2010/12/18 03:17:08.0095 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2010/12/18 03:17:08.0193 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2010/12/18 03:17:08.0377 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2010/12/18 03:17:08.0569 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2010/12/18 03:17:08.0647 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2010/12/18 03:17:08.0854 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2010/12/18 03:17:09.0114 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2010/12/18 03:17:09.0224 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2010/12/18 03:17:09.0359 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2010/12/18 03:17:09.0408 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2010/12/18 03:17:09.0590 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2010/12/18 03:17:09.0715 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2010/12/18 03:17:09.0818 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2010/12/18 03:17:09.0876 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/12/18 03:17:10.0009 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2010/12/18 03:17:10.0183 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2010/12/18 03:17:10.0286 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2010/12/18 03:17:10.0338 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2010/12/18 03:17:10.0465 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/12/18 03:17:10.0758 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/12/18 03:17:10.0982 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2010/12/18 03:17:11.0108 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2010/12/18 03:17:11.0242 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/12/18 03:17:11.0409 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/12/18 03:17:11.0525 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2010/12/18 03:17:11.0597 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2010/12/18 03:17:11.0764 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2010/12/18 03:17:12.0074 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\Windows\system32\drivers\hitmanpro35.sys 2010/12/18 03:17:12.0211 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/12/18 03:17:12.0362 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2010/12/18 03:17:12.0646 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2010/12/18 03:17:12.0780 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2010/12/18 03:17:12.0835 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2010/12/18 03:17:13.0063 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/12/18 03:17:13.0205 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2010/12/18 03:17:13.0277 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2010/12/18 03:17:13.0527 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2010/12/18 03:17:13.0685 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2010/12/18 03:17:13.0754 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/12/18 03:17:13.0829 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2010/12/18 03:17:14.0111 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2010/12/18 03:17:14.0202 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2010/12/18 03:17:14.0246 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2010/12/18 03:17:14.0510 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/12/18 03:17:14.0641 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/12/18 03:17:14.0693 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/12/18 03:17:14.0895 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2010/12/18 03:17:15.0077 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2010/12/18 03:17:15.0225 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/12/18 03:17:15.0318 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/12/18 03:17:15.0508 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/12/18 03:17:15.0647 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/12/18 03:17:15.0708 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/12/18 03:17:15.0843 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2010/12/18 03:17:16.0119 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2010/12/18 03:17:16.0242 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2010/12/18 03:17:16.0355 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/12/18 03:17:16.0444 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2010/12/18 03:17:16.0566 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2010/12/18 03:17:16.0709 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2010/12/18 03:17:16.0849 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2010/12/18 03:17:16.0949 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2010/12/18 03:17:17.0066 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2010/12/18 03:17:17.0188 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2010/12/18 03:17:17.0258 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2010/12/18 03:17:17.0371 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/12/18 03:17:17.0426 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/12/18 03:17:17.0537 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/12/18 03:17:17.0725 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2010/12/18 03:17:17.0799 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2010/12/18 03:17:17.0879 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2010/12/18 03:17:17.0930 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2010/12/18 03:17:18.0035 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2010/12/18 03:17:18.0252 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2010/12/18 03:17:18.0314 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/12/18 03:17:18.0388 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2010/12/18 03:17:18.0445 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2010/12/18 03:17:18.0557 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/12/18 03:17:18.0623 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2010/12/18 03:17:18.0803 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/12/18 03:17:18.0856 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2010/12/18 03:17:18.0943 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2010/12/18 03:17:19.0103 NDIS (779e9149d3662ed6beb58a67e3c775f4) C:\Windows\system32\drivers\ndis.sys 2010/12/18 03:17:19.0292 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/12/18 03:17:19.0361 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/12/18 03:17:19.0419 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/12/18 03:17:19.0533 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/12/18 03:17:19.0710 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2010/12/18 03:17:19.0776 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2010/12/18 03:17:19.0835 NetBT (bc1acb2feda26704285d15342270d264) C:\Windows\system32\DRIVERS\netbt.sys 2010/12/18 03:17:19.0837 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: bc1acb2feda26704285d15342270d264, Fake md5: dd52a733bf4ca5af84562a5e2f963b91 2010/12/18 03:17:19.0845 NetBT - detected Forged file (1) 2010/12/18 03:17:20.0129 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/12/18 03:17:20.0327 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys 2010/12/18 03:17:20.0406 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys 2010/12/18 03:17:20.0596 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys 2010/12/18 03:17:20.0694 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys 2010/12/18 03:17:20.0891 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2010/12/18 03:17:21.0321 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2010/12/18 03:17:21.0575 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2010/12/18 03:17:21.0629 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2010/12/18 03:17:22.0084 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/12/18 03:17:22.0266 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2010/12/18 03:17:22.0419 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2010/12/18 03:17:22.0559 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2010/12/18 03:17:22.0712 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 2010/12/18 03:17:22.0821 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 2010/12/18 03:17:22.0963 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/12/18 03:17:23.0127 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2010/12/18 03:17:23.0176 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2010/12/18 03:17:23.0243 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2010/12/18 03:17:23.0523 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2010/12/18 03:17:23.0647 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2010/12/18 03:17:23.0708 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2010/12/18 03:17:23.0786 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/12/18 03:17:23.0941 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2010/12/18 03:17:24.0029 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2010/12/18 03:17:24.0244 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2010/12/18 03:17:24.0316 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2010/12/18 03:17:24.0501 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2010/12/18 03:17:24.0635 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2010/12/18 03:17:24.0784 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/12/18 03:17:24.0853 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2010/12/18 03:17:24.0975 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2010/12/18 03:17:25.0105 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/12/18 03:17:25.0179 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/12/18 03:17:25.0315 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/12/18 03:17:25.0423 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2010/12/18 03:17:25.0488 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2010/12/18 03:17:25.0604 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/12/18 03:17:25.0671 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/12/18 03:17:25.0800 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2010/12/18 03:17:25.0925 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2010/12/18 03:17:25.0988 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2010/12/18 03:17:26.0089 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2010/12/18 03:17:26.0229 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2010/12/18 03:17:26.0456 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2010/12/18 03:17:26.0637 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2010/12/18 03:17:26.0793 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2010/12/18 03:17:26.0923 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/12/18 03:17:27.0102 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2010/12/18 03:17:27.0167 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2010/12/18 03:17:27.0323 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys 2010/12/18 03:17:27.0515 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/12/18 03:17:27.0707 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2010/12/18 03:17:27.0785 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2010/12/18 03:17:27.0860 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2010/12/18 03:17:28.0089 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/12/18 03:17:28.0250 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2010/12/18 03:17:28.0323 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/12/18 03:17:28.0444 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/12/18 03:17:28.0526 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2010/12/18 03:17:28.0664 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/12/18 03:17:28.0815 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/12/18 03:17:28.0901 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2010/12/18 03:17:29.0213 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2010/12/18 03:17:29.0473 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2010/12/18 03:17:29.0731 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2010/12/18 03:17:29.0860 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2010/12/18 03:17:29.0982 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2010/12/18 03:17:30.0156 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2010/12/18 03:17:30.0293 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2010/12/18 03:17:30.0449 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/12/18 03:17:30.0582 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys 2010/12/18 03:17:30.0790 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2010/12/18 03:17:30.0980 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys 2010/12/18 03:17:31.0062 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2010/12/18 03:17:31.0140 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2010/12/18 03:17:31.0206 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2010/12/18 03:17:31.0389 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys 2010/12/18 03:17:31.0627 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2010/12/18 03:17:31.0771 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2010/12/18 03:17:31.0913 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2010/12/18 03:17:32.0025 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2010/12/18 03:17:32.0141 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2010/12/18 03:17:32.0231 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2010/12/18 03:17:32.0310 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2010/12/18 03:17:32.0471 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/12/18 03:17:32.0653 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2010/12/18 03:17:32.0775 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2010/12/18 03:17:32.0854 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2010/12/18 03:17:33.0005 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2010/12/18 03:17:33.0178 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys 2010/12/18 03:17:33.0278 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2010/12/18 03:17:33.0412 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 2010/12/18 03:17:33.0533 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2010/12/18 03:17:33.0686 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/12/18 03:17:33.0803 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2010/12/18 03:17:33.0880 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2010/12/18 03:17:33.0976 usbhub (0db84eda895894ba222e27acf597c806) C:\Windows\system32\DRIVERS\usbhub.sys 2010/12/18 03:17:34.0191 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2010/12/18 03:17:34.0401 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2010/12/18 03:17:34.0565 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys 2010/12/18 03:17:34.0709 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 2010/12/18 03:17:34.0754 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/12/18 03:17:34.0863 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/12/18 03:17:35.0047 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 2010/12/18 03:17:35.0098 Suspicious service (NoAccess): vbmaf29c 2010/12/18 03:17:35.0283 vbmaf29c (d88e4ab2589207e77d7e1113476b515f) C:\Windows\system32\drivers\vbmaf29c.sys 2010/12/18 03:17:35.0284 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: d88e4ab2589207e77d7e1113476b515f 2010/12/18 03:17:35.0295 vbmaf29c - detected Locked service (1) 2010/12/18 03:17:35.0412 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2010/12/18 03:17:35.0557 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/12/18 03:17:35.0618 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2010/12/18 03:17:35.0739 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2010/12/18 03:17:35.0873 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2010/12/18 03:17:35.0986 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2010/12/18 03:17:36.0053 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2010/12/18 03:17:36.0195 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2010/12/18 03:17:36.0267 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/12/18 03:17:36.0395 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2010/12/18 03:17:36.0509 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2010/12/18 03:17:36.0580 volsnap (70f41d1ebdd9ee6ed2fd0fc05aa1fc13) C:\Windows\system32\DRIVERS\volsnap.sys 2010/12/18 03:17:36.0702 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys 2010/12/18 03:17:36.0835 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys 2010/12/18 03:17:37.0059 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys 2010/12/18 03:17:37.0185 vpcvmm (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys 2010/12/18 03:17:37.0309 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/12/18 03:17:37.0404 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2010/12/18 03:17:37.0508 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2010/12/18 03:17:37.0584 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2010/12/18 03:17:37.0739 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2010/12/18 03:17:37.0879 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/18 03:17:37.0908 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/18 03:17:38.0109 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2010/12/18 03:17:38.0183 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2010/12/18 03:17:38.0359 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/12/18 03:17:38.0442 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2010/12/18 03:17:38.0591 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2010/12/18 03:17:38.0815 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys 2010/12/18 03:17:38.0963 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/12/18 03:17:39.0119 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/12/18 03:17:39.0296 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2010/12/18 03:17:39.0405 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/12/18 03:17:39.0623 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 2010/12/18 03:17:39.0785 ZTEusbmdm6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 2010/12/18 03:17:39.0910 ZTEusbnmea (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 2010/12/18 03:17:40.0255 ZTEusbser6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 2010/12/18 03:17:40.0370 ================================================================================ 2010/12/18 03:17:40.0370 Scan finished 2010/12/18 03:17:40.0370 ================================================================================ 2010/12/18 03:17:40.0389 Detected object count: 2 2010/12/18 03:17:45.0162 NetBT (bc1acb2feda26704285d15342270d264) C:\Windows\system32\DRIVERS\netbt.sys 2010/12/18 03:17:45.0163 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: bc1acb2feda26704285d15342270d264, Fake md5: dd52a733bf4ca5af84562a5e2f963b91 2010/12/18 03:17:45.0170 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine 2010/12/18 03:17:45.0174 Forged file(NetBT) - User select action: Quarantine 2010/12/18 03:17:45.0274 vbmaf29c (d88e4ab2589207e77d7e1113476b515f) C:\Windows\system32\drivers\vbmaf29c.sys 2010/12/18 03:17:45.0274 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: d88e4ab2589207e77d7e1113476b515f 2010/12/18 03:17:45.0278 C:\Windows\system32\drivers\vbmaf29c.sys - copied to quarantine 2010/12/18 03:17:45.0281 Locked service(vbmaf29c) - User select action: Quarantine
  13. Hi LDTate! Thanks so much for replying. Followed the instructions to the letter. When I ran TDSSKiller, it only detected 2 threats as I posted before: a forged service (NetBT) and a locked service (C:\Windows\system32\drivers\vbmaf29c.sys). The only options were Skip, Copy to Quarantine and Delete but I chose to skip. My computer is actually behaving OK at the moment. I can still surf the net, but sometimes it redirects to other websites when I click valid Google search results as well as closing MBAM, HJT, my antivirus (Avira) and other programs that can help remove Malware as soon as they start to scan. After that, I can't access the program. When I try to reinstall MBAM for example, it will work and update and then when I start to scan, it will close again suddenly. Sometimes, there's a cmd window that pops out when it closes anti-malware programs but all I can get was 'SUCCESS' because it automatically closes. I also can't rename/delete files that were closed that way saying I don't have permission..but this is my admin account. Here is the copy of the TDSSKiller log: 2010/12/18 02:45:08.0391 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/18 02:45:08.0391 ================================================================================ 2010/12/18 02:45:08.0391 SystemInfo: 2010/12/18 02:45:08.0391 2010/12/18 02:45:08.0391 OS Version: 6.1.7600 ServicePack: 0.0 2010/12/18 02:45:08.0391 Product type: Workstation 2010/12/18 02:45:08.0391 ComputerName: ZERO 2010/12/18 02:45:08.0407 UserName: Jay 2010/12/18 02:45:08.0407 Windows directory: C:\Windows 2010/12/18 02:45:08.0407 System windows directory: C:\Windows 2010/12/18 02:45:08.0407 Processor architecture: Intel x86 2010/12/18 02:45:08.0407 Number of processors: 2 2010/12/18 02:45:08.0407 Page size: 0x1000 2010/12/18 02:45:08.0407 Boot type: Normal boot 2010/12/18 02:45:08.0407 ================================================================================ 2010/12/18 02:45:08.0859 Initialize success 2010/12/18 02:45:10.0294 ================================================================================ 2010/12/18 02:45:10.0294 Scan started 2010/12/18 02:45:10.0294 Mode: Manual; 2010/12/18 02:45:10.0294 ================================================================================ 2010/12/18 02:45:12.0775 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2010/12/18 02:45:12.0900 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2010/12/18 02:45:12.0993 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2010/12/18 02:45:13.0087 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/12/18 02:45:13.0290 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2010/12/18 02:45:13.0414 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2010/12/18 02:45:13.0508 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2010/12/18 02:45:13.0570 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2010/12/18 02:45:13.0820 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2010/12/18 02:45:13.0960 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2010/12/18 02:45:14.0101 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2010/12/18 02:45:14.0163 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2010/12/18 02:45:14.0350 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2010/12/18 02:45:14.0460 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2010/12/18 02:45:14.0584 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2010/12/18 02:45:14.0662 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/12/18 02:45:14.0725 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2010/12/18 02:45:14.0990 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2010/12/18 02:45:15.0177 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2010/12/18 02:45:15.0240 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2010/12/18 02:45:15.0474 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/12/18 02:45:15.0520 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2010/12/18 02:45:15.0739 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/12/18 02:45:15.0926 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/12/18 02:45:16.0082 avipbb (7cefb5eca1f711d0ab996c98b38a2d5a) C:\Windows\system32\DRIVERS\avipbb.sys 2010/12/18 02:45:16.0222 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2010/12/18 02:45:16.0394 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2010/12/18 02:45:16.0706 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys 2010/12/18 02:45:16.0893 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2010/12/18 02:45:17.0065 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2010/12/18 02:45:17.0252 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/12/18 02:45:17.0346 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2010/12/18 02:45:17.0392 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/12/18 02:45:17.0580 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/12/18 02:45:17.0782 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2010/12/18 02:45:17.0876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/12/18 02:45:17.0954 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/12/18 02:45:18.0126 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/12/18 02:45:18.0313 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2010/12/18 02:45:18.0360 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/12/18 02:45:18.0406 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2010/12/18 02:45:18.0484 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2010/12/18 02:45:18.0625 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2010/12/18 02:45:18.0859 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys 2010/12/18 02:45:18.0984 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2010/12/18 02:45:19.0140 cdrom (656d1ec977e3c5316a62dbbe52cb9663) C:\Windows\system32\DRIVERS\cdrom.sys 2010/12/18 02:45:19.0327 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2010/12/18 02:45:19.0452 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2010/12/18 02:45:19.0608 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/12/18 02:45:19.0717 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2010/12/18 02:45:19.0888 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2010/12/18 02:45:19.0966 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2010/12/18 02:45:20.0122 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/12/18 02:45:20.0544 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/12/18 02:45:20.0762 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2010/12/18 02:45:20.0856 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2010/12/18 02:45:20.0918 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2010/12/18 02:45:21.0121 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2010/12/18 02:45:21.0370 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2010/12/18 02:45:21.0448 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2010/12/18 02:45:21.0760 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2010/12/18 02:45:22.0104 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2010/12/18 02:45:22.0306 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2010/12/18 02:45:22.0400 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2010/12/18 02:45:22.0525 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2010/12/18 02:45:22.0681 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2010/12/18 02:45:22.0946 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2010/12/18 02:45:23.0164 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2010/12/18 02:45:23.0274 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/12/18 02:45:23.0383 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2010/12/18 02:45:23.0570 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2010/12/18 02:45:23.0632 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2010/12/18 02:45:23.0742 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2010/12/18 02:45:23.0866 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/12/18 02:45:24.0054 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/12/18 02:45:24.0178 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2010/12/18 02:45:24.0350 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2010/12/18 02:45:24.0475 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/12/18 02:45:24.0615 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/12/18 02:45:24.0724 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2010/12/18 02:45:24.0849 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2010/12/18 02:45:24.0990 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2010/12/18 02:45:25.0192 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\Windows\system32\drivers\hitmanpro35.sys 2010/12/18 02:45:25.0426 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/12/18 02:45:25.0629 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2010/12/18 02:45:25.0863 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2010/12/18 02:45:26.0066 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2010/12/18 02:45:26.0144 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2010/12/18 02:45:26.0269 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/12/18 02:45:26.0394 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2010/12/18 02:45:26.0518 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2010/12/18 02:45:26.0612 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2010/12/18 02:45:26.0752 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2010/12/18 02:45:26.0862 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/12/18 02:45:27.0002 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2010/12/18 02:45:27.0064 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2010/12/18 02:45:27.0220 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2010/12/18 02:45:27.0345 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2010/12/18 02:45:27.0470 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/12/18 02:45:27.0595 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/12/18 02:45:27.0735 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/12/18 02:45:27.0844 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2010/12/18 02:45:27.0969 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2010/12/18 02:45:28.0125 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/12/18 02:45:28.0328 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/12/18 02:45:28.0500 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/12/18 02:45:28.0578 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/12/18 02:45:28.0640 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/12/18 02:45:28.0749 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2010/12/18 02:45:28.0968 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2010/12/18 02:45:29.0139 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2010/12/18 02:45:29.0264 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/12/18 02:45:29.0342 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2010/12/18 02:45:29.0482 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2010/12/18 02:45:29.0654 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2010/12/18 02:45:29.0794 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2010/12/18 02:45:29.0857 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2010/12/18 02:45:29.0982 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2010/12/18 02:45:30.0153 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2010/12/18 02:45:30.0262 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2010/12/18 02:45:30.0403 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/12/18 02:45:30.0512 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/12/18 02:45:30.0699 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/12/18 02:45:30.0808 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2010/12/18 02:45:30.0871 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2010/12/18 02:45:30.0949 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2010/12/18 02:45:31.0058 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2010/12/18 02:45:31.0120 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2010/12/18 02:45:31.0354 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2010/12/18 02:45:31.0401 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/12/18 02:45:31.0464 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2010/12/18 02:45:31.0526 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2010/12/18 02:45:31.0651 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/12/18 02:45:31.0885 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2010/12/18 02:45:31.0932 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/12/18 02:45:31.0994 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2010/12/18 02:45:32.0072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2010/12/18 02:45:32.0244 NDIS (779e9149d3662ed6beb58a67e3c775f4) C:\Windows\system32\drivers\ndis.sys 2010/12/18 02:45:32.0478 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/12/18 02:45:32.0556 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/12/18 02:45:32.0665 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/12/18 02:45:32.0774 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/12/18 02:45:32.0836 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2010/12/18 02:45:33.0055 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2010/12/18 02:45:33.0102 NetBT (bc1acb2feda26704285d15342270d264) C:\Windows\system32\DRIVERS\netbt.sys 2010/12/18 02:45:33.0102 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: bc1acb2feda26704285d15342270d264, Fake md5: dd52a733bf4ca5af84562a5e2f963b91 2010/12/18 02:45:33.0117 NetBT - detected Forged file (1) 2010/12/18 02:45:33.0273 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/12/18 02:45:33.0429 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys 2010/12/18 02:45:33.0648 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys 2010/12/18 02:45:33.0835 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys 2010/12/18 02:45:33.0960 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys 2010/12/18 02:45:34.0412 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2010/12/18 02:45:34.0677 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2010/12/18 02:45:34.0974 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2010/12/18 02:45:35.0114 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2010/12/18 02:45:35.0598 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/12/18 02:45:35.0754 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2010/12/18 02:45:36.0035 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2010/12/18 02:45:36.0222 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2010/12/18 02:45:36.0471 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 2010/12/18 02:45:36.0627 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 2010/12/18 02:45:36.0815 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/12/18 02:45:37.0033 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2010/12/18 02:45:37.0080 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2010/12/18 02:45:37.0205 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2010/12/18 02:45:37.0392 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2010/12/18 02:45:37.0563 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2010/12/18 02:45:37.0626 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2010/12/18 02:45:37.0735 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/12/18 02:45:37.0829 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2010/12/18 02:45:37.0907 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2010/12/18 02:45:38.0219 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2010/12/18 02:45:38.0328 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2010/12/18 02:45:38.0515 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2010/12/18 02:45:38.0624 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2010/12/18 02:45:38.0858 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/12/18 02:45:38.0952 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2010/12/18 02:45:39.0092 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2010/12/18 02:45:39.0264 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/12/18 02:45:39.0498 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/12/18 02:45:39.0576 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/12/18 02:45:39.0732 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2010/12/18 02:45:39.0794 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2010/12/18 02:45:39.0857 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/12/18 02:45:40.0028 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/12/18 02:45:40.0137 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2010/12/18 02:45:40.0309 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2010/12/18 02:45:40.0449 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2010/12/18 02:45:40.0637 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2010/12/18 02:45:40.0715 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2010/12/18 02:45:40.0917 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2010/12/18 02:45:41.0027 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2010/12/18 02:45:41.0261 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2010/12/18 02:45:41.0417 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/12/18 02:45:41.0510 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2010/12/18 02:45:41.0573 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2010/12/18 02:45:41.0713 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys 2010/12/18 02:45:41.0916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/12/18 02:45:42.0103 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2010/12/18 02:45:42.0181 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2010/12/18 02:45:42.0243 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2010/12/18 02:45:42.0477 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/12/18 02:45:42.0540 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2010/12/18 02:45:42.0696 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/12/18 02:45:42.0805 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/12/18 02:45:42.0883 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2010/12/18 02:45:43.0039 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/12/18 02:45:43.0117 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/12/18 02:45:43.0289 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2010/12/18 02:45:43.0429 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2010/12/18 02:45:43.0647 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2010/12/18 02:45:43.0741 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2010/12/18 02:45:43.0913 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2010/12/18 02:45:44.0053 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2010/12/18 02:45:44.0318 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2010/12/18 02:45:44.0490 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2010/12/18 02:45:44.0615 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/12/18 02:45:44.0802 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys 2010/12/18 02:45:44.0973 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2010/12/18 02:45:45.0114 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys 2010/12/18 02:45:45.0192 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2010/12/18 02:45:45.0332 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2010/12/18 02:45:45.0395 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2010/12/18 02:45:45.0660 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys 2010/12/18 02:45:45.0847 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2010/12/18 02:45:46.0299 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2010/12/18 02:45:46.0455 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2010/12/18 02:45:46.0533 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2010/12/18 02:45:46.0596 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2010/12/18 02:45:46.0705 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2010/12/18 02:45:46.0783 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2010/12/18 02:45:46.0970 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/12/18 02:45:47.0048 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2010/12/18 02:45:47.0111 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2010/12/18 02:45:47.0251 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2010/12/18 02:45:47.0391 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2010/12/18 02:45:47.0501 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys 2010/12/18 02:45:47.0563 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2010/12/18 02:45:47.0766 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 2010/12/18 02:45:47.0891 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2010/12/18 02:45:48.0062 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/12/18 02:45:48.0125 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2010/12/18 02:45:48.0171 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2010/12/18 02:45:48.0327 usbhub (0db84eda895894ba222e27acf597c806) C:\Windows\system32\DRIVERS\usbhub.sys 2010/12/18 02:45:48.0452 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2010/12/18 02:45:48.0624 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2010/12/18 02:45:48.0717 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys 2010/12/18 02:45:48.0858 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 2010/12/18 02:45:48.0983 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/12/18 02:45:49.0139 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/12/18 02:45:49.0279 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 2010/12/18 02:45:49.0326 Suspicious service (NoAccess): vbmaf29c 2010/12/18 02:45:49.0513 vbmaf29c (d88e4ab2589207e77d7e1113476b515f) C:\Windows\system32\drivers\vbmaf29c.sys 2010/12/18 02:45:49.0513 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: d88e4ab2589207e77d7e1113476b515f 2010/12/18 02:45:49.0529 vbmaf29c - detected Locked service (1) 2010/12/18 02:45:49.0700 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2010/12/18 02:45:49.0778 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/12/18 02:45:49.0841 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2010/12/18 02:45:49.0981 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2010/12/18 02:45:50.0075 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2010/12/18 02:45:50.0231 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2010/12/18 02:45:50.0309 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2010/12/18 02:45:50.0371 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2010/12/18 02:45:50.0511 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/12/18 02:45:50.0574 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2010/12/18 02:45:50.0652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2010/12/18 02:45:50.0823 volsnap (70f41d1ebdd9ee6ed2fd0fc05aa1fc13) C:\Windows\system32\DRIVERS\volsnap.sys 2010/12/18 02:45:50.0870 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys 2010/12/18 02:45:51.0011 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys 2010/12/18 02:45:51.0135 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys 2010/12/18 02:45:51.0307 vpcvmm (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys 2010/12/18 02:45:51.0385 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/12/18 02:45:51.0525 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2010/12/18 02:45:51.0603 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2010/12/18 02:45:51.0759 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2010/12/18 02:45:51.0837 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2010/12/18 02:45:51.0900 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/18 02:45:51.0931 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/18 02:45:52.0196 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2010/12/18 02:45:52.0383 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2010/12/18 02:45:52.0508 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/12/18 02:45:52.0649 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2010/12/18 02:45:52.0789 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2010/12/18 02:45:53.0101 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys 2010/12/18 02:45:53.0273 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/12/18 02:45:53.0382 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/12/18 02:45:53.0460 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2010/12/18 02:45:53.0507 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/12/18 02:45:53.0787 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 2010/12/18 02:45:54.0037 ZTEusbmdm6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 2010/12/18 02:45:54.0224 ZTEusbnmea (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 2010/12/18 02:45:54.0318 ZTEusbser6k (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 2010/12/18 02:45:54.0474 ================================================================================ 2010/12/18 02:45:54.0474 Scan finished 2010/12/18 02:45:54.0474 ================================================================================ 2010/12/18 02:45:54.0489 Detected object count: 2 2010/12/18 02:46:28.0716 Forged file(NetBT) - User select action: Skip 2010/12/18 02:46:28.0716 Locked service(vbmaf29c) - User select action: Skip
  14. Dear all, I'm sort of at wits end. About a day before, I borrowed a thumb drive from work because I needed to edit some files from work but when I plugged it in, some .lnk files started appearing and my antivirus (Avira Free) started to quarantine/deny access to some of the files. After a while, I thought it solved the problem but now I find my Google searches being redirected to some other search sites and that's when I tried to sort it out. I am also running Windows 7, if that affects anything because most of the fixes are for XP or Vista. Searched around the net and then came upon this site and read the 'I'm infected - What do I do now?' post tried every step but I'm encountering problems: 1. MBAM installs and updates but when I try to scan, it suddenly quits then I can't access it anymore with this error: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." 2. Avira won't run any system scans. It says avscan.exe cannot be found, modified or has been destroyed AVADMIN.EXE cannot be started 3. Ran DeFogger and the first time, it displayed the Finished dialog box. I tried it again and it posted this log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:30 on 15/12/2010 (Jay) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read vbmaf29c.sys -=E.O.F=- 4. I ran DDS and it worked. DDS.txt copied and pasted below and logs attached. DDS (Ver_10-12-12.02) - NTFSx86 Run by Jay at 22:31:00.29 on Wed 12/15/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2139 [GMT 8:00] AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe "\\.\globalroot\Device\svchost.exe\svchost.exe" C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\aestsrv.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\SupportAppXL\cdrom_mon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\conhost.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\OEM02Mon.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Computer Alarm Clock\cac.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Citrus Alarm Clock\citrusac.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Jay\Desktop\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Jay\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [steam] "c:\l4d2\steam\steam.exe" -silent uRun: [Citrus Alarm Clock] c:\program files\citrus alarm clock\citrusac.exe uRun: [<NO NAME>] uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Computer Alarm Clock] c:\progra~1\comput~1\cac.exe mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\jay\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) dPolicies-explorer: NoResolveTrack = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\jay\appdata\roaming\mozilla\firefox\profiles\4fdx8hf7.default user\ FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npocxcon.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\jay\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll FF - plugin: c:\users\jay\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-8 11608] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-1-8 73728] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-8 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-8 267944] R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2009-10-11 81920] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-8 61960] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-15 38224] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400] =============== Created Last 30 ================ 2010-12-15 13:13:49 -------- d-----w- c:\users\jay\appdata\roaming\Malwarebytes 2010-12-15 13:13:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-15 13:13:43 -------- d-----w- c:\progra~2\Malwarebytes 2010-12-15 13:13:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-15 13:13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-15 13:06:24 -------- d-----w- c:\program files\Trend Micro 2010-12-14 19:14:35 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a28e4d12-ce53-4421-b290-d01b06cb2db8}\mpengine.dll 2010-12-13 12:13:01 -------- d-----w- c:\users\jay\appdata\roaming\Avira 2010-11-24 12:13:02 7680 ----a-w- c:\program files\internet explorer\iecompat.dll 2010-11-23 23:10:07 -------- d-----w- c:\program files\iPod 2010-11-23 23:10:06 -------- d-----w- c:\program files\iTunes ==================== Find3M ==================== 2010-10-19 02:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-28 07:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: FUJITSU_MHY2080BH rev.0085000B -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x902B8119]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; PUSH EBX; PUSH ESI; PUSH EDI; CMP EAX, [0x902bb858]; JNZ 0x1f; MOV EBX, [EBP+0xc]; CALL 0xfffffffffffffd3b; } 1 ntkrnlpa!IofCallDriver[0x82C47AB6] -> \Device\Harddisk0\DR0[0x8618C030] 3 CLASSPNP[0x8B3B259E] -> ntkrnlpa!IofCallDriver[0x82C47AB6] -> [0x8632FE50] \Driver\Disk[0x86312D98] -> IRP_MJ_CREATE -> 0x902B8119 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user & kernel MBR OK ============= FINISH: 22:31:51.58 =============== 5. GMER Rootkit Scanner runs then detects a potential rootkit: vbmaf29c.sys; I then click NO as instructed and uncheck the boxes then click Scan and it just quits so no ark.txt... PS: I also tried these: Tried running HiJackThis and it also quits after trying to scan. Same error with MBAM when I try to access it again. Running combofix, a renamed combofix. They both don't output anything. TDSSKiller.exe from Kaspersky and it detectected a forged service (NetBT) and a locked service (C:\Windows\system32\drivers\vbmaf29c.sys). RootRepeal outputs the error when I try to scan something: FOPS - DeviceIoControl Error! Error Code = 0x0000024 Extended Info (0x00000140) -- Thanks for helping! Attach.zip