Jump to content

Antivirus 2010 - MBAM won't launch


Recommended Posts

I'm running Windows XP SP3 Professional. A few days ago I contracted a trojan. I thought I removed it with Microsoft Security Essentials and I ran a few scans with Trend Micro HouseCall and removed a few things. I also ran a few scans with MBAM but it found nothing. This morning with Antivirus 2010 on my computer. My MBAM won't launch - it reads "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item". Prior to my contacting Antivirus 2010 (or before it popped up), I was trying to launch my Microsoft Security Essentials update but it failed - error code 80080005. My Windows update does not launch either. I just downloaded Hijack This try to get a log, then the app closed on me and the same message with MBAM popped up.

Link to post
Share on other sites

  • Replies 75
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

See if you can run TDSSKiller, if it doesn't run try renaming it to explorer.exe, userinit.exe, winlogon.exe or any file ending in .com or .scr

Try in safe mode if that doesn't work.

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

Let me know, MrC

Link to post
Share on other sites

Thank you for the welcome and for your prompt reply. The program worked, here is the log:

2010/10/24 19:55:02.0828 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/24 19:55:02.0828 ================================================================================

2010/10/24 19:55:02.0828 SystemInfo:

2010/10/24 19:55:02.0828

2010/10/24 19:55:02.0828 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/24 19:55:02.0828 Product type: Workstation

2010/10/24 19:55:02.0828 ComputerName: PETE

2010/10/24 19:55:02.0828 UserName: PT

2010/10/24 19:55:02.0828 Windows directory: E:\WINDOWS

2010/10/24 19:55:02.0828 System windows directory: E:\WINDOWS

2010/10/24 19:55:02.0828 Processor architecture: Intel x86

2010/10/24 19:55:02.0828 Number of processors: 2

2010/10/24 19:55:02.0828 Page size: 0x1000

2010/10/24 19:55:02.0828 Boot type: Normal boot

2010/10/24 19:55:02.0828 ================================================================================

2010/10/24 19:55:03.0500 Initialize success

2010/10/24 19:55:07.0062 ================================================================================

2010/10/24 19:55:07.0062 Scan started

2010/10/24 19:55:07.0062 Mode: Manual;

2010/10/24 19:55:07.0062 ================================================================================

2010/10/24 19:55:08.0468 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/24 19:55:08.0515 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/24 19:55:08.0578 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/24 19:55:08.0625 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/24 19:55:08.0781 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/24 19:55:08.0843 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/24 19:55:08.0906 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/24 19:55:09.0015 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/24 19:55:09.0015 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/24 19:55:09.0140 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/24 19:55:09.0203 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/24 19:55:09.0250 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/24 19:55:09.0281 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/24 19:55:09.0343 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/24 19:55:09.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/24 19:55:09.0390 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/24 19:55:09.0406 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/24 19:55:09.0546 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/24 19:55:09.0593 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/24 19:55:09.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/24 19:55:09.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/24 19:55:09.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/24 19:55:09.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/24 19:55:09.0750 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/24 19:55:09.0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/24 19:55:09.0796 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/24 19:55:09.0828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/24 19:55:09.0859 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/24 19:55:09.0875 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/24 19:55:09.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/24 19:55:10.0046 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/24 19:55:10.0625 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/24 19:55:10.0656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/24 19:55:10.0687 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/24 19:55:10.0765 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/24 19:55:10.0843 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/24 19:55:10.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/24 19:55:11.0015 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/24 19:55:11.0218 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/24 19:55:11.0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/24 19:55:11.0343 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/24 19:55:11.0375 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/24 19:55:11.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/24 19:55:11.0421 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/24 19:55:11.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/24 19:55:11.0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/24 19:55:11.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/24 19:55:11.0515 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/24 19:55:11.0546 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/24 19:55:11.0578 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/24 19:55:11.0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/24 19:55:11.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/24 19:55:11.0734 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/24 19:55:11.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/24 19:55:11.0781 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/24 19:55:11.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/24 19:55:11.0843 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/24 19:55:11.0875 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/24 19:55:11.0906 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/24 19:55:11.0937 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/24 19:55:11.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/24 19:55:11.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/24 19:55:12.0000 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/24 19:55:12.0031 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/24 19:55:12.0046 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/24 19:55:12.0109 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/24 19:55:12.0140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/24 19:55:12.0171 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/24 19:55:12.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/24 19:55:12.0203 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/24 19:55:12.0218 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/24 19:55:12.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/24 19:55:12.0281 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/24 19:55:12.0296 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/24 19:55:12.0343 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/24 19:55:12.0359 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/24 19:55:12.0390 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/24 19:55:12.0453 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/24 19:55:12.0484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/24 19:55:12.0500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/24 19:55:12.0515 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/24 19:55:12.0546 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/24 19:55:12.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/24 19:55:12.0578 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/24 19:55:12.0593 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/24 19:55:12.0625 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/24 19:55:12.0656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/24 19:55:12.0687 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/24 19:55:12.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/24 19:55:12.0828 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/24 19:55:12.0859 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/24 19:55:12.0875 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/24 19:55:12.0890 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/24 19:55:12.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/24 19:55:13.0000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/24 19:55:13.0031 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/24 19:55:13.0046 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/24 19:55:13.0093 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/24 19:55:13.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/24 19:55:13.0125 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/24 19:55:13.0156 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/24 19:55:13.0156 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/24 19:55:13.0156 rdpdr - detected Forged file (1)

2010/10/24 19:55:13.0187 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/24 19:55:13.0218 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/24 19:55:13.0328 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/24 19:55:13.0390 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/24 19:55:13.0453 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/24 19:55:13.0484 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/24 19:55:13.0500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/24 19:55:13.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/24 19:55:13.0609 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/24 19:55:13.0671 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/24 19:55:13.0671 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/24 19:55:13.0671 sptd - detected Locked file (1)

2010/10/24 19:55:13.0703 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/24 19:55:13.0781 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/24 19:55:13.0812 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/24 19:55:13.0843 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/24 19:55:13.0875 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/24 19:55:13.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/24 19:55:14.0031 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/24 19:55:14.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/24 19:55:14.0093 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/24 19:55:14.0125 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/24 19:55:14.0187 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/24 19:55:14.0250 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/24 19:55:14.0281 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/24 19:55:14.0296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/24 19:55:14.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/24 19:55:14.0328 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/24 19:55:14.0359 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/24 19:55:14.0375 Suspicious service (NoAccess): vbmac1aa

2010/10/24 19:55:14.0406 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/24 19:55:14.0406 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/24 19:55:14.0406 vbmac1aa - detected Locked service (1)

2010/10/24 19:55:14.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/24 19:55:14.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/24 19:55:14.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/24 19:55:14.0531 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/24 19:55:15.0796 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/24 19:55:15.0890 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/24 19:55:15.0890 ================================================================================

2010/10/24 19:55:15.0890 Scan finished

2010/10/24 19:55:15.0890 ================================================================================

2010/10/24 19:55:15.0906 Detected object count: 4

2010/10/24 19:55:21.0671 Forged file(rdpdr) - User select action: Skip

2010/10/24 19:55:21.0687 Locked file(sptd) - User select action: Skip

2010/10/24 19:55:21.0687 Locked service(vbmac1aa) - User select action: Skip

2010/10/24 19:55:21.0875 \HardDisk0\MBR - will be cured after reboot

2010/10/24 19:55:21.0875 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

Link to post
Share on other sites

OK, we found the culprits;

2010/10/24 19:55:15.0906 Detected object count: 4

2010/10/24 19:55:21.0671 Forged file(rdpdr) - User select action: Skip <-----Cure this one

2010/10/24 19:55:21.0687 Locked file(sptd) - User select action: Skip <----this one is OK

2010/10/24 19:55:21.0687 Locked service(vbmac1aa) - User select action: Skip <----delete/quarantine this one

2010/10/24 19:55:21.0875 \HardDisk0\MBR - will be cured after reboot

2010/10/24 19:55:21.0875 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

Run TDSSKiller again but this time...

Choose Cure for this one if listed

2010/10/24 19:55:21.0671 Forged file(rdpdr) - <-----Cure this one if listed

2010/10/24 19:55:21.0687 Locked service(vbmac1aa) - <----delete/quarantine this one

Post the log, then run TDSSKiller again and post that log, MrC

Link to post
Share on other sites

2010/10/25 07:47:57.0421 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/25 07:47:57.0421 ================================================================================

2010/10/25 07:47:57.0421 SystemInfo:

2010/10/25 07:47:57.0421

2010/10/25 07:47:57.0421 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/25 07:47:57.0421 Product type: Workstation

2010/10/25 07:47:57.0421 ComputerName: PETE

2010/10/25 07:47:57.0421 UserName: PT

2010/10/25 07:47:57.0421 Windows directory: E:\WINDOWS

2010/10/25 07:47:57.0421 System windows directory: E:\WINDOWS

2010/10/25 07:47:57.0421 Processor architecture: Intel x86

2010/10/25 07:47:57.0421 Number of processors: 2

2010/10/25 07:47:57.0421 Page size: 0x1000

2010/10/25 07:47:57.0421 Boot type: Normal boot

2010/10/25 07:47:57.0421 ================================================================================

2010/10/25 07:47:57.0875 Initialize success

2010/10/25 07:48:00.0671 ================================================================================

2010/10/25 07:48:00.0671 Scan started

2010/10/25 07:48:00.0671 Mode: Manual;

2010/10/25 07:48:00.0671 ================================================================================

2010/10/25 07:48:02.0203 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 07:48:02.0250 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 07:48:02.0312 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/25 07:48:02.0359 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/25 07:48:02.0578 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/25 07:48:03.0171 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/25 07:48:03.0234 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/25 07:48:03.0375 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 07:48:03.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 07:48:03.0578 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/25 07:48:03.0640 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 07:48:03.0687 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 07:48:03.0734 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 07:48:03.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 07:48:03.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 07:48:03.0843 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 07:48:03.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 07:48:04.0015 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 07:48:04.0062 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 07:48:04.0093 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 07:48:04.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 07:48:04.0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 07:48:04.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 07:48:04.0265 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 07:48:04.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 07:48:04.0312 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 07:48:04.0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 07:48:04.0343 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/25 07:48:04.0359 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 07:48:04.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 07:48:04.0468 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/25 07:48:05.0078 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 07:48:05.0109 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 07:48:05.0140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 07:48:05.0218 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 07:48:05.0296 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 07:48:05.0390 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 07:48:05.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 07:48:05.0656 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 07:48:05.0750 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/25 07:48:05.0765 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 07:48:05.0796 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 07:48:05.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 07:48:05.0843 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 07:48:05.0859 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 07:48:05.0890 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 07:48:05.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 07:48:05.0937 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 07:48:05.0953 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 07:48:05.0968 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 07:48:06.0046 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 07:48:06.0078 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 07:48:06.0109 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/25 07:48:06.0140 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 07:48:06.0171 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 07:48:06.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 07:48:06.0218 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/25 07:48:06.0296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 07:48:06.0343 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 07:48:06.0375 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 07:48:06.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 07:48:06.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 07:48:06.0453 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 07:48:06.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 07:48:06.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 07:48:06.0578 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 07:48:06.0609 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 07:48:06.0656 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 07:48:06.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 07:48:06.0687 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 07:48:06.0718 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 07:48:06.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 07:48:06.0781 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/25 07:48:06.0812 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/25 07:48:06.0859 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/25 07:48:06.0875 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 07:48:06.0921 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 07:48:06.0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/25 07:48:07.0015 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 07:48:07.0031 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 07:48:07.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/25 07:48:07.0093 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 07:48:07.0109 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 07:48:07.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 07:48:07.0156 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 07:48:07.0187 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 07:48:07.0218 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 07:48:07.0250 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 07:48:07.0390 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 07:48:07.0406 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/25 07:48:07.0468 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 07:48:07.0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 07:48:07.0500 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/25 07:48:07.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 07:48:07.0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 07:48:07.0671 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 07:48:07.0703 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 07:48:07.0750 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/25 07:48:07.0765 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 07:48:07.0781 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 07:48:07.0796 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 07:48:07.0796 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 07:48:07.0812 rdpdr - detected Forged file (1)

2010/10/25 07:48:07.0843 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 07:48:07.0875 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 07:48:08.0000 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/25 07:48:08.0078 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 07:48:08.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 07:48:08.0171 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 07:48:08.0187 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 07:48:08.0218 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 07:48:08.0296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 07:48:08.0359 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/25 07:48:08.0359 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/25 07:48:08.0359 sptd - detected Locked file (1)

2010/10/25 07:48:08.0390 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 07:48:08.0453 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 07:48:08.0500 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/25 07:48:08.0531 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 07:48:08.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 07:48:08.0656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 07:48:08.0703 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 07:48:08.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 07:48:08.0765 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 07:48:08.0781 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 07:48:08.0859 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 07:48:08.0906 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 07:48:08.0937 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 07:48:08.0953 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 07:48:08.0968 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 07:48:08.0984 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/25 07:48:09.0015 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 07:48:09.0031 Suspicious service (NoAccess): vbmac1aa

2010/10/25 07:48:09.0062 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 07:48:09.0062 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 07:48:09.0062 vbmac1aa - detected Locked service (1)

2010/10/25 07:48:09.0078 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/25 07:48:09.0125 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 07:48:09.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 07:48:09.0250 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 07:48:09.0312 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/25 07:48:09.0500 ================================================================================

2010/10/25 07:48:09.0500 Scan finished

2010/10/25 07:48:09.0500 ================================================================================

2010/10/25 07:48:09.0515 Detected object count: 3

2010/10/25 07:48:22.0234 Forged file(rdpdr) - User select action: Skip

2010/10/25 07:48:22.0234 Locked file(sptd) - User select action: Skip

2010/10/25 07:48:22.0250 Locked service(vbmac1aa) - User select action: Skip

2010/10/25 07:49:05.0734 ================================================================================

2010/10/25 07:49:05.0734 Scan started

2010/10/25 07:49:05.0734 Mode: Manual;

2010/10/25 07:49:05.0734 ================================================================================

2010/10/25 07:49:06.0703 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 07:49:06.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 07:49:06.0781 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/25 07:49:06.0828 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/25 07:49:06.0953 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/25 07:49:07.0000 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/25 07:49:07.0031 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/25 07:49:07.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 07:49:07.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 07:49:07.0265 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/25 07:49:07.0312 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 07:49:07.0359 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 07:49:07.0406 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 07:49:07.0468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 07:49:07.0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 07:49:07.0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 07:49:07.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 07:49:07.0671 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 07:49:07.0718 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 07:49:07.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 07:49:07.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 07:49:07.0781 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 07:49:07.0812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 07:49:07.0859 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 07:49:07.0875 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 07:49:07.0890 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 07:49:07.0921 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 07:49:07.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/25 07:49:07.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 07:49:07.0968 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 07:49:08.0093 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/25 07:49:08.0109 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 07:49:08.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 07:49:08.0140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 07:49:08.0187 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 07:49:08.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 07:49:08.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 07:49:08.0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 07:49:08.0468 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 07:49:08.0531 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/25 07:49:08.0546 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 07:49:08.0578 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 07:49:08.0593 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 07:49:08.0625 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 07:49:08.0656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 07:49:08.0687 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 07:49:08.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 07:49:08.0734 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 07:49:08.0750 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 07:49:08.0781 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 07:49:08.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 07:49:08.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 07:49:08.0937 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/25 07:49:08.0968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 07:49:09.0015 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 07:49:09.0031 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 07:49:09.0078 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/25 07:49:09.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 07:49:09.0156 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 07:49:09.0187 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 07:49:09.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 07:49:09.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 07:49:09.0250 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 07:49:09.0265 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 07:49:09.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 07:49:09.0343 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 07:49:09.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 07:49:09.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 07:49:09.0406 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 07:49:09.0421 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 07:49:09.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 07:49:09.0468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 07:49:09.0500 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/25 07:49:09.0531 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/25 07:49:09.0578 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/25 07:49:09.0593 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 07:49:09.0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 07:49:09.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/25 07:49:09.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 07:49:09.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 07:49:09.0734 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/25 07:49:09.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 07:49:09.0781 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 07:49:09.0812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 07:49:09.0828 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 07:49:09.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 07:49:09.0890 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 07:49:09.0921 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 07:49:10.0062 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 07:49:10.0078 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/25 07:49:10.0093 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 07:49:10.0109 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 07:49:10.0140 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/25 07:49:10.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 07:49:10.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 07:49:10.0265 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 07:49:10.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 07:49:10.0343 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/25 07:49:10.0359 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 07:49:10.0359 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 07:49:10.0390 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 07:49:10.0390 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 07:49:10.0390 rdpdr - detected Forged file (1)

2010/10/25 07:49:10.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 07:49:10.0453 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 07:49:10.0531 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/25 07:49:10.0562 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 07:49:10.0625 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 07:49:10.0640 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 07:49:10.0671 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 07:49:10.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 07:49:10.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 07:49:10.0828 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/25 07:49:10.0828 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/25 07:49:10.0828 sptd - detected Locked file (1)

2010/10/25 07:49:10.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 07:49:10.0906 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 07:49:10.0937 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/25 07:49:10.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 07:49:10.0984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 07:49:11.0093 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 07:49:11.0125 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 07:49:11.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 07:49:11.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 07:49:11.0203 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 07:49:11.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 07:49:11.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 07:49:11.0343 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 07:49:11.0359 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 07:49:11.0375 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 07:49:11.0390 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/25 07:49:11.0406 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 07:49:11.0421 Suspicious service (NoAccess): vbmac1aa

2010/10/25 07:49:11.0453 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 07:49:11.0453 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 07:49:11.0468 vbmac1aa - detected Locked service (1)

2010/10/25 07:49:11.0468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/25 07:49:11.0515 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 07:49:11.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 07:49:11.0578 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 07:49:11.0656 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/25 07:49:11.0796 ================================================================================

2010/10/25 07:49:11.0796 Scan finished

2010/10/25 07:49:11.0796 ================================================================================

2010/10/25 07:49:11.0812 Detected object count: 3

2010/10/25 07:50:05.0000 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 07:50:05.0015 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 07:50:05.0015 E:\WINDOWS\system32\DRIVERS\rdpdr.sys - quarantined

2010/10/25 07:50:05.0015 Forged file(rdpdr) - User select action: Quarantine

2010/10/25 07:50:05.0015 Locked file(sptd) - User select action: Skip

2010/10/25 07:50:05.0046 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 07:50:05.0046 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 07:50:05.0046 E:\WINDOWS\system32\drivers\vbmac1aa.sys - quarantined

2010/10/25 07:50:05.0046 Locked service(vbmac1aa) - User select action: Quarantine

Second Scan

2010/10/25 07:47:57.0421 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/25 07:47:57.0421 ================================================================================

2010/10/25 07:47:57.0421 SystemInfo:

2010/10/25 07:47:57.0421

2010/10/25 07:47:57.0421 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/25 07:47:57.0421 Product type: Workstation

2010/10/25 07:47:57.0421 ComputerName: PETE

2010/10/25 07:47:57.0421 UserName: PT

2010/10/25 07:47:57.0421 Windows directory: E:\WINDOWS

2010/10/25 07:47:57.0421 System windows directory: E:\WINDOWS

2010/10/25 07:47:57.0421 Processor architecture: Intel x86

2010/10/25 07:47:57.0421 Number of processors: 2

2010/10/25 07:47:57.0421 Page size: 0x1000

2010/10/25 07:47:57.0421 Boot type: Normal boot

2010/10/25 07:47:57.0421 ================================================================================

2010/10/25 07:47:57.0875 Initialize success

2010/10/25 07:48:00.0671 ================================================================================

2010/10/25 07:48:00.0671 Scan started

2010/10/25 07:48:00.0671 Mode: Manual;

2010/10/25 07:48:00.0671 ================================================================================

2010/10/25 07:48:02.0203 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 07:48:02.0250 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 07:48:02.0312 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/25 07:48:02.0359 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/25 07:48:02.0578 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/25 07:48:03.0171 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/25 07:48:03.0234 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/25 07:48:03.0375 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 07:48:03.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 07:48:03.0578 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/25 07:48:03.0640 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 07:48:03.0687 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 07:48:03.0734 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 07:48:03.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 07:48:03.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 07:48:03.0843 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 07:48:03.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 07:48:04.0015 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 07:48:04.0062 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 07:48:04.0093 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 07:48:04.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 07:48:04.0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 07:48:04.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 07:48:04.0265 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 07:48:04.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 07:48:04.0312 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 07:48:04.0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 07:48:04.0343 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/25 07:48:04.0359 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 07:48:04.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 07:48:04.0468 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/25 07:48:05.0078 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 07:48:05.0109 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 07:48:05.0140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 07:48:05.0218 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 07:48:05.0296 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 07:48:05.0390 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 07:48:05.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 07:48:05.0656 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 07:48:05.0750 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/25 07:48:05.0765 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 07:48:05.0796 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 07:48:05.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 07:48:05.0843 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 07:48:05.0859 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 07:48:05.0890 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 07:48:05.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 07:48:05.0937 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 07:48:05.0953 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 07:48:05.0968 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 07:48:06.0046 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 07:48:06.0078 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 07:48:06.0109 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/25 07:48:06.0140 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 07:48:06.0171 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 07:48:06.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 07:48:06.0218 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/25 07:48:06.0296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 07:48:06.0343 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 07:48:06.0375 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 07:48:06.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 07:48:06.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 07:48:06.0453 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 07:48:06.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 07:48:06.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 07:48:06.0578 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 07:48:06.0609 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 07:48:06.0656 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 07:48:06.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 07:48:06.0687 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 07:48:06.0718 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 07:48:06.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 07:48:06.0781 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/25 07:48:06.0812 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/25 07:48:06.0859 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/25 07:48:06.0875 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 07:48:06.0921 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 07:48:06.0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/25 07:48:07.0015 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 07:48:07.0031 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 07:48:07.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/25 07:48:07.0093 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 07:48:07.0109 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 07:48:07.0125 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 07:48:07.0156 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 07:48:07.0187 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 07:48:07.0218 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 07:48:07.0250 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 07:48:07.0390 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 07:48:07.0406 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/25 07:48:07.0468 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 07:48:07.0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 07:48:07.0500 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/25 07:48:07.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 07:48:07.0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 07:48:07.0671 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 07:48:07.0703 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 07:48:07.0750 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/25 07:48:07.0765 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 07:48:07.0781 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 07:48:07.0796 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 07:48:07.0796 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 07:48:07.0812 rdpdr - detected Forged file (1)

2010/10/25 07:48:07.0843 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 07:48:07.0875 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 07:48:08.0000 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/25 07:48:08.0078 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 07:48:08.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 07:48:08.0171 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 07:48:08.0187 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 07:48:08.0218 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 07:48:08.0296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 07:48:08.0359 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/25 07:48:08.0359 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/25 07:48:08.0359 sptd - detected Locked file (1)

2010/10/25 07:48:08.0390 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 07:48:08.0453 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 07:48:08.0500 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/25 07:48:08.0531 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 07:48:08.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 07:48:08.0656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 07:48:08.0703 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 07:48:08.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 07:48:08.0765 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 07:48:08.0781 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 07:48:08.0859 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 07:48:08.0906 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 07:48:08.0937 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 07:48:08.0953 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 07:48:08.0968 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 07:48:08.0984 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/25 07:48:09.0015 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 07:48:09.0031 Suspicious service (NoAccess): vbmac1aa

2010/10/25 07:48:09.0062 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 07:48:09.0062 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 07:48:09.0062 vbmac1aa - detected Locked service (1)

2010/10/25 07:48:09.0078 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/25 07:48:09.0125 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 07:48:09.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 07:48:09.0250 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 07:48:09.0312 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/25 07:48:09.0500 ================================================================================

2010/10/25 07:48:09.0500 Scan finished

2010/10/25 07:48:09.0500 ================================================================================

2010/10/25 07:48:09.0515 Detected object count: 3

2010/10/25 07:48:22.0234 Forged file(rdpdr) - User select action: Skip

2010/10/25 07:48:22.0234 Locked file(sptd) - User select action: Skip

2010/10/25 07:48:22.0250 Locked service(vbmac1aa) - User select action: Skip

2010/10/25 07:49:05.0734 ================================================================================

2010/10/25 07:49:05.0734 Scan started

2010/10/25 07:49:05.0734 Mode: Manual;

2010/10/25 07:49:05.0734 ================================================================================

2010/10/25 07:49:06.0703 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 07:49:06.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 07:49:06.0781 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/25 07:49:06.0828 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/25 07:49:06.0953 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/25 07:49:07.0000 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/25 07:49:07.0031 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/25 07:49:07.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 07:49:07.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 07:49:07.0265 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/25 07:49:07.0312 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 07:49:07.0359 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 07:49:07.0406 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 07:49:07.0468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 07:49:07.0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 07:49:07.0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 07:49:07.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 07:49:07.0671 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 07:49:07.0718 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 07:49:07.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 07:49:07.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 07:49:07.0781 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 07:49:07.0812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 07:49:07.0859 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 07:49:07.0875 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 07:49:07.0890 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 07:49:07.0921 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 07:49:07.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/25 07:49:07.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 07:49:07.0968 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 07:49:08.0093 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/25 07:49:08.0109 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 07:49:08.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 07:49:08.0140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 07:49:08.0187 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 07:49:08.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 07:49:08.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 07:49:08.0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 07:49:08.0468 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 07:49:08.0531 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/25 07:49:08.0546 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 07:49:08.0578 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 07:49:08.0593 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 07:49:08.0625 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 07:49:08.0656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 07:49:08.0687 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 07:49:08.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 07:49:08.0734 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 07:49:08.0750 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 07:49:08.0781 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 07:49:08.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 07:49:08.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 07:49:08.0937 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/25 07:49:08.0968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 07:49:09.0015 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 07:49:09.0031 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 07:49:09.0078 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/25 07:49:09.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 07:49:09.0156 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 07:49:09.0187 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 07:49:09.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 07:49:09.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 07:49:09.0250 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 07:49:09.0265 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 07:49:09.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 07:49:09.0343 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 07:49:09.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 07:49:09.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 07:49:09.0406 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 07:49:09.0421 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 07:49:09.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 07:49:09.0468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 07:49:09.0500 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/25 07:49:09.0531 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/25 07:49:09.0578 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/25 07:49:09.0593 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 07:49:09.0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 07:49:09.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/25 07:49:09.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 07:49:09.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 07:49:09.0734 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/25 07:49:09.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 07:49:09.0781 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 07:49:09.0812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 07:49:09.0828 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 07:49:09.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 07:49:09.0890 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 07:49:09.0921 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 07:49:10.0062 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 07:49:10.0078 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/25 07:49:10.0093 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 07:49:10.0109 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 07:49:10.0140 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/25 07:49:10.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 07:49:10.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 07:49:10.0265 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 07:49:10.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 07:49:10.0343 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/25 07:49:10.0359 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 07:49:10.0359 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 07:49:10.0390 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 07:49:10.0390 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 07:49:10.0390 rdpdr - detected Forged file (1)

2010/10/25 07:49:10.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 07:49:10.0453 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 07:49:10.0531 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/25 07:49:10.0562 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 07:49:10.0625 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 07:49:10.0640 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 07:49:10.0671 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 07:49:10.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 07:49:10.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 07:49:10.0828 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/25 07:49:10.0828 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/25 07:49:10.0828 sptd - detected Locked file (1)

2010/10/25 07:49:10.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 07:49:10.0906 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 07:49:10.0937 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/25 07:49:10.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 07:49:10.0984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 07:49:11.0093 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 07:49:11.0125 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 07:49:11.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 07:49:11.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 07:49:11.0203 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 07:49:11.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 07:49:11.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 07:49:11.0343 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 07:49:11.0359 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 07:49:11.0375 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 07:49:11.0390 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/25 07:49:11.0406 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 07:49:11.0421 Suspicious service (NoAccess): vbmac1aa

2010/10/25 07:49:11.0453 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 07:49:11.0453 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 07:49:11.0468 vbmac1aa - detected Locked service (1)

2010/10/25 07:49:11.0468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/25 07:49:11.0515 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 07:49:11.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 07:49:11.0578 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 07:49:11.0656 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/25 07:49:11.0796 ================================================================================

2010/10/25 07:49:11.0796 Scan finished

2010/10/25 07:49:11.0796 ================================================================================

2010/10/25 07:49:11.0812 Detected object count: 3

2010/10/25 07:50:05.0000 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 07:50:05.0015 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 07:50:05.0015 E:\WINDOWS\system32\DRIVERS\rdpdr.sys - quarantined

2010/10/25 07:50:05.0015 Forged file(rdpdr) - User select action: Quarantine

2010/10/25 07:50:05.0015 Locked file(sptd) - User select action: Skip

2010/10/25 07:50:05.0046 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 07:50:05.0046 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 07:50:05.0046 E:\WINDOWS\system32\drivers\vbmac1aa.sys - quarantined

2010/10/25 07:50:05.0046 Locked service(vbmac1aa) - User select action: Quarantine

2010/10/25 07:52:02.0484 ================================================================================

2010/10/25 07:52:02.0484 Scan started

2010/10/25 07:52:02.0484 Mode: Manual;

2010/10/25 07:52:02.0484 ================================================================================

2010/10/25 07:52:02.0875 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 07:52:02.0906 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 07:52:02.0968 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/25 07:52:03.0031 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/25 07:52:03.0218 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/25 07:52:03.0250 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/25 07:52:03.0296 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/25 07:52:03.0390 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 07:52:03.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 07:52:03.0515 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/25 07:52:03.0578 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 07:52:03.0609 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 07:52:03.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 07:52:03.0703 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 07:52:03.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 07:52:03.0750 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 07:52:03.0765 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 07:52:03.0921 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 07:52:03.0968 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 07:52:03.0984 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 07:52:04.0000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 07:52:04.0031 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 07:52:04.0062 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 07:52:04.0109 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 07:52:04.0140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 07:52:04.0156 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 07:52:04.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 07:52:04.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/25 07:52:04.0203 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 07:52:04.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 07:52:04.0343 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/25 07:52:04.0375 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 07:52:04.0390 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 07:52:04.0406 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 07:52:04.0468 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 07:52:04.0515 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 07:52:04.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 07:52:04.0609 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 07:52:05.0015 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 07:52:05.0078 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/25 07:52:05.0109 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 07:52:05.0125 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 07:52:05.0140 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 07:52:05.0171 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 07:52:05.0187 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 07:52:05.0203 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 07:52:05.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 07:52:05.0250 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 07:52:05.0265 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 07:52:05.0296 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 07:52:05.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 07:52:05.0375 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 07:52:05.0421 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/25 07:52:05.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 07:52:05.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 07:52:05.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 07:52:05.0531 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/25 07:52:05.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 07:52:05.0593 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 07:52:05.0625 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 07:52:05.0656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 07:52:05.0671 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 07:52:05.0687 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 07:52:05.0703 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 07:52:05.0718 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 07:52:05.0765 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 07:52:05.0781 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 07:52:05.0812 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 07:52:05.0828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 07:52:05.0843 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 07:52:05.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 07:52:05.0890 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 07:52:05.0921 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/25 07:52:05.0953 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/25 07:52:05.0984 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/25 07:52:06.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 07:52:06.0031 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 07:52:06.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/25 07:52:06.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 07:52:06.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 07:52:06.0125 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/25 07:52:06.0156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 07:52:06.0171 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 07:52:06.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 07:52:06.0218 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 07:52:06.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 07:52:06.0281 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 07:52:06.0328 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 07:52:06.0515 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 07:52:06.0531 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/25 07:52:06.0546 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 07:52:06.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 07:52:06.0593 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/25 07:52:06.0671 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 07:52:06.0687 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 07:52:06.0703 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 07:52:06.0734 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 07:52:06.0734 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/25 07:52:06.0750 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 07:52:06.0765 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 07:52:06.0796 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 07:52:06.0796 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 07:52:06.0796 rdpdr - detected Forged file (1)

2010/10/25 07:52:06.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 07:52:06.0875 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 07:52:06.0968 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/25 07:52:07.0015 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 07:52:07.0062 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 07:52:07.0078 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 07:52:07.0125 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 07:52:07.0140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 07:52:07.0203 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 07:52:07.0265 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/25 07:52:07.0265 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/25 07:52:07.0265 sptd - detected Locked file (1)

2010/10/25 07:52:07.0296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 07:52:07.0359 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 07:52:07.0390 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/25 07:52:07.0421 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 07:52:07.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 07:52:07.0531 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 07:52:07.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 07:52:07.0609 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 07:52:07.0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 07:52:07.0671 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 07:52:07.0718 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 07:52:07.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 07:52:07.0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 07:52:07.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 07:52:07.0828 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 07:52:07.0843 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/25 07:52:07.0875 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 07:52:07.0875 Suspicious service (NoAccess): vbmac1aa

2010/10/25 07:52:07.0906 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 07:52:07.0906 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 07:52:07.0906 vbmac1aa - detected Locked service (1)

2010/10/25 07:52:07.0921 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/25 07:52:07.0953 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 07:52:07.0984 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 07:52:08.0015 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 07:52:08.0078 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/25 07:52:08.0218 ================================================================================

2010/10/25 07:52:08.0218 Scan finished

2010/10/25 07:52:08.0218 ================================================================================

2010/10/25 07:52:08.0234 Detected object count: 3

2010/10/25 07:52:28.0343 Forged file(rdpdr) - User select action: Skip

2010/10/25 07:52:28.0343 Locked file(sptd) - User select action: Skip

2010/10/25 07:52:28.0343 Locked service(vbmac1aa) - User select action: Skip

OK, we found the culprits;

Run TDSSKiller again but this time...

Choose Cure for this one if listed

2010/10/24 19:55:21.0671 Forged file(rdpdr) - <-----Cure this one if listed

2010/10/24 19:55:21.0687 Locked service(vbmac1aa) - <----delete/quarantine this one

Post the log, then run TDSSKiller again and post that log, MrC

Link to post
Share on other sites

Those two files seem to be replicating or restoring themselves after I reboot.

2010/10/25 19:13:22.0937 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/25 19:13:22.0937 ================================================================================

2010/10/25 19:13:22.0937 SystemInfo:

2010/10/25 19:13:22.0937

2010/10/25 19:13:22.0937 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/25 19:13:22.0937 Product type: Workstation

2010/10/25 19:13:22.0937 ComputerName: PETE

2010/10/25 19:13:22.0937 UserName: PT

2010/10/25 19:13:22.0937 Windows directory: E:\WINDOWS

2010/10/25 19:13:22.0937 System windows directory: E:\WINDOWS

2010/10/25 19:13:22.0937 Processor architecture: Intel x86

2010/10/25 19:13:22.0937 Number of processors: 2

2010/10/25 19:13:22.0937 Page size: 0x1000

2010/10/25 19:13:22.0937 Boot type: Normal boot

2010/10/25 19:13:22.0937 ================================================================================

2010/10/25 19:13:23.0546 Initialize success

2010/10/25 19:13:39.0687 ================================================================================

2010/10/25 19:13:39.0687 Scan started

2010/10/25 19:13:39.0687 Mode: Manual;

2010/10/25 19:13:39.0687 ================================================================================

2010/10/25 19:13:40.0171 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 19:13:40.0218 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 19:13:40.0281 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/25 19:13:40.0328 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/25 19:13:40.0515 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/25 19:13:40.0593 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/25 19:13:40.0656 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/25 19:13:40.0781 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 19:13:40.0796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 19:13:40.0906 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/25 19:13:40.0968 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 19:13:41.0015 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 19:13:41.0046 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 19:13:41.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 19:13:41.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 19:13:41.0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 19:13:41.0187 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 19:13:41.0312 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 19:13:41.0359 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 19:13:41.0375 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 19:13:41.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 19:13:41.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 19:13:41.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 19:13:41.0500 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 19:13:41.0515 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 19:13:41.0531 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 19:13:41.0546 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 19:13:41.0578 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/25 19:13:41.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 19:13:41.0609 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 19:13:41.0718 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/25 19:13:42.0250 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 19:13:42.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 19:13:42.0296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 19:13:42.0343 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 19:13:42.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 19:13:42.0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 19:13:42.0515 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 19:13:42.0656 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 19:13:42.0750 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/25 19:13:42.0781 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 19:13:42.0796 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 19:13:42.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 19:13:42.0859 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 19:13:42.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 19:13:42.0921 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 19:13:42.0953 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 19:13:42.0968 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 19:13:43.0000 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 19:13:43.0015 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 19:13:43.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 19:13:43.0125 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 19:13:43.0187 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/25 19:13:43.0218 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 19:13:43.0250 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 19:13:43.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 19:13:43.0312 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/25 19:13:43.0359 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 19:13:43.0390 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 19:13:43.0437 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 19:13:43.0468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 19:13:43.0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 19:13:43.0515 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 19:13:43.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 19:13:43.0562 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 19:13:43.0671 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 19:13:43.0687 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 19:13:43.0718 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 19:13:43.0734 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 19:13:43.0750 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 19:13:43.0781 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 19:13:43.0812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 19:13:43.0875 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/25 19:13:43.0906 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/25 19:13:43.0968 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/25 19:13:43.0984 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 19:13:44.0015 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 19:13:44.0078 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/25 19:13:44.0125 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 19:13:44.0140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 19:13:44.0156 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/25 19:13:44.0203 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 19:13:44.0218 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 19:13:44.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 19:13:44.0265 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 19:13:44.0296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 19:13:44.0328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 19:13:44.0359 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 19:13:44.0515 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 19:13:44.0531 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/25 19:13:44.0578 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 19:13:44.0609 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 19:13:44.0640 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/25 19:13:44.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 19:13:44.0750 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 19:13:44.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 19:13:44.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 19:13:44.0812 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/25 19:13:44.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 19:13:44.0843 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 19:13:44.0875 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 19:13:44.0875 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 19:13:44.0906 rdpdr - detected Forged file (1)

2010/10/25 19:13:44.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 19:13:44.0968 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 19:13:45.0093 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/25 19:13:45.0187 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 19:13:45.0250 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 19:13:45.0265 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 19:13:45.0281 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 19:13:45.0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 19:13:45.0390 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 19:13:45.0468 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/25 19:13:45.0468 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/25 19:13:45.0468 sptd - detected Locked file (1)

2010/10/25 19:13:45.0500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 19:13:45.0578 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 19:13:45.0609 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/25 19:13:45.0640 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 19:13:45.0671 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 19:13:45.0765 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 19:13:45.0812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 19:13:45.0843 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 19:13:45.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 19:13:45.0890 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 19:13:45.0953 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 19:13:46.0015 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 19:13:46.0046 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 19:13:46.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 19:13:46.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 19:13:46.0109 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/25 19:13:46.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 19:13:46.0156 Suspicious service (NoAccess): vbmac1aa

2010/10/25 19:13:46.0171 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 19:13:46.0171 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 19:13:46.0171 vbmac1aa - detected Locked service (1)

2010/10/25 19:13:46.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/25 19:13:46.0218 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 19:13:46.0250 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 19:13:46.0281 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 19:13:46.0359 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/25 19:13:46.0531 ================================================================================

2010/10/25 19:13:46.0531 Scan finished

2010/10/25 19:13:46.0531 ================================================================================

2010/10/25 19:13:46.0546 Detected object count: 3

2010/10/25 19:14:11.0671 HKLM\SYSTEM\ControlSet001\services\rdpdr - will be deleted after reboot

2010/10/25 19:14:11.0687 HKLM\SYSTEM\ControlSet003\services\rdpdr - will be deleted after reboot

2010/10/25 19:14:11.0687 E:\WINDOWS\system32\DRIVERS\rdpdr.sys - will be deleted after reboot

2010/10/25 19:14:11.0687 Forged file(rdpdr) - User select action: Delete

2010/10/25 19:14:11.0703 Locked file(sptd) - User select action: Skip

2010/10/25 19:14:11.0703 HKLM\SYSTEM\ControlSet001\services\vbmac1aa - will be deleted after reboot

2010/10/25 19:14:11.0718 HKLM\SYSTEM\ControlSet003\services\vbmac1aa - will be deleted after reboot

2010/10/25 19:14:11.0718 E:\WINDOWS\system32\drivers\vbmac1aa.sys - will be deleted after reboot

2010/10/25 19:14:11.0718 Locked service(vbmac1aa) - User select action: Delete

Link to post
Share on other sites

here's the followup report after the second reboot:

2010/10/25 19:21:07.0218 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/25 19:21:07.0218 ================================================================================

2010/10/25 19:21:07.0218 SystemInfo:

2010/10/25 19:21:07.0218

2010/10/25 19:21:07.0218 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/25 19:21:07.0218 Product type: Workstation

2010/10/25 19:21:07.0218 ComputerName: PETE

2010/10/25 19:21:07.0218 UserName: PT

2010/10/25 19:21:07.0218 Windows directory: E:\WINDOWS

2010/10/25 19:21:07.0218 System windows directory: E:\WINDOWS

2010/10/25 19:21:07.0218 Processor architecture: Intel x86

2010/10/25 19:21:07.0218 Number of processors: 2

2010/10/25 19:21:07.0218 Page size: 0x1000

2010/10/25 19:21:07.0218 Boot type: Normal boot

2010/10/25 19:21:07.0218 ================================================================================

2010/10/25 19:21:07.0796 Initialize success

2010/10/25 19:21:08.0875 ================================================================================

2010/10/25 19:21:08.0875 Scan started

2010/10/25 19:21:08.0875 Mode: Manual;

2010/10/25 19:21:08.0875 ================================================================================

2010/10/25 19:21:09.0906 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 19:21:09.0968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 19:21:10.0046 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/25 19:21:10.0109 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/25 19:21:10.0281 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/25 19:21:10.0328 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/25 19:21:10.0375 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/25 19:21:10.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 19:21:10.0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 19:21:10.0625 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/25 19:21:10.0687 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 19:21:10.0734 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 19:21:10.0781 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 19:21:10.0828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 19:21:10.0859 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 19:21:10.0875 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 19:21:10.0890 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 19:21:11.0031 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 19:21:11.0078 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 19:21:11.0109 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 19:21:11.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 19:21:11.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 19:21:11.0187 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 19:21:11.0234 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 19:21:11.0265 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 19:21:11.0281 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 19:21:11.0312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 19:21:11.0343 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/25 19:21:11.0359 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 19:21:11.0375 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 19:21:11.0468 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/25 19:21:12.0015 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 19:21:12.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 19:21:12.0093 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 19:21:12.0156 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 19:21:12.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 19:21:12.0312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 19:21:12.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 19:21:12.0500 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 19:21:12.0578 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/25 19:21:12.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 19:21:12.0640 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 19:21:12.0671 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 19:21:12.0703 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 19:21:12.0734 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 19:21:12.0765 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 19:21:12.0781 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 19:21:12.0796 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 19:21:12.0828 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 19:21:12.0843 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 19:21:12.0921 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 19:21:12.0953 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 19:21:13.0000 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/25 19:21:13.0031 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 19:21:13.0093 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 19:21:13.0109 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 19:21:13.0125 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/25 19:21:13.0171 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 19:21:13.0187 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 19:21:13.0218 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 19:21:13.0265 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 19:21:13.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 19:21:13.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 19:21:13.0343 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 19:21:13.0359 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 19:21:13.0437 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 19:21:13.0468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 19:21:13.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 19:21:13.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 19:21:13.0515 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 19:21:13.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 19:21:13.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 19:21:13.0609 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/25 19:21:13.0640 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/25 19:21:13.0687 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/25 19:21:13.0703 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 19:21:13.0734 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 19:21:13.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/25 19:21:13.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 19:21:13.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 19:21:13.0875 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/25 19:21:13.0921 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 19:21:13.0921 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 19:21:13.0953 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 19:21:13.0968 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 19:21:14.0000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 19:21:14.0031 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 19:21:14.0062 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 19:21:14.0218 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 19:21:14.0234 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/25 19:21:14.0265 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 19:21:14.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 19:21:14.0312 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/25 19:21:14.0406 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 19:21:14.0421 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 19:21:14.0453 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 19:21:14.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 19:21:14.0515 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/25 19:21:14.0531 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 19:21:14.0546 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 19:21:14.0562 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 19:21:14.0562 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 19:21:14.0578 rdpdr - detected Forged file (1)

2010/10/25 19:21:14.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 19:21:14.0640 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 19:21:14.0765 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/25 19:21:14.0828 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 19:21:14.0890 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 19:21:14.0921 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 19:21:14.0937 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 19:21:14.0968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 19:21:15.0046 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 19:21:15.0093 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/25 19:21:15.0093 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/25 19:21:15.0109 sptd - detected Locked file (1)

2010/10/25 19:21:15.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 19:21:15.0203 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 19:21:15.0234 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/25 19:21:15.0250 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 19:21:15.0281 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 19:21:15.0390 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 19:21:15.0437 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 19:21:15.0468 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 19:21:15.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 19:21:15.0531 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 19:21:15.0593 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 19:21:15.0640 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 19:21:15.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 19:21:15.0687 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 19:21:15.0718 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 19:21:15.0734 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/25 19:21:15.0750 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 19:21:15.0765 Suspicious service (NoAccess): vbmac1aa

2010/10/25 19:21:15.0796 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 19:21:15.0796 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 19:21:15.0812 vbmac1aa - detected Locked service (1)

2010/10/25 19:21:15.0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/25 19:21:15.0859 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 19:21:15.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 19:21:15.0937 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 19:21:16.0000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/25 19:21:16.0187 ================================================================================

2010/10/25 19:21:16.0187 Scan finished

2010/10/25 19:21:16.0187 ================================================================================

2010/10/25 19:21:16.0203 Detected object count: 3

2010/10/25 19:21:24.0000 Forged file(rdpdr) - User select action: Skip

2010/10/25 19:21:24.0015 Locked file(sptd) - User select action: Skip

2010/10/25 19:21:24.0015 Locked service(vbmac1aa) - User select action: Skip

Link to post
Share on other sites

Please try these:

Delete your copy of TDSSKiller

Download a fresh copy of TDSSKiller to your desktop

Go to Start > Run > copy and paste this in and hit OK

"%userprofile%\desktop\TDSSKiller.exe" -dcsvc vbmac1aa

TDSSKiller will run and hopefully delete that service

A report will pop-up with the results

-----------------------

Another way to do it is:

Go to Start > Run > type CMD > click OK

Copy and paste this in and hit Enter

"%userprofile%\desktop\TDSSKiller.exe" -dcsvc vbmac1aa

A report will pop-up with the results.

Let me know, MrC

Link to post
Share on other sites

TDSSKiller deleted the file and prompted for restart. Ran another scan, I now have 5 detected objects instead of 3.

In case I may have neglected to mention this, AntiVirus 2010 starts up with windows. I get a Windows Security Alert that I ignore so I don't see the program 'launch and scan'.

2010/10/25 20:51:34.0250 TDSS rootkit removing tool 2.4.5.0 Oct 25 2010 09:49:04

2010/10/25 20:51:34.0250 ================================================================================

2010/10/25 20:51:34.0250 SystemInfo:

2010/10/25 20:51:34.0250

2010/10/25 20:51:34.0250 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/25 20:51:34.0250 Product type: Workstation

2010/10/25 20:51:34.0250 ComputerName: PETE

2010/10/25 20:51:34.0250 UserName: PT

2010/10/25 20:51:34.0250 Windows directory: E:\WINDOWS

2010/10/25 20:51:34.0250 System windows directory: E:\WINDOWS

2010/10/25 20:51:34.0250 Processor architecture: Intel x86

2010/10/25 20:51:34.0250 Number of processors: 2

2010/10/25 20:51:34.0250 Page size: 0x1000

2010/10/25 20:51:34.0250 Boot type: Normal boot

2010/10/25 20:51:34.0250 ================================================================================

2010/10/25 20:51:34.0828 Initialize success

2010/10/25 20:51:35.0921 ================================================================================

2010/10/25 20:51:35.0921 Scan started

2010/10/25 20:51:35.0921 Mode: Manual;

2010/10/25 20:51:35.0921 ================================================================================

2010/10/25 20:51:37.0484 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 20:51:40.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 20:51:41.0093 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/25 20:51:41.0265 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/25 20:51:41.0406 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/25 20:51:41.0562 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/25 20:51:41.0593 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/25 20:51:41.0750 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 20:51:41.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 20:51:42.0125 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/25 20:51:42.0343 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 20:51:42.0484 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 20:51:42.0640 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 20:51:42.0828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 20:51:43.0031 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 20:51:43.0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 20:51:43.0375 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 20:51:43.0578 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 20:51:43.0703 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 20:51:43.0875 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 20:51:44.0000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 20:51:44.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 20:51:44.0296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 20:51:44.0453 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 20:51:44.0578 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 20:51:44.0703 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 20:51:44.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 20:51:44.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/25 20:51:45.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 20:51:45.0125 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 20:51:45.0328 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/25 20:51:46.0046 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 20:51:46.0078 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 20:51:46.0234 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 20:51:49.0203 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 20:51:49.0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 20:51:49.0609 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 20:51:49.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 20:51:50.0031 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 20:51:50.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/25 20:51:50.0375 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 20:51:50.0531 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 20:51:50.0781 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 20:51:50.0906 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 20:51:51.0046 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 20:51:51.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 20:51:51.0265 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 20:51:51.0375 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 20:51:51.0500 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 20:51:51.0609 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 20:51:51.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 20:51:51.0812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 20:51:51.0953 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/25 20:51:52.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 20:51:52.0203 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 20:51:52.0296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 20:51:52.0406 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/25 20:51:52.0453 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 20:51:52.0593 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 20:51:52.0656 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 20:51:52.0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 20:51:52.0921 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 20:51:53.0062 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 20:51:53.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 20:51:53.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 20:51:53.0468 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 20:51:53.0609 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 20:51:53.0703 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 20:51:53.0781 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 20:51:53.0859 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 20:51:53.0984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 20:51:54.0109 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 20:51:54.0250 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/25 20:51:54.0390 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/25 20:51:54.0546 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/25 20:51:54.0546 NPF - detected Unsigned file (1)

2010/10/25 20:51:54.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 20:51:54.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 20:51:54.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/25 20:51:55.0015 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 20:51:55.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 20:51:55.0265 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/25 20:51:55.0406 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 20:51:55.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 20:51:55.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 20:51:55.0671 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 20:51:55.0781 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 20:51:55.0890 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 20:51:55.0984 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 20:51:56.0125 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 20:51:56.0203 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/25 20:51:56.0328 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 20:51:56.0437 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 20:51:56.0546 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/25 20:51:56.0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 20:51:56.0750 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 20:51:56.0859 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 20:51:56.0968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 20:51:57.0109 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/25 20:51:57.0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 20:51:57.0250 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 20:51:57.0375 rdpdr (b9e93d80703b2247f0ee68e28cddb817) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 20:51:57.0375 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\rdpdr.sys. Real md5: b9e93d80703b2247f0ee68e28cddb817, Fake md5: 15cabd0f7c00c47c70124907916af3f1

2010/10/25 20:51:57.0390 rdpdr - detected Forged file (1)

2010/10/25 20:51:57.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 20:51:57.0531 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 20:51:57.0750 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/25 20:51:57.0906 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 20:51:57.0984 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 20:51:58.0062 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 20:51:58.0187 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 20:51:58.0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 20:51:58.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 20:51:58.0671 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/25 20:51:58.0671 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/25 20:51:58.0671 sptd - detected Locked file (1)

2010/10/25 20:51:58.0703 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 20:51:58.0828 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 20:51:58.0906 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/25 20:51:58.0937 StarOpen - detected Unsigned file (1)

2010/10/25 20:51:58.0968 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 20:51:59.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 20:51:59.0281 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 20:51:59.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 20:51:59.0484 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 20:51:59.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 20:51:59.0734 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 20:51:59.0906 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 20:52:00.0515 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 20:52:00.0656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 20:52:00.0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 20:52:01.0000 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 20:52:01.0125 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/25 20:52:01.0265 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 20:52:01.0375 Suspicious service (NoAccess): vbmac1aa

2010/10/25 20:52:01.0406 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/25 20:52:01.0406 Suspicious file (NoAccess): E:\WINDOWS\system32\drivers\vbmac1aa.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 20:52:01.0406 vbmac1aa - detected Locked service (1)

2010/10/25 20:52:01.0437 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/25 20:52:01.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 20:52:01.0687 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 20:52:01.0828 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 20:52:02.0000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/25 20:52:02.0250 ================================================================================

2010/10/25 20:52:02.0250 Scan finished

2010/10/25 20:52:02.0250 ================================================================================

2010/10/25 20:52:02.0359 Detected object count: 5

2010/10/25 20:52:16.0031 Unsigned file(NPF) - User select action: Skip

2010/10/25 20:52:16.0031 Forged file(rdpdr) - User select action: Skip

2010/10/25 20:52:16.0046 Locked file(sptd) - User select action: Skip

2010/10/25 20:52:16.0046 Unsigned file(StarOpen) - User select action: Skip

2010/10/25 20:52:16.0046 Locked service(vbmac1aa) - User select action: Skip

Link to post
Share on other sites

You have the same malware as before, the rest don't worry about.

Do you have the recovery console installed on the computer?

The link below explains how to do it:

http://support.microsoft.com/kb/307654

If you can't do that, then burn the disk as outlined in the link below: (just make the disk...don't run/use it yet)

http://forums.malwarebytes.org/index.php?s...st&p=318358

Let me know when you have one of those done.

Gone for tonight....be back tomorrow am, MrC

Link to post
Share on other sites

In case I may have neglected to mention this, AntiVirus 2010 starts up with windows. I get a Windows Security Alert that I ignore so I don't see the program 'launch and scan'.

So you understand what's going on here.

These are the two drivers responsible for the fake anti-virus on your system, until we stop them the fake anti-virus will be on your system.

2010/10/25 20:52:16.0031 Forged file(rdpdr)

E:\WINDOWS\system32\DRIVERS\rdpdr.sys <---this is a legitimate windows file name but actually it's malware

2010/10/25 20:52:16.0046 Locked service(vbmac1aa)

E:\WINDOWS\system32\drivers\vbmac1aa.sys <----malware

MrC

Link to post
Share on other sites

Before we use the recovery console, see if you can run MBAM.

The link below explains how to rename it:

http://forums.malwarebytes.org/index.php?s...st&p=274963

The link below has the latest rules/definitions:

http://data.mbamupdates.com/tools/mbam-rules.exe

The link below is a randomly named copy of mbam.exe

Sometimes the malware deletes mbam.exe, if this is the case, just copy and paste mbam-download-standalone-random.php into the Malwarebytes folder.

You can also try deleting (leave it in your recycle bin) mbam.exe and then replacing it with mbam-download-standalone-random.php

Now see if it runs.

http://www.malwarebytes.org/mbam-download-...lone-random.php

Let me know, MrC

Link to post
Share on other sites

Here is what I did:

I uninstalled MBAM under control panel Add/Remove Programs.

The updater launched automatically

I checked the updater again and it read I am up to date.

I selected run full scan, then then MBAM closed on me. Now I'm getting the same error.

I deleted mbam.exe, downloaded mbam-download-standalone-random.php.

I moved the file onto my mbam folder, mbam closed again.

It appears I don't have recovery console on my computer, I'll go get it now and let you know when I'm ready.

Link to post
Share on other sites

Now......

Boot the computer up using it and see if you can get to the recovery console.

In order to do so, the computer must be set to boot from the CD first. For information on how to do that....click HERE.

Press the R button on your keyboard to start the Recovery Console.

You'll be asked which Windows installation to log onto. Type 1 and press enter

Enter your administrator password and press enter (if none is set, just press enter).

You'll end up at the C:\Windows prompt, type:

disable vbmac1aa

and hit enter

type:

disable rdpdr

and hit enter

Hopefully you get a conformation they where disabled, don't exit the recovery console yet!

-------------------

Now do this:

type this:

delete E:\WINDOWS\system32\drivers\vbmac1aa.sys

and hit enter

type this:

delete E:\WINDOWS\system32\DRIVERS\rdpdr.sys

hit enter

-----------------

Hopefully they where deleted.

Type exit and press enter to get back to Windows

Let me know, MrC

Link to post
Share on other sites

Type this and hit enter:

ATTRIB -R -A -S -H E:\WINDOWS\system32\drivers\vbmac1aa.sys

type this and hit enter

delete E:\WINDOWS\system32\drivers\vbmac1aa.sys

-----------------------------------

Type this and hit enter:

ATTRIB -R -A -S -H E:\WINDOWS\system32\DRIVERS\rdpdr.sys

type this and hit enter:

delete E:\WINDOWS\system32\DRIVERS\rdpdr.sys

See what happens.

------------------------------------------------

If those suggestions don't work, please try this:

Run Sophos Anti-Rootkit as outlined in the post below:

http://maddoktor2.com/forums/index.php/topic,37549.0.html

If any of these are found, please clean/delete them:

C:\Windows\system32\drivers\vbmac1aa.sys <--file

vbmac1aa <--service/driver

E:\WINDOWS\system32\DRIVERS\rdpdr.sys <---file

rdpdr <--service

---------------------

I have to leave the forum now, will be back later, MrC

Link to post
Share on other sites

I tried ATTRIB -R -A -S -H E:\WINDOWS\system32\drivers\vbmac1aa.sys and ATTRIB -R -A -S -H E:\WINDOWS\system32\DRIVERS\rdpdr.sys

and neither of those commands worked.

I tried attrib -r; attrib -a and so forth, access denied.

After running Sophos Anti-Rootkit, 39 objects were found but neither of the two trouble files showed up. Out of curiosity I looked through my system32\drivers folder and found the two files. I did not touch them.

Link to post
Share on other sites

Delete them if possible.

A good program to use to find them is Autoruns, they'll be listed under drivers.

http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

Uncheck them and then right click on the driver and choose delete

Double clicking on the driver will bring it in up the registry

Right click on the driver and choose delete.

Let me know, MrC

Link to post
Share on other sites

I manually deleted both of them and restarted. I ran a scan with Autoruns, neither are found.

I ran a scan with TDSSKiller, vbmac1aa.sys shows up but rdpdr.sys does not. Here is the TDSS log:

2010/10/26 13:34:35.0031 TDSS rootkit removing tool 2.4.5.0 Oct 25 2010 09:49:04

2010/10/26 13:34:35.0031 ================================================================================

2010/10/26 13:34:35.0031 SystemInfo:

2010/10/26 13:34:35.0031

2010/10/26 13:34:35.0031 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/26 13:34:35.0031 Product type: Workstation

2010/10/26 13:34:35.0031 ComputerName: PETE

2010/10/26 13:34:35.0046 UserName: PT

2010/10/26 13:34:35.0046 Windows directory: E:\WINDOWS

2010/10/26 13:34:35.0046 System windows directory: E:\WINDOWS

2010/10/26 13:34:35.0046 Processor architecture: Intel x86

2010/10/26 13:34:35.0046 Number of processors: 2

2010/10/26 13:34:35.0046 Page size: 0x1000

2010/10/26 13:34:35.0046 Boot type: Normal boot

2010/10/26 13:34:35.0046 ================================================================================

2010/10/26 13:34:35.0718 Initialize success

2010/10/26 13:34:39.0093 ================================================================================

2010/10/26 13:34:39.0093 Scan started

2010/10/26 13:34:39.0093 Mode: Manual;

2010/10/26 13:34:39.0093 ================================================================================

2010/10/26 13:34:42.0718 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/26 13:34:42.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/26 13:34:43.0093 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/10/26 13:34:43.0296 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/10/26 13:34:43.0562 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/10/26 13:34:43.0640 AmdPPM (033448d435e65c4bd72e70521fd05c76) E:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2010/10/26 13:34:43.0718 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/26 13:34:43.0859 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/26 13:34:43.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/26 13:34:44.0078 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/26 13:34:44.0187 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/26 13:34:44.0234 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/26 13:34:44.0296 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/10/26 13:34:44.0375 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/26 13:34:44.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/26 13:34:44.0453 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/26 13:34:44.0484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/26 13:34:44.0687 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/26 13:34:44.0750 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/10/26 13:34:44.0781 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/10/26 13:34:44.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/10/26 13:34:44.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/10/26 13:34:44.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/26 13:34:44.0937 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/26 13:34:44.0953 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/26 13:34:44.0968 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/10/26 13:34:44.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/26 13:34:45.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/26 13:34:45.0046 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/26 13:34:45.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/26 13:34:45.0187 gdrv (d556cb79967e92b5cc69686d16c1d846) E:\WINDOWS\gdrv.sys

2010/10/26 13:34:45.0734 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/26 13:34:45.0781 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/26 13:34:45.0812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/26 13:34:45.0875 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/26 13:34:45.0968 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/26 13:34:46.0046 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/26 13:34:46.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/26 13:34:46.0328 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/26 13:34:46.0421 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/26 13:34:46.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/26 13:34:46.0468 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/26 13:34:46.0484 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/26 13:34:46.0515 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/26 13:34:46.0531 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/26 13:34:46.0562 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/26 13:34:46.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/26 13:34:46.0609 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/26 13:34:46.0640 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/10/26 13:34:46.0656 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/26 13:34:46.0750 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/26 13:34:46.0781 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/10/26 13:34:46.0812 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/10/26 13:34:46.0859 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/26 13:34:46.0890 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/26 13:34:46.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/26 13:34:46.0937 MpFilter (c98301ad8173a2235a9ab828955c32bb) E:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/26 13:34:46.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/26 13:34:47.0000 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/26 13:34:47.0031 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/10/26 13:34:47.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/26 13:34:47.0109 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/26 13:34:47.0109 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/26 13:34:47.0140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/26 13:34:47.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/10/26 13:34:47.0265 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/10/26 13:34:47.0281 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/26 13:34:47.0312 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/26 13:34:47.0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/26 13:34:47.0343 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/26 13:34:47.0359 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/26 13:34:47.0375 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/26 13:34:47.0421 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/26 13:34:47.0453 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys

2010/10/26 13:34:47.0500 NPF (d21fee8db254ba762656878168ac1db6) E:\WINDOWS\system32\drivers\npf.sys

2010/10/26 13:34:47.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/10/26 13:34:47.0562 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/26 13:34:47.0609 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/10/26 13:34:47.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/26 13:34:47.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/26 13:34:47.0687 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/26 13:34:47.0734 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/26 13:34:47.0765 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/26 13:34:47.0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/26 13:34:47.0828 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/26 13:34:47.0875 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/26 13:34:47.0921 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/26 13:34:48.0000 PCTCore (167b2fea66dde6925766d1a81a1affc0) E:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/26 13:34:48.0296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/26 13:34:48.0328 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/26 13:34:48.0375 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/26 13:34:48.0390 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/26 13:34:48.0453 PxHelp20 (153d02480a0a2f45785522e814c634b6) E:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/26 13:34:48.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/26 13:34:48.0640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/26 13:34:48.0671 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/26 13:34:48.0687 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/26 13:34:48.0750 Razerlow (116c340acf37602d12cac6de6b8107cd) E:\WINDOWS\system32\Drivers\DB3G.sys

2010/10/26 13:34:48.0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/26 13:34:48.0906 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/26 13:34:48.0984 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/26 13:34:49.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/26 13:34:49.0125 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/26 13:34:49.0281 RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) E:\WINDOWS\system32\drivers\RtKHDMI.sys

2010/10/26 13:34:49.0343 RTLE8023xp (00fd6811350e175585abcf7d4a61dd90) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/26 13:34:49.0421 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/26 13:34:49.0468 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/26 13:34:49.0500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/26 13:34:49.0562 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/26 13:34:49.0640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/10/26 13:34:49.0687 sptd (d15da1ba189770d93eea2d7e18f95af9) E:\WINDOWS\system32\Drivers\sptd.sys

2010/10/26 13:34:49.0687 Suspicious file (NoAccess): E:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2010/10/26 13:34:49.0703 sptd - detected Locked file (1)

2010/10/26 13:34:49.0734 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/26 13:34:49.0828 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/26 13:34:49.0875 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) E:\WINDOWS\system32\drivers\StarOpen.sys

2010/10/26 13:34:49.0921 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/26 13:34:49.0953 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/10/26 13:34:50.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/26 13:34:50.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/26 13:34:50.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/26 13:34:50.0187 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/26 13:34:50.0203 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/26 13:34:50.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/10/26 13:34:50.0328 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/10/26 13:34:50.0375 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/26 13:34:50.0390 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/26 13:34:50.0406 usbhub (95bdd498e92cf8a49d1cb68b530b6a38) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/26 13:34:50.0406 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\usbhub.sys. Real md5: 95bdd498e92cf8a49d1cb68b530b6a38, Fake md5: 1ab3cdde553b6e064d2e754efe20285c

2010/10/26 13:34:50.0421 usbhub - detected Forged file (1)

2010/10/26 13:34:50.0421 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/26 13:34:50.0453 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/26 13:34:50.0468 Suspicious service (NoAccess): vbmac1aa

2010/10/26 13:34:50.0484 vbmac1aa (6e8327c9b5f76e22d712b62c982c444c) E:\WINDOWS\system32\drivers\vbmac1aa.sys

2010/10/26 13:34:50.0500 vbmac1aa - detected Locked service (1)

2010/10/26 13:34:50.0515 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/10/26 13:34:50.0546 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/26 13:34:50.0578 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/26 13:34:50.0625 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/26 13:34:50.0687 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) E:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/26 13:34:50.0828 ================================================================================

2010/10/26 13:34:50.0828 Scan finished

2010/10/26 13:34:50.0828 ================================================================================

2010/10/26 13:34:50.0843 Detected object count: 3

2010/10/26 13:35:49.0812 Locked file(sptd) - User select action: Skip

2010/10/26 13:35:49.0812 Forged file(usbhub) - User select action: Skip

2010/10/26 13:35:49.0812 Locked service(vbmac1aa) - User select action: Skip

Link to post
Share on other sites

Please do this:

Download OTL and scan.txt to your desktop.

  • Double click on the OTL icon to run it.
  • Make sure all other windows are closed.
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying Click Ok to load a custom scan from a file or Cancel to cancel
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button.
  • Do not change any settings unless otherwise told to do so.
  • The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please attach them as .txt files.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.