Jump to content

Recommended Posts

Hi,

I followed "Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs". bazquemaster (Sep 27 2010, 01:42 PM) started that discussion. Long story short, my computer got infected by the antivirus 2010 and the symptom is very close to what bazquemaster has described.

Here is what I have done.

1. Tried rkill and exehelper and none of them killed any running process. The only thing I notice is that "your computer is infected" message disappear from the background, but the antivirus 2010 console still runs.

2. Tried ComboFix, but the command window displays "access denied" each time ComboFix tried to do something. In the end, I saw 7 acess denied message and the command window just sit there doing nothing (after 1 hour).

3. Tried SUPERAntiSpyware Portable Scanner and it ran for a while and even displayed that it found some trojan (sp?). Unfortunately, it got shut down before the scanner can finish scanning.

4. Tried VIPRE Rescue and looks like it found and tried to remove something.

5. I was able to install MBM, web update. When I tried running the scanner, it shuts down after 5 seconds.

6. Tried manually remove some of the antivirus 2010 files, wasn't successful.

7. Tried using "eusing registry repair", but it got shut down in the middle of scan.

My major concern is the "access denied" part. Any idea why?

Any help is greatly appreciated.

Link to post
Share on other sites

  • Replies 121
  • Created
  • Last Reply

Top Posters In This Topic

:)

DO NOT use any TOOLS such as Combofix, MBAM, SmitfraudFix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

If need be, download the tools needed to a flash drive or other removable media, and run them from the USB device.

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Hi,

I tried the comboFix before. Please see the description below:

"Tried ComboFix, but the command window displays "access denied" each time ComboFix tried to do something. In the end, I saw 7 acess denied message and the command window just sit there doing nothing (after 1 hour)."

Got 7 "access denied" message when I run combofix multiple times. I tried this both in normal mode and in safe mode.

Would running ATF cleaner help? My worry is that none of the listed scanner finished scanning.

Link to post
Share on other sites

As you can see this Antivirus 2010 infection is rampant right now.

Download TDSSKiller and save it to your Desktop.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
  • Reboot your machine and see if the infection is gone
  • Please post the contents of that log TDSSKiller .

Link to post
Share on other sites

Link to post
Share on other sites

Just ran the combofix. Stll getting "access denied"....

Here is the scanned results.

1.

2010/10/18 19:45:54.0600 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/18 19:45:54.0600 ================================================================================

2010/10/18 19:45:54.0600 SystemInfo:

2010/10/18 19:45:54.0600

2010/10/18 19:45:54.0600 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/18 19:45:54.0600 Product type: Workstation

2010/10/18 19:45:54.0600 ComputerName: CHIEN-LUNG

2010/10/18 19:45:54.0600 UserName: Chien-lung Lee

2010/10/18 19:45:54.0600 Windows directory: C:\WINDOWS

2010/10/18 19:45:54.0600 System windows directory: C:\WINDOWS

2010/10/18 19:45:54.0600 Processor architecture: Intel x86

2010/10/18 19:45:54.0600 Number of processors: 1

2010/10/18 19:45:54.0600 Page size: 0x1000

2010/10/18 19:45:54.0600 Boot type: Normal boot

2010/10/18 19:45:54.0600 ================================================================================

2010/10/18 19:45:55.0040 Initialize success

2010/10/18 19:46:15.0259 ================================================================================

2010/10/18 19:46:15.0259 Scan started

2010/10/18 19:46:15.0259 Mode: Manual;

2010/10/18 19:46:15.0259 ================================================================================

2010/10/18 19:46:16.0171 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/18 19:46:16.0281 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/10/18 19:46:16.0411 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/18 19:46:16.0631 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/18 19:46:16.0721 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/18 19:46:16.0812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/18 19:46:16.0942 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/18 19:46:17.0032 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/18 19:46:17.0122 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/18 19:46:17.0182 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/18 19:46:17.0242 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/18 19:46:17.0302 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/18 19:46:17.0382 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/18 19:46:17.0573 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/18 19:46:17.0623 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/18 19:46:17.0793 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/18 19:46:17.0883 ApfiltrService (edafe3f9b356d227ebc031bc3fe5efaa) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/10/18 19:46:18.0043 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/18 19:46:18.0123 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/18 19:46:18.0244 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/18 19:46:18.0274 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/18 19:46:18.0424 ASPI32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/18 19:46:18.0604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/18 19:46:18.0734 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

2010/10/18 19:46:18.0874 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/18 19:46:18.0995 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/18 19:46:19.0165 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/18 19:46:19.0585 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/18 19:46:19.0636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/18 19:46:19.0676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/18 19:46:19.0746 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/18 19:46:19.0826 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/18 19:46:19.0946 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/10/18 19:46:20.0036 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/10/18 19:46:20.0116 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/18 19:46:20.0266 cdudf_xp (f6b79f99704bd077bacc972008b6cef5) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2010/10/18 19:46:20.0427 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/18 19:46:20.0597 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/18 19:46:20.0677 Cnxtdiag (152df881731439107a889fbe1df5af6a) C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys

2010/10/18 19:46:20.0827 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/18 19:46:20.0907 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/18 19:46:21.0008 cs429x (53e6f4b94eb64438164348df7dcf35c5) C:\WINDOWS\system32\drivers\cwawdm.sys

2010/10/18 19:46:21.0148 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/18 19:46:21.0258 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/18 19:46:21.0398 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/18 19:46:21.0568 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/18 19:46:21.0839 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/18 19:46:21.0949 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/18 19:46:22.0049 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/18 19:46:22.0179 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/18 19:46:22.0239 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/18 19:46:22.0339 dvd_2K (58dc58adcc27f68ce90eaafc82ba86c2) C:\WINDOWS\system32\drivers\dvd_2K.sys

2010/10/18 19:46:22.0500 EL90XBC (c715dd82b8e72fc11e56ca800f3033ef) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2010/10/18 19:46:22.0760 Fallback (6ad8f8357cf76935e129668e90f7c6d3) C:\WINDOWS\system32\DRIVERS\fallback.sys

2010/10/18 19:46:22.0930 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/18 19:46:23.0020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/18 19:46:23.0111 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/18 19:46:23.0191 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/18 19:46:23.0271 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/18 19:46:23.0361 Fsks (0a078a2b292f9b7228b6d4baf57dc2e9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys

2010/10/18 19:46:23.0511 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/18 19:46:23.0661 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/18 19:46:23.0802 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/18 19:46:24.0012 GhPciScan (ddb5395d3c385b109b7d3ac57c9bd7a6) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

2010/10/18 19:46:24.0202 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/18 19:46:24.0392 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/18 19:46:24.0543 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys

2010/10/18 19:46:24.0653 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/18 19:46:24.0703 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\system32\DRIVERS\hpt3xx.sys

2010/10/18 19:46:24.0803 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/18 19:46:24.0963 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/18 19:46:25.0033 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/18 19:46:25.0123 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/18 19:46:25.0264 Ich (b2542fec46fc3c0a69d115ea9c8a1e39) C:\WINDOWS\system32\DRIVERS\Ich.sys

2010/10/18 19:46:25.0354 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

2010/10/18 19:46:25.0514 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/18 19:46:25.0594 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/18 19:46:25.0654 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/18 19:46:25.0824 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/18 19:46:25.0925 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/18 19:46:26.0035 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/18 19:46:26.0135 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/18 19:46:26.0255 IPSec (06e6bd124f2abbe98151ced46866b283) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/18 19:46:26.0425 IPVNMon (c2c572cc7baaf097ac1e5b875ae8ea45) C:\WINDOWS\system32\drivers\IPVNMon.sys

2010/10/18 19:46:26.0636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/18 19:46:26.0736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/18 19:46:26.0886 K56 (0964e9d6339ae1efb1ee763b8c8c6d8d) C:\WINDOWS\system32\DRIVERS\k56nt.sys

2010/10/18 19:46:27.0046 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/18 19:46:27.0146 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/18 19:46:27.0307 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/18 19:46:27.0557 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/10/18 19:46:27.0737 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/10/18 19:46:27.0968 mmc_2K (53affcbf196437ea1af1a90d979b65e8) C:\WINDOWS\system32\drivers\mmc_2K.sys

2010/10/18 19:46:28.0098 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/18 19:46:28.0268 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/18 19:46:28.0338 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/18 19:46:28.0458 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/18 19:46:28.0628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/18 19:46:28.0799 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/18 19:46:28.0959 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

2010/10/18 19:46:29.0029 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

2010/10/18 19:46:29.0139 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/18 19:46:29.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/18 19:46:29.0550 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/18 19:46:29.0670 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/18 19:46:29.0790 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/18 19:46:29.0860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/18 19:46:29.0960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/18 19:46:30.0091 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/18 19:46:30.0311 NAVAP (4dd5d96e1047ed659e2b0ed2c5060dcc) C:\Program Files\NavNT\NAVAP.sys

2010/10/18 19:46:30.0391 NAVAPEL (bbc32959adb0050c9c4f7c6028f9e394) C:\Program Files\NavNT\NAVAPEL.SYS

2010/10/18 19:46:30.0671 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys

2010/10/18 19:46:30.0862 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys

2010/10/18 19:46:31.0132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/18 19:46:31.0212 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/18 19:46:31.0302 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/18 19:46:31.0352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/18 19:46:31.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/18 19:46:31.0553 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/18 19:46:31.0613 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/18 19:46:31.0913 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/18 19:46:32.0003 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/18 19:46:32.0124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/18 19:46:32.0284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/18 19:46:32.0564 nv (d50dbfcdf05c7b161defcd0fc46e77ae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/18 19:46:33.0095 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys

2010/10/18 19:46:33.0255 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/18 19:46:33.0305 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/18 19:46:33.0445 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/18 19:46:33.0666 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/18 19:46:33.0766 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/18 19:46:33.0846 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/18 19:46:33.0976 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/18 19:46:34.0046 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/18 19:46:34.0146 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/18 19:46:34.0267 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/10/18 19:46:34.0387 PCX500 (81ae6392b21b47202fd6679e7fefbf68) C:\WINDOWS\system32\DRIVERS\pcx500.sys

2010/10/18 19:46:34.0627 PCX500MP (90b87f93cbd0b908dfa0d461cb1e7945) C:\WINDOWS\system32\DRIVERS\pcx500mp.sys

2010/10/18 19:46:34.0948 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/18 19:46:35.0008 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/18 19:46:35.0158 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/18 19:46:35.0268 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/18 19:46:35.0348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/18 19:46:35.0438 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/18 19:46:35.0548 pwd_2K (0dd842e15314b4565fd114bb863bfa1b) C:\WINDOWS\system32\drivers\pwd_2K.sys

2010/10/18 19:46:35.0849 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/18 19:46:35.0919 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/18 19:46:35.0979 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/18 19:46:36.0039 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/18 19:46:36.0099 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/18 19:46:36.0159 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/18 19:46:36.0219 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/18 19:46:36.0310 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/18 19:46:36.0420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/18 19:46:36.0570 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/18 19:46:36.0790 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/18 19:46:36.0860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/18 19:46:36.0981 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/18 19:46:37.0091 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/18 19:46:37.0221 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/18 19:46:37.0371 Rksample (6ad6f690253757bbff1087e43a2abddd) C:\WINDOWS\system32\DRIVERS\rksample.sys

2010/10/18 19:46:37.0882 SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys

2010/10/18 19:46:38.0012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/18 19:46:38.0142 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/18 19:46:38.0222 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/18 19:46:38.0342 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys

2010/10/18 19:46:38.0593 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/18 19:46:38.0763 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/18 19:46:38.0903 SoftFax (39ed9327df4c1835fcd23a4445c4c2aa) C:\WINDOWS\system32\DRIVERS\faxnt.sys

2010/10/18 19:46:39.0013 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/18 19:46:39.0094 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/18 19:46:39.0274 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/18 19:46:39.0424 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/18 19:46:39.0634 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/18 19:46:39.0744 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/18 19:46:39.0875 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/18 19:46:39.0975 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/18 19:46:40.0195 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS

2010/10/18 19:46:40.0335 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/18 19:46:40.0395 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/18 19:46:40.0526 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/18 19:46:40.0776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/18 19:46:40.0876 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/18 19:46:41.0026 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/18 19:46:41.0136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/18 19:46:41.0307 Tones (a91d9a5bfc4a9c5ea2541d5893d0d18c) C:\WINDOWS\system32\DRIVERS\tonesnt.sys

2010/10/18 19:46:41.0467 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/18 19:46:41.0627 UdfReadr_xp (333cccd8ee4465aa96098519d67c8030) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2010/10/18 19:46:41.0787 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/18 19:46:41.0878 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/18 19:46:41.0988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/18 19:46:42.0228 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/18 19:46:42.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/18 19:46:42.0438 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/18 19:46:42.0679 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/18 19:46:42.0829 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/18 19:46:42.0939 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/10/18 19:46:43.0109 V124 (da6252f8c50d558575852635aaccf942) C:\WINDOWS\system32\DRIVERS\v124nt.sys

2010/10/18 19:46:43.0169 Suspicious service (NoAccess): vbmaca10

2010/10/18 19:46:43.0300 vbmaca10 (97b443e6c1aba6df2afb37a76faf975d) C:\WINDOWS\system32\drivers\vbmaca10.sys

2010/10/18 19:46:43.0330 vbmaca10 - detected Locked service (1)

2010/10/18 19:46:43.0520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/18 19:46:43.0640 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/18 19:46:43.0710 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/18 19:46:43.0770 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/18 19:46:43.0930 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/18 19:46:44.0151 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/18 19:46:44.0541 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/18 19:46:44.0732 winachsf (94a247f8ae9df45fa40ff8a5f38bd290) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/18 19:46:45.0002 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

2010/10/18 19:46:45.0272 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/18 19:46:45.0563 WrKPoET2000 (cb162f836d44e3dd9bb35e3a4e1457c6) C:\Program Files\Verizon Online\WinPoET\WrKPoET2000.sys

2010/10/18 19:46:45.0733 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/18 19:46:45.0953 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/18 19:46:46.0044 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/18 19:46:46.0244 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys

2010/10/18 19:46:46.0474 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys

2010/10/18 19:46:47.0075 ================================================================================

2010/10/18 19:46:47.0075 Scan finished

2010/10/18 19:46:47.0075 ================================================================================

2010/10/18 19:46:47.0105 Detected object count: 1

2010/10/18 19:47:16.0347 vbmaca10 (97b443e6c1aba6df2afb37a76faf975d) C:\WINDOWS\system32\drivers\vbmaca10.sys

2010/10/18 19:47:16.0387 C:\WINDOWS\system32\drivers\vbmaca10.sys - quarantined

2010/10/18 19:47:16.0427 Locked service(vbmaca10) - User select action: Quarantine

2010/10/18 19:47:20.0974 ================================================================================

2010/10/18 19:47:20.0974 Scan started

2010/10/18 19:47:20.0974 Mode: Manual;

2010/10/18 19:47:20.0974 ================================================================================

2010/10/18 19:47:21.0745 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/18 19:47:21.0845 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/10/18 19:47:21.0945 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/18 19:47:22.0015 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/18 19:47:22.0075 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/18 19:47:22.0175 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/18 19:47:22.0296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/18 19:47:22.0446 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/18 19:47:22.0526 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/18 19:47:22.0626 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/18 19:47:22.0736 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/18 19:47:22.0796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/18 19:47:22.0866 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/18 19:47:22.0947 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/18 19:47:23.0007 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/18 19:47:23.0057 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/18 19:47:23.0157 ApfiltrService (edafe3f9b356d227ebc031bc3fe5efaa) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/10/18 19:47:23.0287 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/18 19:47:23.0447 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/18 19:47:23.0487 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/18 19:47:23.0557 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/18 19:47:23.0738 ASPI32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/18 19:47:23.0798 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/18 19:47:23.0908 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

2010/10/18 19:47:24.0038 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/18 19:47:24.0148 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/18 19:47:24.0349 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/18 19:47:24.0719 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/18 19:47:24.0789 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/18 19:47:24.0839 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/18 19:47:24.0909 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/18 19:47:24.0980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/18 19:47:25.0160 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/10/18 19:47:25.0220 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/10/18 19:47:25.0300 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/18 19:47:25.0410 cdudf_xp (f6b79f99704bd077bacc972008b6cef5) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2010/10/18 19:47:25.0540 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/18 19:47:25.0630 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/18 19:47:25.0711 Cnxtdiag (152df881731439107a889fbe1df5af6a) C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys

2010/10/18 19:47:25.0871 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/18 19:47:25.0961 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/18 19:47:26.0061 cs429x (53e6f4b94eb64438164348df7dcf35c5) C:\WINDOWS\system32\drivers\cwawdm.sys

2010/10/18 19:47:26.0141 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/18 19:47:26.0201 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/18 19:47:26.0351 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/18 19:47:26.0492 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/18 19:47:26.0742 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/18 19:47:26.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/18 19:47:26.0882 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/18 19:47:27.0012 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/18 19:47:27.0073 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/18 19:47:27.0163 dvd_2K (58dc58adcc27f68ce90eaafc82ba86c2) C:\WINDOWS\system32\drivers\dvd_2K.sys

2010/10/18 19:47:27.0363 EL90XBC (c715dd82b8e72fc11e56ca800f3033ef) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2010/10/18 19:47:27.0513 Fallback (6ad8f8357cf76935e129668e90f7c6d3) C:\WINDOWS\system32\DRIVERS\fallback.sys

2010/10/18 19:47:27.0633 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/18 19:47:27.0713 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/18 19:47:27.0824 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/18 19:47:27.0994 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/18 19:47:28.0054 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/18 19:47:28.0154 Fsks (0a078a2b292f9b7228b6d4baf57dc2e9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys

2010/10/18 19:47:28.0264 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/18 19:47:28.0314 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/18 19:47:28.0414 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/18 19:47:28.0635 GhPciScan (ddb5395d3c385b109b7d3ac57c9bd7a6) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

2010/10/18 19:47:28.0815 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/18 19:47:28.0935 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/18 19:47:29.0025 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys

2010/10/18 19:47:29.0125 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/18 19:47:29.0186 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\system32\DRIVERS\hpt3xx.sys

2010/10/18 19:47:29.0336 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/18 19:47:29.0546 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/18 19:47:29.0616 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/18 19:47:29.0686 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/18 19:47:29.0806 Ich (b2542fec46fc3c0a69d115ea9c8a1e39) C:\WINDOWS\system32\DRIVERS\Ich.sys

2010/10/18 19:47:29.0907 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

2010/10/18 19:47:30.0027 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/18 19:47:30.0127 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/18 19:47:30.0277 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/18 19:47:30.0367 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/18 19:47:30.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/18 19:47:30.0527 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/18 19:47:30.0648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/18 19:47:30.0788 IPSec (06e6bd124f2abbe98151ced46866b283) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/18 19:47:30.0958 IPVNMon (c2c572cc7baaf097ac1e5b875ae8ea45) C:\WINDOWS\system32\drivers\IPVNMon.sys

2010/10/18 19:47:31.0038 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/18 19:47:31.0128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/18 19:47:31.0289 K56 (0964e9d6339ae1efb1ee763b8c8c6d8d) C:\WINDOWS\system32\DRIVERS\k56nt.sys

2010/10/18 19:47:31.0419 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/18 19:47:31.0609 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/18 19:47:31.0719 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/18 19:47:31.0940 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/10/18 19:47:32.0040 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/10/18 19:47:32.0340 mmc_2K (53affcbf196437ea1af1a90d979b65e8) C:\WINDOWS\system32\drivers\mmc_2K.sys

2010/10/18 19:47:32.0390 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/18 19:47:32.0520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/18 19:47:32.0600 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/18 19:47:32.0761 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/18 19:47:32.0911 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/18 19:47:33.0051 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/18 19:47:33.0191 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

2010/10/18 19:47:33.0241 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

2010/10/18 19:47:33.0472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/18 19:47:33.0642 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/18 19:47:33.0732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/18 19:47:33.0822 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/18 19:47:33.0882 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/18 19:47:33.0952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/18 19:47:34.0043 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/18 19:47:34.0213 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/18 19:47:34.0433 NAVAP (4dd5d96e1047ed659e2b0ed2c5060dcc) C:\Program Files\NavNT\NAVAP.sys

2010/10/18 19:47:34.0493 NAVAPEL (bbc32959adb0050c9c4f7c6028f9e394) C:\Program Files\NavNT\NAVAPEL.SYS

2010/10/18 19:47:34.0724 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys

2010/10/18 19:47:34.0924 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys

2010/10/18 19:47:35.0174 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/18 19:47:35.0244 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/18 19:47:35.0314 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/18 19:47:35.0364 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/18 19:47:35.0435 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/18 19:47:35.0485 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/18 19:47:35.0545 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/18 19:47:35.0825 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/18 19:47:35.0895 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/18 19:47:35.0995 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/18 19:47:36.0136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/18 19:47:36.0356 nv (d50dbfcdf05c7b161defcd0fc46e77ae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/18 19:47:36.0696 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys

2010/10/18 19:47:36.0817 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/18 19:47:36.0887 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/18 19:47:36.0987 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/18 19:47:37.0087 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/18 19:47:37.0247 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/18 19:47:37.0347 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/18 19:47:37.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/18 19:47:37.0477 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/18 19:47:37.0578 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/18 19:47:37.0658 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/10/18 19:47:37.0798 PCX500 (81ae6392b21b47202fd6679e7fefbf68) C:\WINDOWS\system32\DRIVERS\pcx500.sys

2010/10/18 19:47:37.0958 PCX500MP (90b87f93cbd0b908dfa0d461cb1e7945) C:\WINDOWS\system32\DRIVERS\pcx500mp.sys

2010/10/18 19:47:38.0189 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/18 19:47:38.0249 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/18 19:47:38.0429 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/18 19:47:38.0499 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/18 19:47:38.0559 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/18 19:47:38.0679 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/18 19:47:38.0809 pwd_2K (0dd842e15314b4565fd114bb863bfa1b) C:\WINDOWS\system32\drivers\pwd_2K.sys

2010/10/18 19:47:39.0020 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/18 19:47:39.0100 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/18 19:47:39.0140 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/18 19:47:39.0190 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/18 19:47:39.0270 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/18 19:47:39.0350 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/18 19:47:39.0460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/18 19:47:39.0601 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/18 19:47:39.0771 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/18 19:47:39.0861 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/18 19:47:39.0931 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/18 19:47:39.0991 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/18 19:47:40.0111 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/18 19:47:40.0201 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/18 19:47:40.0312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/18 19:47:40.0432 Rksample (6ad6f690253757bbff1087e43a2abddd) C:\WINDOWS\system32\DRIVERS\rksample.sys

2010/10/18 19:47:40.0963 SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys

2010/10/18 19:47:41.0103 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/18 19:47:41.0223 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/18 19:47:41.0263 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/18 19:47:41.0373 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys

2010/10/18 19:47:41.0473 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/18 19:47:41.0774 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/18 19:47:41.0904 SoftFax (39ed9327df4c1835fcd23a4445c4c2aa) C:\WINDOWS\system32\DRIVERS\faxnt.sys

2010/10/18 19:47:41.0994 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/18 19:47:42.0084 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/18 19:47:42.0144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/18 19:47:42.0324 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/18 19:47:42.0515 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/18 19:47:42.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/18 19:47:42.0755 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/18 19:47:42.0815 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/18 19:47:43.0035 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS

2010/10/18 19:47:43.0206 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/18 19:47:43.0276 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/18 19:47:43.0396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/18 19:47:43.0576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/18 19:47:43.0646 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/18 19:47:43.0817 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/18 19:47:43.0907 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/18 19:47:44.0057 Tones (a91d9a5bfc4a9c5ea2541d5893d0d18c) C:\WINDOWS\system32\DRIVERS\tonesnt.sys

2010/10/18 19:47:44.0157 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/18 19:47:44.0307 UdfReadr_xp (333cccd8ee4465aa96098519d67c8030) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2010/10/18 19:47:44.0407 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/18 19:47:44.0568 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/18 19:47:44.0688 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/18 19:47:44.0848 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/18 19:47:44.0938 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/18 19:47:45.0028 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/18 19:47:45.0189 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/18 19:47:45.0269 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/18 19:47:45.0369 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/10/18 19:47:45.0509 V124 (da6252f8c50d558575852635aaccf942) C:\WINDOWS\system32\DRIVERS\v124nt.sys

2010/10/18 19:47:45.0559 Suspicious service (NoAccess): vbmaca10

2010/10/18 19:47:45.0639 vbmaca10 (97b443e6c1aba6df2afb37a76faf975d) C:\WINDOWS\system32\drivers\vbmaca10.sys

2010/10/18 19:47:45.0669 vbmaca10 - detected Locked service (1)

2010/10/18 19:47:45.0860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/18 19:47:45.0970 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/18 19:47:46.0010 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/18 19:47:46.0070 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/18 19:47:46.0220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/18 19:47:46.0420 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/18 19:47:46.0731 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/18 19:47:46.0891 winachsf (94a247f8ae9df45fa40ff8a5f38bd290) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/18 19:47:47.0071 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

2010/10/18 19:47:47.0342 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/18 19:47:47.0582 WrKPoET2000 (cb162f836d44e3dd9bb35e3a4e1457c6) C:\Program Files\Verizon Online\WinPoET\WrKPoET2000.sys

2010/10/18 19:47:47.0702 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/18 19:47:47.0943 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/18 19:47:48.0023 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/18 19:47:48.0133 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys

2010/10/18 19:47:48.0273 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys

2010/10/18 19:47:48.0774 ================================================================================

2010/10/18 19:47:48.0774 Scan finished

2010/10/18 19:47:48.0774 ================================================================================

2010/10/18 19:47:48.0804 Detected object count: 1

2010/10/18 19:48:01.0051 HKLM\SYSTEM\ControlSet001\services\vbmaca10 - will be deleted after reboot

2010/10/18 19:48:01.0061 HKLM\SYSTEM\ControlSet003\services\vbmaca10 - will be deleted after reboot

2010/10/18 19:48:01.0061 C:\WINDOWS\system32\drivers\vbmaca10.sys - will be deleted after reboot

2010/10/18 19:48:01.0061 Locked service(vbmaca10) - User select action: Delete

2010/10/18 19:48:08.0432 Deinitialize success

2.

2010/10/18 20:39:33.0954 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/18 20:39:33.0954 ================================================================================

2010/10/18 20:39:33.0954 SystemInfo:

2010/10/18 20:39:33.0954

2010/10/18 20:39:33.0954 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/18 20:39:33.0954 Product type: Workstation

2010/10/18 20:39:33.0954 ComputerName: CHIEN-LUNG

2010/10/18 20:39:33.0954 UserName: Chien-lung Lee

2010/10/18 20:39:33.0954 Windows directory: C:\WINDOWS

2010/10/18 20:39:33.0954 System windows directory: C:\WINDOWS

2010/10/18 20:39:33.0954 Processor architecture: Intel x86

2010/10/18 20:39:33.0954 Number of processors: 1

2010/10/18 20:39:33.0954 Page size: 0x1000

2010/10/18 20:39:33.0954 Boot type: Normal boot

2010/10/18 20:39:33.0954 ================================================================================

2010/10/18 20:39:37.0429 Initialize success

2010/10/18 20:39:39.0221 ================================================================================

2010/10/18 20:39:39.0221 Scan started

2010/10/18 20:39:39.0221 Mode: Manual;

2010/10/18 20:39:39.0221 ================================================================================

2010/10/18 20:39:47.0553 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/18 20:39:48.0815 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/10/18 20:39:49.0206 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/18 20:39:49.0356 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/18 20:39:50.0057 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/18 20:39:50.0518 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/18 20:39:50.0798 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/18 20:39:51.0870 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/18 20:39:52.0941 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/18 20:39:53.0582 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/18 20:39:53.0953 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/18 20:39:54.0293 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/18 20:39:54.0523 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/18 20:39:55.0034 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/18 20:39:55.0875 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/18 20:39:56.0947 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/18 20:39:58.0209 ApfiltrService (edafe3f9b356d227ebc031bc3fe5efaa) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/10/18 20:40:00.0422 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/18 20:40:03.0056 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/18 20:40:05.0008 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/18 20:40:05.0800 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/18 20:40:06.0891 ASPI32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/18 20:40:08.0003 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/18 20:40:09.0134 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

2010/10/18 20:40:11.0608 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/18 20:40:12.0439 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/18 20:40:13.0841 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/18 20:40:15.0403 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/18 20:40:16.0555 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/18 20:40:17.0717 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/18 20:40:18.0848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/18 20:40:20.0090 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/18 20:40:21.0031 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/10/18 20:40:22.0313 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/10/18 20:40:23.0545 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/18 20:40:24.0657 cdudf_xp (f6b79f99704bd077bacc972008b6cef5) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2010/10/18 20:40:26.0850 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/18 20:40:28.0082 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/18 20:40:28.0823 Cnxtdiag (152df881731439107a889fbe1df5af6a) C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys

2010/10/18 20:40:29.0574 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/18 20:40:31.0106 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/18 20:40:32.0137 cs429x (53e6f4b94eb64438164348df7dcf35c5) C:\WINDOWS\system32\drivers\cwawdm.sys

2010/10/18 20:40:34.0240 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/18 20:40:35.0182 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/18 20:40:37.0054 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/18 20:40:37.0986 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/18 20:40:38.0907 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/18 20:40:39.0488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/18 20:40:40.0169 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/18 20:40:40.0880 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/18 20:40:41.0371 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/18 20:40:42.0342 dvd_2K (58dc58adcc27f68ce90eaafc82ba86c2) C:\WINDOWS\system32\drivers\dvd_2K.sys

2010/10/18 20:40:43.0213 EL90XBC (c715dd82b8e72fc11e56ca800f3033ef) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2010/10/18 20:40:44.0165 Fallback (6ad8f8357cf76935e129668e90f7c6d3) C:\WINDOWS\system32\DRIVERS\fallback.sys

2010/10/18 20:40:44.0535 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/18 20:40:44.0705 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/18 20:40:45.0306 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/18 20:40:45.0757 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/18 20:40:45.0987 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/18 20:40:46.0508 Fsks (0a078a2b292f9b7228b6d4baf57dc2e9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys

2010/10/18 20:40:46.0829 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/18 20:40:47.0069 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/18 20:40:47.0500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/18 20:40:47.0850 GhPciScan (ddb5395d3c385b109b7d3ac57c9bd7a6) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

2010/10/18 20:40:48.0371 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/18 20:40:49.0132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/18 20:40:50.0093 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys

2010/10/18 20:40:51.0085 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/18 20:40:51.0716 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\system32\DRIVERS\hpt3xx.sys

2010/10/18 20:40:52.0266 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/18 20:40:52.0737 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/18 20:40:52.0837 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/18 20:40:52.0927 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/18 20:40:53.0168 Ich (b2542fec46fc3c0a69d115ea9c8a1e39) C:\WINDOWS\system32\DRIVERS\Ich.sys

2010/10/18 20:40:53.0598 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

2010/10/18 20:40:54.0029 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/18 20:40:54.0339 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/18 20:40:54.0500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/18 20:40:54.0630 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/18 20:40:54.0730 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/18 20:40:54.0950 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/18 20:40:55.0090 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/18 20:40:55.0201 IPSec (06e6bd124f2abbe98151ced46866b283) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/18 20:40:55.0201 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 06e6bd124f2abbe98151ced46866b283, Fake md5: 23c74d75e36e7158768dd63d92789a91

2010/10/18 20:40:55.0221 IPSec - detected Forged file (1)

2010/10/18 20:40:55.0401 IPVNMon (c2c572cc7baaf097ac1e5b875ae8ea45) C:\WINDOWS\system32\drivers\IPVNMon.sys

2010/10/18 20:40:55.0581 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/18 20:40:55.0741 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/18 20:40:55.0962 K56 (0964e9d6339ae1efb1ee763b8c8c6d8d) C:\WINDOWS\system32\DRIVERS\k56nt.sys

2010/10/18 20:40:56.0192 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/18 20:40:56.0392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/18 20:40:56.0543 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/18 20:40:56.0813 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/10/18 20:40:57.0033 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/10/18 20:40:57.0284 mmc_2K (53affcbf196437ea1af1a90d979b65e8) C:\WINDOWS\system32\drivers\mmc_2K.sys

2010/10/18 20:40:57.0414 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/18 20:40:57.0704 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/18 20:40:57.0814 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/18 20:40:57.0945 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/18 20:40:58.0115 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/18 20:40:58.0836 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/18 20:40:58.0976 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

2010/10/18 20:40:59.0066 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

2010/10/18 20:40:59.0477 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/18 20:40:59.0657 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/18 20:40:59.0917 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/18 20:41:00.0048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/18 20:41:00.0118 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/18 20:41:00.0238 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/18 20:41:00.0448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/18 20:41:00.0568 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/18 20:41:00.0879 NAVAP (4dd5d96e1047ed659e2b0ed2c5060dcc) C:\Program Files\NavNT\NAVAP.sys

2010/10/18 20:41:00.0959 NAVAPEL (bbc32959adb0050c9c4f7c6028f9e394) C:\Program Files\NavNT\NAVAPEL.SYS

2010/10/18 20:41:01.0219 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys

2010/10/18 20:41:01.0570 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys

2010/10/18 20:41:01.0910 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/18 20:41:02.0010 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/18 20:41:02.0121 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/18 20:41:02.0241 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/18 20:41:02.0351 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/18 20:41:02.0471 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/18 20:41:02.0591 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/18 20:41:02.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/18 20:41:03.0012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/18 20:41:03.0212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/18 20:41:03.0462 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/18 20:41:03.0763 nv (d50dbfcdf05c7b161defcd0fc46e77ae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/18 20:41:03.0963 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys

2010/10/18 20:41:04.0083 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/18 20:41:04.0364 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/18 20:41:04.0864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/18 20:41:05.0045 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/18 20:41:05.0265 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/18 20:41:05.0415 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/18 20:41:05.0515 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/18 20:41:05.0696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/18 20:41:05.0946 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/18 20:41:06.0006 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/10/18 20:41:06.0146 PCX500 (81ae6392b21b47202fd6679e7fefbf68) C:\WINDOWS\system32\DRIVERS\pcx500.sys

2010/10/18 20:41:06.0337 PCX500MP (90b87f93cbd0b908dfa0d461cb1e7945) C:\WINDOWS\system32\DRIVERS\pcx500mp.sys

2010/10/18 20:41:06.0617 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/18 20:41:06.0777 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/18 20:41:07.0008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/18 20:41:07.0108 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/18 20:41:07.0198 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/18 20:41:07.0278 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/18 20:41:07.0378 pwd_2K (0dd842e15314b4565fd114bb863bfa1b) C:\WINDOWS\system32\drivers\pwd_2K.sys

2010/10/18 20:41:07.0548 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/18 20:41:07.0679 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/18 20:41:07.0739 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/18 20:41:07.0819 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/18 20:41:07.0899 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/18 20:41:07.0979 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/18 20:41:08.0079 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/18 20:41:08.0239 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/18 20:41:08.0329 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/18 20:41:08.0440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/18 20:41:08.0580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/18 20:41:08.0700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/18 20:41:08.0830 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/18 20:41:08.0950 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/18 20:41:09.0101 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/18 20:41:09.0271 Rksample (6ad6f690253757bbff1087e43a2abddd) C:\WINDOWS\system32\DRIVERS\rksample.sys

2010/10/18 20:41:09.0571 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\CHIEN-~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS

2010/10/18 20:41:09.0641 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\CHIEN-~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS

2010/10/18 20:41:09.0852 SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys

2010/10/18 20:41:10.0012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/18 20:41:10.0162 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/18 20:41:10.0322 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/18 20:41:10.0533 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys

2010/10/18 20:41:10.0673 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/18 20:41:10.0993 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/18 20:41:11.0144 SoftFax (39ed9327df4c1835fcd23a4445c4c2aa) C:\WINDOWS\system32\DRIVERS\faxnt.sys

2010/10/18 20:41:11.0254 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/18 20:41:11.0464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/18 20:41:11.0554 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/18 20:41:11.0724 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/18 20:41:11.0845 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/18 20:41:11.0925 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/18 20:41:12.0015 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/18 20:41:12.0085 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/18 20:41:12.0305 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS

2010/10/18 20:41:12.0546 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/18 20:41:12.0626 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/18 20:41:12.0736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/18 20:41:12.0906 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/18 20:41:13.0026 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/18 20:41:13.0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/18 20:41:13.0337 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/18 20:41:13.0507 Tones (a91d9a5bfc4a9c5ea2541d5893d0d18c) C:\WINDOWS\system32\DRIVERS\tonesnt.sys

2010/10/18 20:41:13.0587 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/18 20:41:13.0737 UdfReadr_xp (333cccd8ee4465aa96098519d67c8030) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2010/10/18 20:41:13.0827 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/18 20:41:13.0948 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/18 20:41:14.0258 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/18 20:41:14.0488 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/18 20:41:14.0719 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/18 20:41:14.0949 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/18 20:41:15.0059 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/18 20:41:15.0189 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/18 20:41:15.0380 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/10/18 20:41:15.0690 V124 (da6252f8c50d558575852635aaccf942) C:\WINDOWS\system32\DRIVERS\v124nt.sys

2010/10/18 20:41:15.0800 Suspicious service (NoAccess): vbmaca10

2010/10/18 20:41:15.0890 vbmaca10 (97b443e6c1aba6df2afb37a76faf975d) C:\WINDOWS\system32\drivers\vbmaca10.sys

2010/10/18 20:41:15.0940 vbmaca10 - detected Locked service (1)

2010/10/18 20:41:16.0061 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/18 20:41:16.0231 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/18 20:41:16.0281 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/18 20:41:16.0341 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/18 20:41:16.0521 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/18 20:41:16.0762 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/18 20:41:16.0922 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/18 20:41:17.0122 winachsf (94a247f8ae9df45fa40ff8a5f38bd290) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/18 20:41:17.0403 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

2010/10/18 20:41:17.0583 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/18 20:41:17.0883 WrKPoET2000 (cb162f836d44e3dd9bb35e3a4e1457c6) C:\Program Files\Verizon Online\WinPoET\WrKPoET2000.sys

2010/10/18 20:41:18.0134 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/18 20:41:18.0264 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/18 20:41:18.0374 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/18 20:41:18.0514 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys

2010/10/18 20:41:18.0795 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys

2010/10/18 20:41:19.0385 ================================================================================

2010/10/18 20:41:19.0385 Scan finished

2010/10/18 20:41:19.0385 ================================================================================

2010/10/18 20:41:19.0415 Detected object count: 2

2010/10/18 20:41:47.0806 HKLM\SYSTEM\ControlSet001\services\IPSec - will be deleted after reboot

2010/10/18 20:41:47.0816 HKLM\SYSTEM\ControlSet003\services\IPSec - will be deleted after reboot

2010/10/18 20:41:47.0816 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be deleted after reboot

2010/10/18 20:41:47.0816 Forged file(IPSec) - User select action: Delete

2010/10/18 20:41:47.0816 HKLM\SYSTEM\ControlSet001\services\vbmaca10 - will be deleted after reboot

2010/10/18 20:41:47.0816 HKLM\SYSTEM\ControlSet003\services\vbmaca10 - will be deleted after reboot

2010/10/18 20:41:47.0816 C:\WINDOWS\system32\drivers\vbmaca10.sys - will be deleted after reboot

2010/10/18 20:41:47.0816 Locked service(vbmaca10) - User select action: Delete

2010/10/18 20:41:52.0022 Deinitialize success

Link to post
Share on other sites

Lets see if we can unlock that bad service

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Try the Rootkit Unhooker.

We can also try to stop and delete the service:

Click Start > Run and Copy/Paste these commands hitting enter after each one:

sc stop vbmaca10 Hit enter.

sc delete vbmaca10 Hit enter.

Try renaming combofix.exe to svchost.exe

Now try running svchost.exe

Link to post
Share on other sites

Hi,

When I woke up this morning, looks like Rootkit Unhooker got shut down last night. Didn't even get a chance to generate a report. I quickly tried your sc stop/delete vbmaca10 command and briefy saw a black command window pop up and disappeared. I then tried running TDSSKiller.exe and vbmaca10 is still there.

Please note all the above information was run in "normal mode". I will try running svchost.exe in safe mode later today.

Link to post
Share on other sites

Hi,

This is the last TDDSKiller scan report I saved. I didn't save the TDDSKiller scan report this morning because I was in a hurry. I basically saw 2 things. One was "IPSEC" and the other one was "vbmaca10". Fixcombo is currently running at home so I will let you know how that runs in safe mode later tonight.

2010/10/18 19:45:54.0600 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/18 19:45:54.0600 ================================================================================

2010/10/18 19:45:54.0600 SystemInfo:

2010/10/18 19:45:54.0600

2010/10/18 19:45:54.0600 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/18 19:45:54.0600 Product type: Workstation

2010/10/18 19:45:54.0600 ComputerName: CHIEN-LUNG

2010/10/18 19:45:54.0600 UserName: Chien-lung Lee

2010/10/18 19:45:54.0600 Windows directory: C:\WINDOWS

2010/10/18 19:45:54.0600 System windows directory: C:\WINDOWS

2010/10/18 19:45:54.0600 Processor architecture: Intel x86

2010/10/18 19:45:54.0600 Number of processors: 1

2010/10/18 19:45:54.0600 Page size: 0x1000

2010/10/18 19:45:54.0600 Boot type: Normal boot

2010/10/18 19:45:54.0600 ================================================================================

2010/10/18 19:45:55.0040 Initialize success

2010/10/18 19:46:15.0259 ================================================================================

2010/10/18 19:46:15.0259 Scan started

2010/10/18 19:46:15.0259 Mode: Manual;

2010/10/18 19:46:15.0259 ================================================================================

2010/10/18 19:46:16.0171 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/18 19:46:16.0281 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/10/18 19:46:16.0411 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/18 19:46:16.0631 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/18 19:46:16.0721 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/18 19:46:16.0812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/18 19:46:16.0942 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/18 19:46:17.0032 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/18 19:46:17.0122 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/18 19:46:17.0182 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/18 19:46:17.0242 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/18 19:46:17.0302 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/18 19:46:17.0382 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/18 19:46:17.0573 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/18 19:46:17.0623 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/18 19:46:17.0793 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/18 19:46:17.0883 ApfiltrService (edafe3f9b356d227ebc031bc3fe5efaa) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/10/18 19:46:18.0043 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/18 19:46:18.0123 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/18 19:46:18.0244 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/18 19:46:18.0274 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/18 19:46:18.0424 ASPI32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/18 19:46:18.0604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/18 19:46:18.0734 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

2010/10/18 19:46:18.0874 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/18 19:46:18.0995 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/18 19:46:19.0165 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/18 19:46:19.0585 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/18 19:46:19.0636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/18 19:46:19.0676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/18 19:46:19.0746 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/18 19:46:19.0826 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/18 19:46:19.0946 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/10/18 19:46:20.0036 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/10/18 19:46:20.0116 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/18 19:46:20.0266 cdudf_xp (f6b79f99704bd077bacc972008b6cef5) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2010/10/18 19:46:20.0427 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/18 19:46:20.0597 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/18 19:46:20.0677 Cnxtdiag (152df881731439107a889fbe1df5af6a) C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys

2010/10/18 19:46:20.0827 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/18 19:46:20.0907 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/18 19:46:21.0008 cs429x (53e6f4b94eb64438164348df7dcf35c5) C:\WINDOWS\system32\drivers\cwawdm.sys

2010/10/18 19:46:21.0148 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/18 19:46:21.0258 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/18 19:46:21.0398 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/18 19:46:21.0568 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/18 19:46:21.0839 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/18 19:46:21.0949 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/18 19:46:22.0049 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/18 19:46:22.0179 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/18 19:46:22.0239 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/18 19:46:22.0339 dvd_2K (58dc58adcc27f68ce90eaafc82ba86c2) C:\WINDOWS\system32\drivers\dvd_2K.sys

2010/10/18 19:46:22.0500 EL90XBC (c715dd82b8e72fc11e56ca800f3033ef) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2010/10/18 19:46:22.0760 Fallback (6ad8f8357cf76935e129668e90f7c6d3) C:\WINDOWS\system32\DRIVERS\fallback.sys

2010/10/18 19:46:22.0930 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/18 19:46:23.0020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/18 19:46:23.0111 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/18 19:46:23.0191 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/18 19:46:23.0271 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/18 19:46:23.0361 Fsks (0a078a2b292f9b7228b6d4baf57dc2e9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys

2010/10/18 19:46:23.0511 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/18 19:46:23.0661 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/18 19:46:23.0802 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/18 19:46:24.0012 GhPciScan (ddb5395d3c385b109b7d3ac57c9bd7a6) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

2010/10/18 19:46:24.0202 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/18 19:46:24.0392 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/18 19:46:24.0543 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys

2010/10/18 19:46:24.0653 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/18 19:46:24.0703 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\system32\DRIVERS\hpt3xx.sys

2010/10/18 19:46:24.0803 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/18 19:46:24.0963 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/18 19:46:25.0033 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/18 19:46:25.0123 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/18 19:46:25.0264 Ich (b2542fec46fc3c0a69d115ea9c8a1e39) C:\WINDOWS\system32\DRIVERS\Ich.sys

2010/10/18 19:46:25.0354 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

2010/10/18 19:46:25.0514 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/18 19:46:25.0594 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/18 19:46:25.0654 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/18 19:46:25.0824 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/18 19:46:25.0925 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/18 19:46:26.0035 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/18 19:46:26.0135 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/18 19:46:26.0255 IPSec (06e6bd124f2abbe98151ced46866b283) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/18 19:46:26.0425 IPVNMon (c2c572cc7baaf097ac1e5b875ae8ea45) C:\WINDOWS\system32\drivers\IPVNMon.sys

2010/10/18 19:46:26.0636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/18 19:46:26.0736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/18 19:46:26.0886 K56 (0964e9d6339ae1efb1ee763b8c8c6d8d) C:\WINDOWS\system32\DRIVERS\k56nt.sys

2010/10/18 19:46:27.0046 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/18 19:46:27.0146 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/18 19:46:27.0307 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/18 19:46:27.0557 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/10/18 19:46:27.0737 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/10/18 19:46:27.0968 mmc_2K (53affcbf196437ea1af1a90d979b65e8) C:\WINDOWS\system32\drivers\mmc_2K.sys

2010/10/18 19:46:28.0098 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/18 19:46:28.0268 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/18 19:46:28.0338 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/18 19:46:28.0458 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/18 19:46:28.0628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/18 19:46:28.0799 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/18 19:46:28.0959 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

2010/10/18 19:46:29.0029 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

2010/10/18 19:46:29.0139 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/18 19:46:29.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/18 19:46:29.0550 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/18 19:46:29.0670 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/18 19:46:29.0790 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/18 19:46:29.0860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/18 19:46:29.0960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/18 19:46:30.0091 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/18 19:46:30.0311 NAVAP (4dd5d96e1047ed659e2b0ed2c5060dcc) C:\Program Files\NavNT\NAVAP.sys

2010/10/18 19:46:30.0391 NAVAPEL (bbc32959adb0050c9c4f7c6028f9e394) C:\Program Files\NavNT\NAVAPEL.SYS

2010/10/18 19:46:30.0671 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys

2010/10/18 19:46:30.0862 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys

2010/10/18 19:46:31.0132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/18 19:46:31.0212 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/18 19:46:31.0302 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/18 19:46:31.0352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/18 19:46:31.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/18 19:46:31.0553 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/18 19:46:31.0613 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/18 19:46:31.0913 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/18 19:46:32.0003 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/18 19:46:32.0124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/18 19:46:32.0284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/18 19:46:32.0564 nv (d50dbfcdf05c7b161defcd0fc46e77ae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/18 19:46:33.0095 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys

2010/10/18 19:46:33.0255 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/18 19:46:33.0305 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/18 19:46:33.0445 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/18 19:46:33.0666 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/18 19:46:33.0766 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/18 19:46:33.0846 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/18 19:46:33.0976 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/18 19:46:34.0046 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/18 19:46:34.0146 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/18 19:46:34.0267 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/10/18 19:46:34.0387 PCX500 (81ae6392b21b47202fd6679e7fefbf68) C:\WINDOWS\system32\DRIVERS\pcx500.sys

2010/10/18 19:46:34.0627 PCX500MP (90b87f93cbd0b908dfa0d461cb1e7945) C:\WINDOWS\system32\DRIVERS\pcx500mp.sys

2010/10/18 19:46:34.0948 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/18 19:46:35.0008 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/18 19:46:35.0158 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/18 19:46:35.0268 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/18 19:46:35.0348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/18 19:46:35.0438 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/18 19:46:35.0548 pwd_2K (0dd842e15314b4565fd114bb863bfa1b) C:\WINDOWS\system32\drivers\pwd_2K.sys

2010/10/18 19:46:35.0849 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/18 19:46:35.0919 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/18 19:46:35.0979 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/18 19:46:36.0039 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/18 19:46:36.0099 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/18 19:46:36.0159 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/18 19:46:36.0219 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/18 19:46:36.0310 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/18 19:46:36.0420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/18 19:46:36.0570 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/18 19:46:36.0790 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/18 19:46:36.0860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/18 19:46:36.0981 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/18 19:46:37.0091 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/18 19:46:37.0221 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/18 19:46:37.0371 Rksample (6ad6f690253757bbff1087e43a2abddd) C:\WINDOWS\system32\DRIVERS\rksample.sys

2010/10/18 19:46:37.0882 SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys

2010/10/18 19:46:38.0012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/18 19:46:38.0142 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/18 19:46:38.0222 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/18 19:46:38.0342 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys

2010/10/18 19:46:38.0593 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/18 19:46:38.0763 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/18 19:46:38.0903 SoftFax (39ed9327df4c1835fcd23a4445c4c2aa) C:\WINDOWS\system32\DRIVERS\faxnt.sys

2010/10/18 19:46:39.0013 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/18 19:46:39.0094 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/18 19:46:39.0274 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/18 19:46:39.0424 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/18 19:46:39.0634 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/18 19:46:39.0744 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/18 19:46:39.0875 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/18 19:46:39.0975 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/18 19:46:40.0195 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS

2010/10/18 19:46:40.0335 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/18 19:46:40.0395 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/18 19:46:40.0526 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/18 19:46:40.0776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/18 19:46:40.0876 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/18 19:46:41.0026 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/18 19:46:41.0136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/18 19:46:41.0307 Tones (a91d9a5bfc4a9c5ea2541d5893d0d18c) C:\WINDOWS\system32\DRIVERS\tonesnt.sys

2010/10/18 19:46:41.0467 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/18 19:46:41.0627 UdfReadr_xp (333cccd8ee4465aa96098519d67c8030) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2010/10/18 19:46:41.0787 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/18 19:46:41.0878 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/18 19:46:41.0988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/18 19:46:42.0228 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/18 19:46:42.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/18 19:46:42.0438 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/18 19:46:42.0679 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/18 19:46:42.0829 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/18 19:46:42.0939 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/10/18 19:46:43.0109 V124 (da6252f8c50d558575852635aaccf942) C:\WINDOWS\system32\DRIVERS\v124nt.sys

2010/10/18 19:46:43.0169 Suspicious service (NoAccess): vbmaca10

2010/10/18 19:46:43.0300 vbmaca10 (97b443e6c1aba6df2afb37a76faf975d) C:\WINDOWS\system32\drivers\vbmaca10.sys

2010/10/18 19:46:43.0330 vbmaca10 - detected Locked service (1)

2010/10/18 19:46:43.0520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/18 19:46:43.0640 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/18 19:46:43.0710 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/18 19:46:43.0770 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/18 19:46:43.0930 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/18 19:46:44.0151 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/18 19:46:44.0541 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/18 19:46:44.0732 winachsf (94a247f8ae9df45fa40ff8a5f38bd290) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/18 19:46:45.0002 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

2010/10/18 19:46:45.0272 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/18 19:46:45.0563 WrKPoET2000 (cb162f836d44e3dd9bb35e3a4e1457c6) C:\Program Files\Verizon Online\WinPoET\WrKPoET2000.sys

2010/10/18 19:46:45.0733 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/18 19:46:45.0953 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/18 19:46:46.0044 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/18 19:46:46.0244 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys

2010/10/18 19:46:46.0474 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys

2010/10/18 19:46:47.0075 ================================================================================

2010/10/18 19:46:47.0075 Scan finished

2010/10/18 19:46:47.0075 ================================================================================

2010/10/18 19:46:47.0105 Detected object count: 1

2010/10/18 19:47:16.0347 vbmaca10 (97b443e6c1aba6df2afb37a76faf975d) C:\WINDOWS\system32\drivers\vbmaca10.sys

2010/10/18 19:47:16.0387 C:\WINDOWS\system32\drivers\vbmaca10.sys - quarantined

2010/10/18 19:47:16.0427 Locked service(vbmaca10) - User select action: Quarantine

2010/10/18 19:47:20.0974 ================================================================================

2010/10/18 19:47:20.0974 Scan started

2010/10/18 19:47:20.0974 Mode: Manual;

2010/10/18 19:47:20.0974 ================================================================================

2010/10/18 19:47:21.0745 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/18 19:47:21.0845 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/10/18 19:47:21.0945 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/18 19:47:22.0015 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/18 19:47:22.0075 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/18 19:47:22.0175 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/18 19:47:22.0296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/18 19:47:22.0446 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/18 19:47:22.0526 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/18 19:47:22.0626 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/18 19:47:22.0736 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/18 19:47:22.0796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/18 19:47:22.0866 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/18 19:47:22.0947 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/18 19:47:23.0007 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/18 19:47:23.0057 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/18 19:47:23.0157 ApfiltrService (edafe3f9b356d227ebc031bc3fe5efaa) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/10/18 19:47:23.0287 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/18 19:47:23.0447 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/18 19:47:23.0487 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/18 19:47:23.0557 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/18 19:47:23.0738 ASPI32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/18 19:47:23.0798 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/18 19:47:23.0908 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

2010/10/18 19:47:24.0038 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/18 19:47:24.0148 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/18 19:47:24.0349 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/18 19:47:24.0719 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/18 19:47:24.0789 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/18 19:47:24.0839 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/18 19:47:24.0909 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/18 19:47:24.0980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/18 19:47:25.0160 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/10/18 19:47:25.0220 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/10/18 19:47:25.0300 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/18 19:47:25.0410 cdudf_xp (f6b79f99704bd077bacc972008b6cef5) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2010/10/18 19:47:25.0540 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/18 19:47:25.0630 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/18 19:47:25.0711 Cnxtdiag (152df881731439107a889fbe1df5af6a) C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys

2010/10/18 19:47:25.0871 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/18 19:47:25.0961 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/18 19:47:26.0061 cs429x (53e6f4b94eb64438164348df7dcf35c5) C:\WINDOWS\system32\drivers\cwawdm.sys

2010/10/18 19:47:26.0141 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/18 19:47:26.0201 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/18 19:47:26.0351 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/18 19:47:26.0492 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/18 19:47:26.0742 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/18 19:47:26.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/18 19:47:26.0882 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/18 19:47:27.0012 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/18 19:47:27.0073 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/18 19:47:27.0163 dvd_2K (58dc58adcc27f68ce90eaafc82ba86c2) C:\WINDOWS\system32\drivers\dvd_2K.sys

2010/10/18 19:47:27.0363 EL90XBC (c715dd82b8e72fc11e56ca800f3033ef) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2010/10/18 19:47:27.0513 Fallback (6ad8f8357cf76935e129668e90f7c6d3) C:\WINDOWS\system32\DRIVERS\fallback.sys

2010/10/18 19:47:27.0633 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/18 19:47:27.0713 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/18 19:47:27.0824 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/18 19:47:27.0994 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/18 19:47:28.0054 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/18 19:47:28.0154 Fsks (0a078a2b292f9b7228b6d4baf57dc2e9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys

2010/10/18 19:47:28.0264 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/18 19:47:28.0314 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/18 19:47:28.0414 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/18 19:47:28.0635 GhPciScan (ddb5395d3c385b109b7d3ac57c9bd7a6) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

2010/10/18 19:47:28.0815 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/18 19:47:28.0935 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/18 19:47:29.0025 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys

2010/10/18 19:47:29.0125 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/18 19:47:29.0186 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\system32\DRIVERS\hpt3xx.sys

2010/10/18 19:47:29.0336 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/18 19:47:29.0546 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/18 19:47:29.0616 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/18 19:47:29.0686 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/18 19:47:29.0806 Ich (b2542fec46fc3c0a69d115ea9c8a1e39) C:\WINDOWS\system32\DRIVERS\Ich.sys

2010/10/18 19:47:29.0907 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

2010/10/18 19:47:30.0027 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/18 19:47:30.0127 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/18 19:47:30.0277 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/18 19:47:30.0367 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/18 19:47:30.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/18 19:47:30.0527 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/18 19:47:30.0648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/18 19:47:30.0788 IPSec (06e6bd124f2abbe98151ced46866b283) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/18 19:47:30.0958 IPVNMon (c2c572cc7baaf097ac1e5b875ae8ea45) C:\WINDOWS\system32\drivers\IPVNMon.sys

2010/10/18 19:47:31.0038 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/18 19:47:31.0128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/18 19:47:31.0289 K56 (0964e9d6339ae1efb1ee763b8c8c6d8d) C:\WINDOWS\system32\DRIVERS\k56nt.sys

2010/10/18 19:47:31.0419 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/18 19:47:31.0609 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/18 19:47:31.0719 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/18 19:47:31.0940 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/10/18 19:47:32.0040 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/10/18 19:47:32.0340 mmc_2K (53affcbf196437ea1af1a90d979b65e8) C:\WINDOWS\system32\drivers\mmc_2K.sys

2010/10/18 19:47:32.0390 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/18 19:47:32.0520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/18 19:47:32.0600 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/18 19:47:32.0761 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/18 19:47:32.0911 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/18 19:47:33.0051 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/18 19:47:33.0191 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

2010/10/18 19:47:33.0241 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

2010/10/18 19:47:33.0472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/18 19:47:33.0642 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/18 19:47:33.0732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/18 19:47:33.0822 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/18 19:47:33.0882 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/18 19:47:33.0952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/18 19:47:34.0043 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/18 19:47:34.0213 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/18 19:47:34.0433 NAVAP (4dd5d96e1047ed659e2b0ed2c5060dcc) C:\Program Files\NavNT\NAVAP.sys

2010/10/18 19:47:34.0493 NAVAPEL (bbc32959adb0050c9c4f7c6028f9e394) C:\Program Files\NavNT\NAVAPEL.SYS

2010/10/18 19:47:34.0724 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys

2010/10/18 19:47:34.0924 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys

2010/10/18 19:47:35.0174 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/18 19:47:35.0244 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/18 19:47:35.0314 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/18 19:47:35.0364 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/18 19:47:35.0435 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/18 19:47:35.0485 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/18 19:47:35.0545 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/18 19:47:35.0825 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/18 19:47:35.0895 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/18 19:47:35.0995 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/18 19:47:36.0136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/18 19:47:36.0356 nv (d50dbfcdf05c7b161defcd0fc46e77ae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/18 19:47:36.0696 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys

2010/10/18 19:47:36.0817 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/18 19:47:36.0887 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/18 19:47:36.0987 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/18 19:47:37.0087 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/18 19:47:37.0247 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/18 19:47:37.0347 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/18 19:47:37.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/18 19:47:37.0477 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/18 19:47:37.0578 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/18 19:47:37.0658 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/10/18 19:47:37.0798 PCX500 (81ae6392b21b47202fd6679e7fefbf68) C:\WINDOWS\system32\DRIVERS\pcx500.sys

2010/10/18 19:47:37.0958 PCX500MP (90b87f93cbd0b908dfa0d461cb1e7945) C:\WINDOWS\system32\DRIVERS\pcx500mp.sys

2010/10/18 19:47:38.0189 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/18 19:47:38.0249 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/18 19:47:38.0429 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/18 19:47:38.0499 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/18 19:47:38.0559 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/18 19:47:38.0679 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/18 19:47:38.0809 pwd_2K (0dd842e15314b4565fd114bb863bfa1b) C:\WINDOWS\system32\drivers\pwd_2K.sys

2010/10/18 19:47:39.0020 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/18 19:47:39.0100 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/18 19:47:39.0140 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/18 19:47:39.0190 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/18 19:47:39.0270 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/18 19:47:39.0350 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/18 19:47:39.0460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/18 19:47:39.0601 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/18 19:47:39.0771 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/18 19:47:39.0861 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/18 19:47:39.0931 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/18 19:47:39.0991 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/18 19:47:40.0111 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/18 19:47:40.0201 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/18 19:47:40.0312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/18 19:47:40.0432 Rksample (6ad6f690253757bbff1087e43a2abddd) C:\WINDOWS\system32\DRIVERS\rksample.sys

2010/10/18 19:47:40.0963 SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys

2010/10/18 19:47:41.0103 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/18 19:47:41.0223 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/18 19:47:41.0263 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/18 19:47:41.0373 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys

2010/10/18 19:47:41.0473 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/18 19:47:41.0774 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/18 19:47:41.0904 SoftFax (39ed9327df4c1835fcd23a4445c4c2aa) C:\WINDOWS\system32\DRIVERS\faxnt.sys

2010/10/18 19:47:41.0994 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/18 19:47:42.0084 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/18 19:47:42.0144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/18 19:47:42.0324 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/18 19:47:42.0515 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/18 19:47:42.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/18 19:47:42.0755 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/18 19:47:42.0815 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/18 19:47:43.0035 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS

2010/10/18 19:47:43.0206 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/18 19:47:43.0276 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/18 19:47:43.0396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/18 19:47:43.0576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/18 19:47:43.0646 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/18 19:47:43.0817 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/18 19:47:43.0907 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/18 19:47:44.0057 Tones (a91d9a5bfc4a9c5ea2541d5893d0d18c) C:\WINDOWS\system32\DRIVERS\tonesnt.sys

2010/10/18 19:47:44.0157 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/18 19:47:44.0307 UdfReadr_xp (333cccd8ee4465aa96098519d67c8030) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2010/10/18 19:47:44.0407 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/18 19:47:44.0568 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/18 19:47:44.0688 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/18 19:47:44.0848 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/18 19:47:44.0938 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/18 19:47:45.0028 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/18 19:47:45.0189 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/18 19:47:45.0269 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/18 19:47:45.0369 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/10/18 19:47:45.0509 V124 (da6252f8c50d558575852635aaccf942) C:\WINDOWS\system32\DRIVERS\v124nt.sys

2010/10/18 19:47:45.0559 Suspicious service (NoAccess): vbmaca10

2010/10/18 19:47:45.0639 vbmaca10 (97b443e6c1aba6df2afb37a76faf975d) C:\WINDOWS\system32\drivers\vbmaca10.sys

2010/10/18 19:47:45.0669 vbmaca10 - detected Locked service (1)

2010/10/18 19:47:45.0860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/18 19:47:45.0970 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/18 19:47:46.0010 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/18 19:47:46.0070 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/18 19:47:46.0220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/18 19:47:46.0420 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/18 19:47:46.0731 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/18 19:47:46.0891 winachsf (94a247f8ae9df45fa40ff8a5f38bd290) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/18 19:47:47.0071 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

2010/10/18 19:47:47.0342 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/18 19:47:47.0582 WrKPoET2000 (cb162f836d44e3dd9bb35e3a4e1457c6) C:\Program Files\Verizon Online\WinPoET\WrKPoET2000.sys

2010/10/18 19:47:47.0702 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/18 19:47:47.0943 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/18 19:47:48.0023 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/18 19:47:48.0133 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys

2010/10/18 19:47:48.0273 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys

2010/10/18 19:47:48.0774 ================================================================================

2010/10/18 19:47:48.0774 Scan finished

2010/10/18 19:47:48.0774 ================================================================================

2010/10/18 19:47:48.0804 Detected object count: 1

2010/10/18 19:48:01.0051 HKLM\SYSTEM\ControlSet001\services\vbmaca10 - will be deleted after reboot

2010/10/18 19:48:01.0061 HKLM\SYSTEM\ControlSet003\services\vbmaca10 - will be deleted after reboot

2010/10/18 19:48:01.0061 C:\WINDOWS\system32\drivers\vbmaca10.sys - will be deleted after reboot

2010/10/18 19:48:01.0061 Locked service(vbmaca10) - User select action: Delete

2010/10/18 19:48:08.0432 Deinitialize success

****************************************************

The IPSEC thing looks like the log below:

2010/10/18 20:39:33.0954 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/18 20:39:33.0954 ================================================================================

2010/10/18 20:39:33.0954 SystemInfo:

2010/10/18 20:39:33.0954

2010/10/18 20:39:33.0954 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/18 20:39:33.0954 Product type: Workstation

2010/10/18 20:39:33.0954 ComputerName: CHIEN-LUNG

2010/10/18 20:39:33.0954 UserName: Chien-lung Lee

2010/10/18 20:39:33.0954 Windows directory: C:\WINDOWS

2010/10/18 20:39:33.0954 System windows directory: C:\WINDOWS

2010/10/18 20:39:33.0954 Processor architecture: Intel x86

2010/10/18 20:39:33.0954 Number of processors: 1

2010/10/18 20:39:33.0954 Page size: 0x1000

2010/10/18 20:39:33.0954 Boot type: Normal boot

2010/10/18 20:39:33.0954 ================================================================================

2010/10/18 20:39:37.0429 Initialize success

2010/10/18 20:39:39.0221 ================================================================================

2010/10/18 20:39:39.0221 Scan started

2010/10/18 20:39:39.0221 Mode: Manual;

2010/10/18 20:39:39.0221 ================================================================================

2010/10/18 20:39:47.0553 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/18 20:39:48.0815 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/10/18 20:39:49.0206 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/18 20:39:49.0356 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/18 20:39:50.0057 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/18 20:39:50.0518 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/18 20:39:50.0798 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/18 20:39:51.0870 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/18 20:39:52.0941 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/18 20:39:53.0582 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/18 20:39:53.0953 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/18 20:39:54.0293 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/18 20:39:54.0523 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/18 20:39:55.0034 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/18 20:39:55.0875 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/18 20:39:56.0947 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/18 20:39:58.0209 ApfiltrService (edafe3f9b356d227ebc031bc3fe5efaa) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/10/18 20:40:00.0422 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/18 20:40:03.0056 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/18 20:40:05.0008 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/18 20:40:05.0800 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/18 20:40:06.0891 ASPI32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/18 20:40:08.0003 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/18 20:40:09.0134 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

2010/10/18 20:40:11.0608 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/18 20:40:12.0439 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/18 20:40:13.0841 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/18 20:40:15.0403 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/18 20:40:16.0555 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/18 20:40:17.0717 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/18 20:40:18.0848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/18 20:40:20.0090 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/18 20:40:21.0031 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/10/18 20:40:22.0313 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/10/18 20:40:23.0545 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/18 20:40:24.0657 cdudf_xp (f6b79f99704bd077bacc972008b6cef5) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2010/10/18 20:40:26.0850 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/18 20:40:28.0082 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/18 20:40:28.0823 Cnxtdiag (152df881731439107a889fbe1df5af6a) C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys

2010/10/18 20:40:29.0574 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/18 20:40:31.0106 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/18 20:40:32.0137 cs429x (53e6f4b94eb64438164348df7dcf35c5) C:\WINDOWS\system32\drivers\cwawdm.sys

2010/10/18 20:40:34.0240 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/18 20:40:35.0182 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/18 20:40:37.0054 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/18 20:40:37.0986 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/18 20:40:38.0907 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/18 20:40:39.0488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/18 20:40:40.0169 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/18 20:40:40.0880 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/18 20:40:41.0371 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/18 20:40:42.0342 dvd_2K (58dc58adcc27f68ce90eaafc82ba86c2) C:\WINDOWS\system32\drivers\dvd_2K.sys

2010/10/18 20:40:43.0213 EL90XBC (c715dd82b8e72fc11e56ca800f3033ef) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2010/10/18 20:40:44.0165 Fallback (6ad8f8357cf76935e129668e90f7c6d3) C:\WINDOWS\system32\DRIVERS\fallback.sys

2010/10/18 20:40:44.0535 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/18 20:40:44.0705 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/18 20:40:45.0306 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/18 20:40:45.0757 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/18 20:40:45.0987 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/18 20:40:46.0508 Fsks (0a078a2b292f9b7228b6d4baf57dc2e9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys

2010/10/18 20:40:46.0829 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/18 20:40:47.0069 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/18 20:40:47.0500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/18 20:40:47.0850 GhPciScan (ddb5395d3c385b109b7d3ac57c9bd7a6) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

2010/10/18 20:40:48.0371 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/18 20:40:49.0132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/18 20:40:50.0093 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys

2010/10/18 20:40:51.0085 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/18 20:40:51.0716 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\system32\DRIVERS\hpt3xx.sys

2010/10/18 20:40:52.0266 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/18 20:40:52.0737 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/18 20:40:52.0837 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/18 20:40:52.0927 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/18 20:40:53.0168 Ich (b2542fec46fc3c0a69d115ea9c8a1e39) C:\WINDOWS\system32\DRIVERS\Ich.sys

2010/10/18 20:40:53.0598 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

2010/10/18 20:40:54.0029 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/18 20:40:54.0339 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/18 20:40:54.0500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/18 20:40:54.0630 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/18 20:40:54.0730 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/18 20:40:54.0950 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/18 20:40:55.0090 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/18 20:40:55.0201 IPSec (06e6bd124f2abbe98151ced46866b283) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/18 20:40:55.0201 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 06e6bd124f2abbe98151ced46866b283, Fake md5: 23c74d75e36e7158768dd63d92789a91

2010/10/18 20:40:55.0221 IPSec - detected Forged file (1)

2010/10/18 20:40:55.0401 IPVNMon (c2c572cc7baaf097ac1e5b875ae8ea45) C:\WINDOWS\system32\drivers\IPVNMon.sys

2010/10/18 20:40:55.0581 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/18 20:40:55.0741 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/18 20:40:55.0962 K56 (0964e9d6339ae1efb1ee763b8c8c6d8d) C:\WINDOWS\system32\DRIVERS\k56nt.sys

2010/10/18 20:40:56.0192 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/18 20:40:56.0392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/18 20:40:56.0543 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/18 20:40:56.0813 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/10/18 20:40:57.0033 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/10/18 20:40:57.0284 mmc_2K (53affcbf196437ea1af1a90d979b65e8) C:\WINDOWS\system32\drivers\mmc_2K.sys

2010/10/18 20:40:57.0414 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/18 20:40:57.0704 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/18 20:40:57.0814 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/18 20:40:57.0945 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/18 20:40:58.0115 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/18 20:40:58.0836 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/18 20:40:58.0976 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

2010/10/18 20:40:59.0066 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

2010/10/18 20:40:59.0477 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/18 20:40:59.0657 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/18 20:40:59.0917 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/18 20:41:00.0048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/18 20:41:00.0118 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/18 20:41:00.0238 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/18 20:41:00.0448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/18 20:41:00.0568 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/18 20:41:00.0879 NAVAP (4dd5d96e1047ed659e2b0ed2c5060dcc) C:\Program Files\NavNT\NAVAP.sys

2010/10/18 20:41:00.0959 NAVAPEL (bbc32959adb0050c9c4f7c6028f9e394) C:\Program Files\NavNT\NAVAPEL.SYS

2010/10/18 20:41:01.0219 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys

2010/10/18 20:41:01.0570 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys

2010/10/18 20:41:01.0910 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/18 20:41:02.0010 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/18 20:41:02.0121 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/18 20:41:02.0241 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/18 20:41:02.0351 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/18 20:41:02.0471 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/18 20:41:02.0591 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/18 20:41:02.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/18 20:41:03.0012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/18 20:41:03.0212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/18 20:41:03.0462 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/18 20:41:03.0763 nv (d50dbfcdf05c7b161defcd0fc46e77ae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/18 20:41:03.0963 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys

2010/10/18 20:41:04.0083 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/18 20:41:04.0364 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/18 20:41:04.0864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/18 20:41:05.0045 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/18 20:41:05.0265 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/18 20:41:05.0415 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/18 20:41:05.0515 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/18 20:41:05.0696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/18 20:41:05.0946 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/18 20:41:06.0006 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/10/18 20:41:06.0146 PCX500 (81ae6392b21b47202fd6679e7fefbf68) C:\WINDOWS\system32\DRIVERS\pcx500.sys

2010/10/18 20:41:06.0337 PCX500MP (90b87f93cbd0b908dfa0d461cb1e7945) C:\WINDOWS\system32\DRIVERS\pcx500mp.sys

2010/10/18 20:41:06.0617 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/18 20:41:06.0777 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/18 20:41:07.0008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/18 20:41:07.0108 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/18 20:41:07.0198 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/18 20:41:07.0278 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/18 20:41:07.0378 pwd_2K (0dd842e15314b4565fd114bb863bfa1b) C:\WINDOWS\system32\drivers\pwd_2K.sys

2010/10/18 20:41:07.0548 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/18 20:41:07.0679 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/18 20:41:07.0739 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/18 20:41:07.0819 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/18 20:41:07.0899 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/18 20:41:07.0979 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/18 20:41:08.0079 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/18 20:41:08.0239 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/18 20:41:08.0329 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/18 20:41:08.0440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/18 20:41:08.0580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/18 20:41:08.0700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/18 20:41:08.0830 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/18 20:41:08.0950 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/18 20:41:09.0101 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/18 20:41:09.0271 Rksample (6ad6f690253757bbff1087e43a2abddd) C:\WINDOWS\system32\DRIVERS\rksample.sys

2010/10/18 20:41:09.0571 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\CHIEN-~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS

2010/10/18 20:41:09.0641 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\CHIEN-~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS

2010/10/18 20:41:09.0852 SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys

2010/10/18 20:41:10.0012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/18 20:41:10.0162 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/18 20:41:10.0322 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/18 20:41:10.0533 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys

2010/10/18 20:41:10.0673 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/18 20:41:10.0993 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/18 20:41:11.0144 SoftFax (39ed9327df4c1835fcd23a4445c4c2aa) C:\WINDOWS\system32\DRIVERS\faxnt.sys

2010/10/18 20:41:11.0254 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/18 20:41:11.0464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/18 20:41:11.0554 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/18 20:41:11.0724 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/18 20:41:11.0845 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/18 20:41:11.0925 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/18 20:41:12.0015 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/18 20:41:12.0085 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/18 20:41:12.0305 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS

2010/10/18 20:41:12.0546 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/18 20:41:12.0626 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/18 20:41:12.0736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/18 20:41:12.0906 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/18 20:41:13.0026 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/18 20:41:13.0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/18 20:41:13.0337 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/18 20:41:13.0507 Tones (a91d9a5bfc4a9c5ea2541d5893d0d18c) C:\WINDOWS\system32\DRIVERS\tonesnt.sys

2010/10/18 20:41:13.0587 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/18 20:41:13.0737 UdfReadr_xp (333cccd8ee4465aa96098519d67c8030) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2010/10/18 20:41:13.0827 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/18 20:41:13.0948 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/18 20:41:14.0258 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/18 20:41:14.0488 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/18 20:41:14.0719 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/18 20:41:14.0949 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/18 20:41:15.0059 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/18 20:41:15.0189 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/18 20:41:15.0380 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/10/18 20:41:15.0690 V124 (da6252f8c50d558575852635aaccf942) C:\WINDOWS\system32\DRIVERS\v124nt.sys

2010/10/18 20:41:15.0800 Suspicious service (NoAccess): vbmaca10

2010/10/18 20:41:15.0890 vbmaca10 (97b443e6c1aba6df2afb37a76faf975d) C:\WINDOWS\system32\drivers\vbmaca10.sys

2010/10/18 20:41:15.0940 vbmaca10 - detected Locked service (1)

2010/10/18 20:41:16.0061 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/18 20:41:16.0231 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/18 20:41:16.0281 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/18 20:41:16.0341 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/18 20:41:16.0521 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/18 20:41:16.0762 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/18 20:41:16.0922 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/18 20:41:17.0122 winachsf (94a247f8ae9df45fa40ff8a5f38bd290) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/18 20:41:17.0403 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

2010/10/18 20:41:17.0583 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/18 20:41:17.0883 WrKPoET2000 (cb162f836d44e3dd9bb35e3a4e1457c6) C:\Program Files\Verizon Online\WinPoET\WrKPoET2000.sys

2010/10/18 20:41:18.0134 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/18 20:41:18.0264 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/18 20:41:18.0374 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/18 20:41:18.0514 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys

2010/10/18 20:41:18.0795 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys

2010/10/18 20:41:19.0385 ================================================================================

2010/10/18 20:41:19.0385 Scan finished

2010/10/18 20:41:19.0385 ================================================================================

2010/10/18 20:41:19.0415 Detected object count: 2

2010/10/18 20:41:47.0806 HKLM\SYSTEM\ControlSet001\services\IPSec - will be deleted after reboot

2010/10/18 20:41:47.0816 HKLM\SYSTEM\ControlSet003\services\IPSec - will be deleted after reboot

2010/10/18 20:41:47.0816 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be deleted after reboot

2010/10/18 20:41:47.0816 Forged file(IPSec) - User select action: Delete

2010/10/18 20:41:47.0816 HKLM\SYSTEM\ControlSet001\services\vbmaca10 - will be deleted after reboot

2010/10/18 20:41:47.0816 HKLM\SYSTEM\ControlSet003\services\vbmaca10 - will be deleted after reboot

2010/10/18 20:41:47.0816 C:\WINDOWS\system32\drivers\vbmaca10.sys - will be deleted after reboot

2010/10/18 20:41:47.0816 Locked service(vbmaca10) - User select action: Delete

2010/10/18 20:41:52.0022 Deinitialize success

**************************************************************

Link to post
Share on other sites

Let's hope it does. I never had any success running fixcombo in normal mode or safe mode before . The program does start up in a small "auto run" window. When it tries to generate a restore point, it displays "access denied". The program will continue to run. When it tries to scan and remove, it will get "7 access denied" messages. After that, it will just sit there and do nothing.

Do you know why it's getting acess deny message?

Link to post
Share on other sites

Let's hope it does. I never had any success running fixcombo in normal mode or safe mode before . The program does start up in a small "auto run" window. When it tries to generate a restore point, it displays "access denied". The program will continue to run. When it tries to scan and remove, it will get "7 access denied" messages. After that, it will just sit there and do nothing.

Do you know why it's getting acess deny message?

Yes. Because of these:

2010/10/18 20:41:47.0806 HKLM\SYSTEM\ControlSet001\services\IPSec - will be deleted after reboot

2010/10/18 20:41:47.0816 HKLM\SYSTEM\ControlSet003\services\IPSec - will be deleted after reboot

2010/10/18 20:41:47.0816 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be deleted after reboot

2010/10/18 20:41:47.0816 Forged file(IPSec) - User select action: Delete

2010/10/18 20:41:47.0816 HKLM\SYSTEM\ControlSet001\services\vbmaca10 - will be deleted after reboot

2010/10/18 20:41:47.0816 HKLM\SYSTEM\ControlSet003\services\vbmaca10 - will be deleted after reboot

2010/10/18 20:41:47.0816 C:\WINDOWS\system32\drivers\vbmaca10.sys - will be deleted after reboot

2010/10/18 20:41:47.0816 Locked service(vbmaca10)

This infection keeps morphing accross the internet.

Link to post
Share on other sites

Hi,

Looks like combofix finished scanning and generated a reporrt!

ComboFix 10-10-16.04 - Chien-lung Lee 10/19/2010 7:32.1.1 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.801 [GMT -4:00]

Running from: c:\documents and settings\Chien-lung Lee\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\.wtav

c:\documents and settings\Chien-lung Lee\pev.exe

c:\my document\Music\paul_mauriat_cd1\_desktop.ini

c:\my document\Music\shiji_jingdian\_desktop.ini

C:\s

c:\windows\googletoolbar4user.exe

c:\windows\system32\11478.exe

c:\windows\system32\11942.exe

c:\windows\system32\12382.exe

c:\windows\system32\14604.exe

c:\windows\system32\153.exe

c:\windows\system32\15724.exe

c:\windows\system32\16827.exe

c:\windows\system32\17421.exe

c:\windows\system32\18467.exe

c:\windows\system32\18716.exe

c:\windows\system32\19169.exe

c:\windows\system32\19718.exe

c:\windows\system32\19895.exe

c:\windows\system32\23281.exe

c:\windows\system32\24464.exe

c:\windows\system32\26500.exe

c:\windows\system32\26962.exe

c:\windows\system32\28145.exe

c:\windows\system32\292.exe

c:\windows\system32\29358.exe

c:\windows\system32\2995.exe

c:\windows\system32\32391.exe

c:\windows\system32\3902.exe

c:\windows\system32\4827.exe

c:\windows\system32\491.exe

c:\windows\system32\5436.exe

c:\windows\system32\5447.exe

c:\windows\system32\5705.exe

c:\windows\system32\6334.exe

c:\windows\system32\9961.exe

c:\windows\system32\tmp.reg

c:\windows\system32\USRINI~1.EXE

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_USERINIT

-------\Service_userinit

-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))

.

2010-10-19 00:42 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-19 00:42 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 23:47 . 2010-10-18 23:47 -------- d-----w- C:\TDSSKiller_Quarantine

2010-10-17 22:51 . 2009-09-07 18:02 27944 ----a-w- c:\windows\system32\sbbd.exe

2010-10-17 19:56 . 2010-10-17 19:56 -------- d-----w- c:\documents and settings\Chien-lung Lee\Application Data\SUPERAntiSpyware.com

2010-10-17 19:56 . 2010-10-17 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-17 18:00 . 2010-10-17 18:32 -------- d-----w- C:\Combo-Fix

2010-10-17 17:42 . 2010-10-17 17:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-10-17 17:42 . 2010-10-17 17:42 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-10-17 17:41 . 2010-10-17 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-10-17 13:08 . 2010-10-17 13:08 -------- d--h--w- c:\windows\PIF

2010-10-17 01:03 . 2010-10-17 01:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2010-10-07 02:56 . 2010-10-07 02:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-02-10 4501504]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2001-11-06 131072]

"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2002-02-01 189476]

"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]

"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2006-01-21 679936]

"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]

"nwiz"="nwiz.exe" [2003-02-10 323584]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-17 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-05-28 94208]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-28 122368]

"ACUMon"="c:\program files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" [2003-09-30 217088]

"vptray"="c:\program files\NavNT\vptray.exe" [2002-02-21 73728]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-10-17 6238016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-7-20 106560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [7/12/2010 9:58 PM 64288]

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [5/28/2003 7:01 PM 5632]

R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [7/10/2010 11:10 AM 93872]

R3 Ich;Ich;c:\windows\SYSTEM32\DRIVERS\Ich.sys [1/13/2002 4:25 AM 65916]

R3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\SYSTEM32\DRIVERS\pcx500.sys [1/4/2010 9:10 PM 106496]

S0 vvakal;vvakal;c:\windows\system32\drivers\uubq.sys --> c:\windows\system32\drivers\uubq.sys [?]

S1 MpKsl21e7466b;MpKsl21e7466b;\??\c:\windows\system32\MpEngineStore\MpKsl21e7466b.sys --> c:\windows\system32\MpEngineStore\MpKsl21e7466b.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\CHIEN-~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\CHIEN-~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\CHIEN-~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\CHIEN-~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 9:04 PM 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1357464]

S3 DFBCFDBA;DFBCFDBA; [x]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\SYSTEM32\DRIVERS\hitmanpro35.sys [10/17/2010 1:42 PM 16968]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 10:12 PM 15008]

S3 Normandy;Normandy SR2; [x]

S3 PCX500MP;Cisco 350 Series Lower Device Filter;c:\windows\SYSTEM32\DRIVERS\pcx500mp.sys [1/4/2010 9:14 PM 4990]

S3 WrKPoET2000;WrKPoET2000;c:\program files\Verizon Online\WinPoET\WrKPoET2000.sys [8/3/2002 11:02 AM 52354]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\WUSB54GCv3.sys [12/22/2009 9:46 PM 627072]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

.

Contents of the 'Scheduled Tasks' folder

2010-10-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 02:22]

2010-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 01:03]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 01:03]

2010-10-19 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-03-01 17:24]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = hxxp://www.sierraimaging.com/general/IE2000/dell/upgrade3-3.html

uInternet Settings,ProxyOverride = 127.0.0.1

uCustomizeSearch = nov

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\Verizon Online\ControlPad\Misc\a_menu.exe

LSP: winsock.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {ADC16E87-FAFB-4A89-95BA-87C51DC42E66} - hxxp://d.sogou.com/tools/DownloadMusic.cab

FF - ProfilePath - c:\documents and settings\Chien-lung Lee\Application Data\Mozilla\Firefox\Profiles\74zjsqai.default\

FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)

SafeBoot-klmdb.sys

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(432)

c:\windows\system32\cswGina.dll

c:\windows\system32\ACrd10SM.dll

c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(3132)

c:\windows\system32\WININET.dll

c:\progra~1\Verizon\SMARTB~1\SBHook.dll

c:\progra~1\WINDOW~3\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Apoint\Apoint.DLL

c:\windows\system32\Vxdif.dll

c:\progra~1\Dell\ACCESS~1\Dadkeyb.dll

c:\progra~1\WINZIP\WZSHLSTB.DLL

c:\progra~1\WINZIP\wzshlex1.dll

c:\progra~1\WINZIP\WZCAB3.DLL

c:\program files\Malwarebytes' Anti-Malware\mbamext.dll

c:\program files\Common Files\Symantec Shared\SSC\vpshell2.dll

c:\program files\Lavasoft\Ad-Aware\ShellExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\NavNT\defwatch.exe

c:\progra~1\Symantec\NORTON~1\GHOSTS~2.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\NavNT\rtvscan.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Verizon Online\WinPoET\WrOS.EXE

c:\windows\system32\ZuneBusEnum.exe

c:\windows\system32\MsgSys.EXE

c:\windows\system32\wscntfy.exe

c:\program files\Dell\AccessDirect\DadTray.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Microsoft ActiveSync\Wcescomm.exe

.

**************************************************************************

.

Completion time: 2010-10-19 19:38:51 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-19 23:38

Pre-Run: 46,436,634,624 bytes free

Post-Run: 45,451,034,624 bytes free

- - End Of File - - 5AE48C29DAB7C98F4653DA935E7B53BD

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.