Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Infected with Win32/Rootkit.Agent.NSF


  • This topic is locked This topic is locked
61 replies to this topic

#1 Guest_dave17_*

Guest_dave17_*

  • Guests
  • OFFLINE
  •  

Posted 14 December 2010 - 03:36 AM

This is the from the topic: http://www.bleepingcomputer.com/forums/topic366149.html/page__pid__2054082#entry2054082

All antivirus, antimalware etc. programms are unaccessable and will not open because of this.

As boopme advised here the procedure:

gmer.exe crashes as soon as I click "scan"

Here are the DDS scan results:

Attached File  DDS.txt   29.83KB   9 downloads
Attached File  Attach.txt   28.4KB   7 downloads

BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling

Posted 16 December 2010 - 02:05 PM

Hi dave17,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.

Do you have Windows XP Install CD handy? Your system was seriously infected by a variant rootkit. We need to go to RC mode to nuke it. Please advise me in your next reply.


Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


In your next reply, please post back:

1.TDSSKiller log Thanks

#3 Guest_dave17_*

Guest_dave17_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2010 - 04:29 PM

Hi sundavis

Windows XP install CD is here.

The TDSSKiller found two suspicious files "usbhub.sys" and "vbmaf.sys" but does not do anything I can see when I click continue, shows "Infection: not found" once completed.

Here the log:

2010/12/16 21:22:10.0296 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/16 21:22:10.0296 ================================================================================
2010/12/16 21:22:10.0296 SystemInfo:
2010/12/16 21:22:10.0296
2010/12/16 21:22:10.0296 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/16 21:22:10.0296 Product type: Workstation
2010/12/16 21:22:10.0296 ComputerName: DAVID_DELL_PC
2010/12/16 21:22:10.0296 UserName: David
2010/12/16 21:22:10.0296 Windows directory: C:\WINDOWS
2010/12/16 21:22:10.0296 System windows directory: C:\WINDOWS
2010/12/16 21:22:10.0296 Processor architecture: Intel x86
2010/12/16 21:22:10.0296 Number of processors: 2
2010/12/16 21:22:10.0296 Page size: 0x1000
2010/12/16 21:22:10.0296 Boot type: Normal boot
2010/12/16 21:22:10.0296 ================================================================================
2010/12/16 21:22:11.0296 Initialize success
2010/12/16 21:22:20.0140 ================================================================================
2010/12/16 21:22:20.0140 Scan started
2010/12/16 21:22:20.0140 Mode: Manual;
2010/12/16 21:22:20.0140 ================================================================================
2010/12/16 21:22:21.0031 57373901 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\57373901.sys
2010/12/16 21:22:21.0062 57373902 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\57373902.sys
2010/12/16 21:22:21.0156 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/16 21:22:21.0203 Achernar (4848abf6d2f38c8a1f2138d4fe8f9455) C:\WINDOWS\system32\Drivers\Achernar.sys
2010/12/16 21:22:21.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/16 21:22:21.0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/16 21:22:21.0375 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/16 21:22:21.0500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/16 21:22:21.0562 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/16 21:22:21.0687 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/16 21:22:21.0734 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/16 21:22:21.0781 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/16 21:22:21.0843 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/16 21:22:21.0875 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/16 21:22:21.0921 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/16 21:22:21.0968 Aldebaran (03a26904786d78552b93bb4d64f0b72f) C:\WINDOWS\System32\Drivers\Aldebaran.sys
2010/12/16 21:22:22.0031 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/16 21:22:22.0093 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/16 21:22:22.0171 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/16 21:22:22.0265 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/16 21:22:22.0343 AR5523 (47bf3a0dc39dedcfc5e1c99a6b01506d) C:\WINDOWS\system32\DRIVERS\ar5523.sys
2010/12/16 21:22:22.0390 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/16 21:22:22.0421 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/16 21:22:22.0468 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/16 21:22:22.0625 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/16 21:22:22.0671 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/16 21:22:22.0828 ATHFMWDL (3fbf3d228fa335cbf8b9cd74fa08f680) C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
2010/12/16 21:22:22.0890 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/16 21:22:22.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/16 21:22:23.0093 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/16 21:22:23.0171 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/16 21:22:23.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/16 21:22:23.0343 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/16 21:22:23.0406 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/16 21:22:23.0453 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/16 21:22:23.0515 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/16 21:22:23.0640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/16 21:22:23.0796 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/16 21:22:23.0859 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/16 21:22:23.0984 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/16 21:22:24.0015 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/16 21:22:24.0156 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/12/16 21:22:24.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/16 21:22:24.0312 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/12/16 21:22:24.0375 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/12/16 21:22:24.0453 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/12/16 21:22:24.0515 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/12/16 21:22:24.0546 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/12/16 21:22:24.0640 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/12/16 21:22:24.0671 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/12/16 21:22:24.0765 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/12/16 21:22:24.0828 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/12/16 21:22:24.0859 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/12/16 21:22:24.0984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/16 21:22:25.0078 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/16 21:22:25.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/16 21:22:25.0187 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/16 21:22:25.0281 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/16 21:22:25.0375 DriverAS (e1f8f3249d877b41ec02c74405c74570) C:\Program Files\Active Shield 5\ActiveShield.sys
2010/12/16 21:22:25.0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/16 21:22:25.0562 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/12/16 21:22:25.0625 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/12/16 21:22:25.0734 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/16 21:22:25.0875 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/12/16 21:22:25.0937 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/16 21:22:26.0000 e1express (6de32a9123ef60f9d423e9163af0e305) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/16 21:22:26.0093 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/16 21:22:26.0250 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/16 21:22:26.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/16 21:22:26.0421 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/16 21:22:26.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/16 21:22:26.0546 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/16 21:22:26.0609 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/16 21:22:26.0703 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/16 21:22:26.0781 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/16 21:22:26.0859 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/16 21:22:27.0000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/16 21:22:27.0078 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/16 21:22:27.0203 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/16 21:22:27.0343 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/12/16 21:22:27.0453 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2010/12/16 21:22:27.0578 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/16 21:22:27.0640 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/16 21:22:27.0781 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/16 21:22:28.0046 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/16 21:22:28.0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/16 21:22:28.0937 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/16 21:22:29.0562 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/16 21:22:30.0000 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/16 21:22:30.0125 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/16 21:22:30.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/16 21:22:30.0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/16 21:22:30.0406 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/16 21:22:30.0546 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/16 21:22:30.0640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/16 21:22:30.0718 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/16 21:22:30.0765 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/16 21:22:31.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/16 21:22:31.0125 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/16 21:22:31.0250 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2010/12/16 21:22:31.0343 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2010/12/16 21:22:31.0578 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/12/16 21:22:31.0687 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/12/16 21:22:31.0765 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/12/16 21:22:31.0953 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/16 21:22:32.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/16 21:22:32.0406 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/16 21:22:32.0765 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
2010/12/16 21:22:32.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/16 21:22:32.0906 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/16 21:22:32.0953 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/16 21:22:33.0000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/16 21:22:33.0046 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/16 21:22:33.0109 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/12/16 21:22:33.0156 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/16 21:22:33.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/16 21:22:33.0296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/16 21:22:33.0375 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/16 21:22:33.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/16 21:22:33.0453 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/16 21:22:33.0500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/16 21:22:33.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/16 21:22:33.0609 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/16 21:22:33.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/16 21:22:33.0703 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/16 21:22:33.0750 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/16 21:22:33.0781 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/16 21:22:33.0984 NDISKIO (0bc1739dc0553548b7920acd8b61389d) C:\DOCUME~1\David\LOCALS~1\Temp\00001219.nmc\nse\bin\ndiskio.sys
2010/12/16 21:22:34.0109 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/16 21:22:34.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/16 21:22:34.0187 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/16 21:22:34.0218 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/16 21:22:34.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/16 21:22:34.0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/16 21:22:34.0406 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/12/16 21:22:34.0453 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/12/16 21:22:34.0500 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/12/16 21:22:34.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/16 21:22:34.0609 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/16 21:22:34.0687 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/16 21:22:34.0890 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/16 21:22:35.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/16 21:22:35.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/16 21:22:35.0156 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/12/16 21:22:35.0203 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/12/16 21:22:35.0234 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/12/16 21:22:35.0281 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/16 21:22:35.0312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/16 21:22:35.0343 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/16 21:22:35.0390 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/16 21:22:35.0437 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/16 21:22:35.0500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/16 21:22:35.0593 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/16 21:22:35.0718 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/16 21:22:35.0750 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/16 21:22:35.0843 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/16 21:22:35.0906 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/16 21:22:35.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/16 21:22:36.0015 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/16 21:22:36.0156 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/16 21:22:36.0203 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/16 21:22:36.0234 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/16 21:22:36.0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/16 21:22:36.0359 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/16 21:22:36.0515 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
2010/12/16 21:22:36.0656 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2010/12/16 21:22:36.0812 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2010/12/16 21:22:36.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/16 21:22:37.0062 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/16 21:22:37.0125 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/16 21:22:37.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/16 21:22:37.0234 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/16 21:22:37.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/16 21:22:37.0328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/16 21:22:37.0484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/16 21:22:37.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/16 21:22:37.0750 rtl8185 (de11516a1123a4fa32150f24aa749502) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
2010/12/16 21:22:37.0921 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2010/12/16 21:22:37.0968 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2010/12/16 21:22:38.0109 SaxNDIS (ac73c2ac747018bfeefeeeeaca3520b9) C:\WINDOWS\system32\drivers\saxndis.sys
2010/12/16 21:22:38.0187 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/16 21:22:38.0250 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/16 21:22:38.0312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/16 21:22:38.0406 setup_9.0.0.722_09.12.2010_12-20drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\5737390.sys
2010/12/16 21:22:38.0468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/16 21:22:38.0562 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/16 21:22:38.0609 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/16 21:22:38.0703 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/16 21:22:38.0750 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/16 21:22:38.0843 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
2010/12/16 21:22:38.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/16 21:22:39.0000 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/16 21:22:39.0078 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/16 21:22:39.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/16 21:22:39.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/16 21:22:39.0250 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/16 21:22:39.0296 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/16 21:22:39.0328 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/16 21:22:39.0359 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/16 21:22:39.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/16 21:22:39.0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/16 21:22:39.0531 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/12/16 21:22:39.0593 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/16 21:22:39.0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/16 21:22:39.0671 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/16 21:22:39.0734 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/16 21:22:39.0812 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/16 21:22:39.0890 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/12/16 21:22:39.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/16 21:22:39.0984 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/16 21:22:40.0046 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/16 21:22:40.0109 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/12/16 21:22:40.0171 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2010/12/16 21:22:40.0218 USB28xxOEM (d46933af26d7c776639be8fa3045ae4c) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2010/12/16 21:22:40.0265 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/16 21:22:40.0312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/16 21:22:40.0359 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/16 21:22:40.0421 usbhub (5ca83ac0a70d7d8d402c8ce8c0f7bf0c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/16 21:22:40.0421 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\usbhub.sys. Real md5: 5ca83ac0a70d7d8d402c8ce8c0f7bf0c, Fake md5: 1ab3cdde553b6e064d2e754efe20285c
2010/12/16 21:22:40.0437 usbhub - detected Forged file (1)
2010/12/16 21:22:40.0468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/16 21:22:40.0546 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/16 21:22:40.0609 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/12/16 21:22:40.0671 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/16 21:22:40.0734 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/16 21:22:40.0781 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/16 21:22:40.0828 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/16 21:22:40.0921 vbmaf696 (520c300389b9cf61fc33e71958eed084) C:\WINDOWS\system32\drivers\vbmaf696.sys
2010/12/16 21:22:40.0921 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmaf696.sys. md5: 520c300389b9cf61fc33e71958eed084
2010/12/16 21:22:40.0937 vbmaf696 - detected Locked file (1)
2010/12/16 21:22:40.0968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/16 21:22:41.0031 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/16 21:22:41.0078 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/16 21:22:41.0140 VideoHomeBDAU2 (ab9c390eef87367a832445bf1e16e3ee) C:\WINDOWS\system32\drivers\thpbdau2.sys
2010/12/16 21:22:41.0187 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/16 21:22:41.0265 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/16 21:22:41.0359 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/16 21:22:41.0515 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/16 21:22:41.0968 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/16 21:22:42.0062 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/16 21:22:42.0109 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/16 21:22:42.0171 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/16 21:22:42.0281 ================================================================================
2010/12/16 21:22:42.0281 Scan finished
2010/12/16 21:22:42.0281 ================================================================================
2010/12/16 21:22:42.0312 Detected object count: 2
2010/12/16 21:22:54.0453 Forged file(usbhub) - User select action: Skip
2010/12/16 21:22:54.0453 Locked file(vbmaf696) - User select action: Skip
2010/12/16 21:25:16.0406 ================================================================================
2010/12/16 21:25:16.0406 Scan started
2010/12/16 21:25:16.0406 Mode: Manual;
2010/12/16 21:25:16.0406 ================================================================================
2010/12/16 21:25:16.0734 57373901 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\57373901.sys
2010/12/16 21:25:16.0765 57373902 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\57373902.sys
2010/12/16 21:25:16.0828 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/16 21:25:16.0875 Achernar (4848abf6d2f38c8a1f2138d4fe8f9455) C:\WINDOWS\system32\Drivers\Achernar.sys
2010/12/16 21:25:16.0937 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/16 21:25:16.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/16 21:25:17.0031 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/16 21:25:17.0078 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/16 21:25:17.0125 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/16 21:25:17.0171 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/16 21:25:17.0218 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/16 21:25:17.0250 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/16 21:25:17.0296 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/16 21:25:17.0375 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/16 21:25:17.0406 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/16 21:25:17.0468 Aldebaran (03a26904786d78552b93bb4d64f0b72f) C:\WINDOWS\System32\Drivers\Aldebaran.sys
2010/12/16 21:25:17.0500 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/16 21:25:17.0546 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/16 21:25:17.0578 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/16 21:25:17.0609 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/16 21:25:17.0671 AR5523 (47bf3a0dc39dedcfc5e1c99a6b01506d) C:\WINDOWS\system32\DRIVERS\ar5523.sys
2010/12/16 21:25:17.0703 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/16 21:25:17.0750 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/16 21:25:17.0765 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/16 21:25:17.0906 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/16 21:25:17.0953 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/16 21:25:18.0015 ATHFMWDL (3fbf3d228fa335cbf8b9cd74fa08f680) C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
2010/12/16 21:25:18.0062 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/16 21:25:18.0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/16 21:25:18.0296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/16 21:25:18.0375 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/16 21:25:18.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/16 21:25:18.0484 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/16 21:25:18.0531 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/16 21:25:18.0562 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/16 21:25:18.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/16 21:25:18.0625 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/16 21:25:18.0765 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/16 21:25:18.0812 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/16 21:25:18.0843 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/16 21:25:18.0937 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/16 21:25:19.0015 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/12/16 21:25:19.0078 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/16 21:25:19.0140 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/12/16 21:25:19.0187 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/12/16 21:25:19.0250 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/12/16 21:25:19.0296 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/12/16 21:25:19.0328 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/12/16 21:25:19.0375 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/12/16 21:25:19.0406 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/12/16 21:25:19.0468 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/12/16 21:25:19.0531 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/12/16 21:25:19.0578 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/12/16 21:25:19.0687 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/16 21:25:19.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/16 21:25:19.0781 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/16 21:25:19.0828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/16 21:25:19.0921 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/16 21:25:20.0015 DriverAS (e1f8f3249d877b41ec02c74405c74570) C:\Program Files\Active Shield 5\ActiveShield.sys
2010/12/16 21:25:20.0140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/16 21:25:20.0187 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/12/16 21:25:20.0250 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/12/16 21:25:20.0343 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/16 21:25:20.0453 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/12/16 21:25:20.0515 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/16 21:25:20.0578 e1express (6de32a9123ef60f9d423e9163af0e305) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/16 21:25:20.0703 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/16 21:25:20.0875 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/16 21:25:21.0031 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/16 21:25:21.0078 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/16 21:25:21.0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/16 21:25:21.0203 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/16 21:25:21.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/16 21:25:21.0281 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/16 21:25:21.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/16 21:25:21.0437 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/16 21:25:21.0500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/16 21:25:21.0625 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/16 21:25:21.0687 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/16 21:25:21.0765 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/12/16 21:25:21.0812 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2010/12/16 21:25:21.0875 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/16 21:25:21.0906 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/16 21:25:21.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/16 21:25:22.0015 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/16 21:25:22.0093 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/16 21:25:22.0140 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/16 21:25:22.0281 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/16 21:25:22.0375 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/16 21:25:22.0421 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/16 21:25:22.0468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/16 21:25:22.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/16 21:25:22.0593 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/16 21:25:22.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/16 21:25:22.0656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/16 21:25:22.0703 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/16 21:25:22.0734 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/16 21:25:22.0765 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/16 21:25:22.0812 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/16 21:25:22.0875 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2010/12/16 21:25:22.0906 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2010/12/16 21:25:22.0953 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/12/16 21:25:23.0000 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/12/16 21:25:23.0046 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/12/16 21:25:23.0109 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/16 21:25:23.0140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/16 21:25:23.0234 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/16 21:25:23.0390 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
2010/12/16 21:25:23.0437 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/16 21:25:23.0484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/16 21:25:23.0515 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/16 21:25:23.0562 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/16 21:25:23.0609 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/16 21:25:23.0656 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/12/16 21:25:23.0703 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/16 21:25:23.0765 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/16 21:25:23.0843 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/16 21:25:23.0921 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/16 21:25:23.0953 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/16 21:25:24.0000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/16 21:25:24.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/16 21:25:24.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/16 21:25:24.0156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/16 21:25:24.0203 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/16 21:25:24.0250 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/16 21:25:24.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/16 21:25:24.0359 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/16 21:25:24.0531 NDISKIO (0bc1739dc0553548b7920acd8b61389d) C:\DOCUME~1\David\LOCALS~1\Temp\00001219.nmc\nse\bin\ndiskio.sys
2010/12/16 21:25:24.0656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/16 21:25:24.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/16 21:25:24.0734 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/16 21:25:24.0750 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/16 21:25:24.0781 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/16 21:25:24.0812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/16 21:25:24.0921 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/12/16 21:25:24.0984 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/12/16 21:25:25.0031 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/12/16 21:25:25.0078 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/16 21:25:25.0140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/16 21:25:25.0203 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/16 21:25:25.0390 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/16 21:25:25.0546 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/16 21:25:25.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/16 21:25:25.0625 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/12/16 21:25:25.0671 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/12/16 21:25:25.0703 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/12/16 21:25:25.0781 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/16 21:25:25.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/16 21:25:25.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/16 21:25:25.0906 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/16 21:25:25.0953 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/16 21:25:26.0062 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/16 21:25:26.0093 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/16 21:25:26.0234 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/16 21:25:26.0296 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/16 21:25:26.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/16 21:25:26.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/16 21:25:26.0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/16 21:25:26.0531 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/16 21:25:26.0562 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/16 21:25:26.0609 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/16 21:25:26.0625 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/16 21:25:26.0671 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/16 21:25:26.0718 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/16 21:25:26.0859 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
2010/12/16 21:25:26.0984 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2010/12/16 21:25:27.0093 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2010/12/16 21:25:27.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/16 21:25:27.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/16 21:25:27.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/16 21:25:27.0343 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/16 21:25:27.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/16 21:25:27.0421 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/16 21:25:27.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/16 21:25:27.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/16 21:25:27.0593 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/16 21:25:27.0750 rtl8185 (de11516a1123a4fa32150f24aa749502) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
2010/12/16 21:25:27.0906 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2010/12/16 21:25:27.0937 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2010/12/16 21:25:28.0078 SaxNDIS (ac73c2ac747018bfeefeeeeaca3520b9) C:\WINDOWS\system32\drivers\saxndis.sys
2010/12/16 21:25:28.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/16 21:25:28.0187 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/16 21:25:28.0296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/16 21:25:28.0468 setup_9.0.0.722_09.12.2010_12-20drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\5737390.sys
2010/12/16 21:25:28.0546 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/16 21:25:28.0656 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/16 21:25:28.0718 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/16 21:25:28.0781 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/16 21:25:28.0828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/16 21:25:28.0906 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
2010/12/16 21:25:29.0000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/16 21:25:29.0046 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/16 21:25:29.0203 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/16 21:25:29.0250 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/16 21:25:29.0281 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/16 21:25:29.0328 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/16 21:25:29.0375 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/16 21:25:29.0406 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/16 21:25:29.0437 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/16 21:25:29.0468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/16 21:25:29.0531 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/16 21:25:29.0578 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/12/16 21:25:29.0625 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/16 21:25:29.0656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/16 21:25:29.0687 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/16 21:25:29.0765 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/16 21:25:29.0906 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/16 21:25:29.0968 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/12/16 21:25:30.0031 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/16 21:25:30.0093 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/16 21:25:30.0171 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/16 21:25:30.0250 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/12/16 21:25:30.0328 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2010/12/16 21:25:30.0406 USB28xxOEM (d46933af26d7c776639be8fa3045ae4c) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2010/12/16 21:25:30.0453 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/16 21:25:30.0484 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/16 21:25:30.0531 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/16 21:25:30.0578 usbhub (5ca83ac0a70d7d8d402c8ce8c0f7bf0c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/16 21:25:30.0578 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\usbhub.sys. Real md5: 5ca83ac0a70d7d8d402c8ce8c0f7bf0c, Fake md5: 1ab3cdde553b6e064d2e754efe20285c
2010/12/16 21:25:30.0593 usbhub - detected Forged file (1)
2010/12/16 21:25:30.0640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/16 21:25:30.0703 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/16 21:25:30.0781 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/12/16 21:25:30.0828 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/16 21:25:30.0890 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/16 21:25:30.0921 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/16 21:25:30.0968 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/16 21:25:31.0062 vbmaf696 (520c300389b9cf61fc33e71958eed084) C:\WINDOWS\system32\drivers\vbmaf696.sys
2010/12/16 21:25:31.0062 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmaf696.sys. md5: 520c300389b9cf61fc33e71958eed084
2010/12/16 21:25:31.0062 vbmaf696 - detected Locked file (1)
2010/12/16 21:25:31.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/16 21:25:31.0187 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/16 21:25:31.0203 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/16 21:25:31.0265 VideoHomeBDAU2 (ab9c390eef87367a832445bf1e16e3ee) C:\WINDOWS\system32\drivers\thpbdau2.sys
2010/12/16 21:25:31.0296 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/16 21:25:31.0390 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/16 21:25:31.0468 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/16 21:25:31.0546 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/16 21:25:31.0687 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/16 21:25:31.0781 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/16 21:25:31.0828 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/16 21:25:31.0906 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/16 21:25:32.0000 ================================================================================
2010/12/16 21:25:32.0000 Scan finished
2010/12/16 21:25:32.0000 ================================================================================
2010/12/16 21:25:32.0015 Detected object count: 2
2010/12/16 21:27:31.0625 Forged file(usbhub) - User select action: Skip
2010/12/16 21:27:31.0640 Locked file(vbmaf696) - User select action: Skip

Attached Files


Edited by dave17, 16 December 2010 - 04:30 PM.


#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:20 AM

Posted 16 December 2010 - 08:35 PM

Hi dave17,




The TDSSKiller found two suspicious files "usbhub.sys" and "vbmaf.sys"

Before proceeding the following, please rerun TDSSKiller and select "cure" to delete those two files as shown in the following picture. Most likely, the vbmaf696 can't be removed. If that's the case, please do in the following:

Posted Image


Step1

  • If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  • Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  • Please download Combofix on your desktop. Do not run it yet .



Step2

1.The computer must be set to boot from the CD first. For more info: Here .

2.Start your computer and insert the Windows XP installation CD in your CD/DVD drive.

3.When prompted, press any key to boot from the CD-ROM.

4.Press "R" after the "Welcome to Setup" screen appears to access the Recovery Console.

Posted Image

5.The screen will switch to black and you will be asked which installation to log onto. If you only have one installation you will press "1"

6.It will then prompt you for the Administrator's password. If there is no password, simply press Enter.

Posted Image

7.At the C:\Windows prompt, type Disable vbmaf696, and press Enter: You may see a message that service has been changed to Disabled.

8.At the C:\Windows prompt, type cd system32\drivers, and press Enter:

9.At the C:\Windows\system32\drivers> prompt, type Delete vbmaf696.sys and press Enter: You should see a message that file has been deleted.

10.Type in the word Exit and press Enter. Windows should now reboot. After that, please do the following:

11.Double click on ComboFix and let it run unhindered.

12.When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

13.Do not mouse click on Combofix while it is running. That may cause it to stall.


Step3

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:


    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.



In your next reply, please post back:

1.ComboFix.txt
2.OTListIt.txt and Extra.txt

Let me know if you have any remaining issues on your pc.

Edited by sundavis, 16 December 2010 - 08:37 PM.


#5 Guest_dave17_*

Guest_dave17_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2010 - 09:21 PM

Got a problem. Mouse and keyboard don't react anymore after after the restart.
I could go through to No. 10 but can't access the computer anymore.
Must have been the usbhub.sys delete that caused it. What do you think?
How can I get it running again?

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling

Posted 16 December 2010 - 10:00 PM

Hi dave17,




Step1

Please reboot your pc and go to step7 in Recovery Console as instructed in my previous post

At the C:\Windows prompt, please type the following bold command and press Enter

copy x:\i386\usbhub.sys c:\windows\system32\drivers

Note:In the above example you should replace x: with the letter of your CD-ROM drive.

If usbhub.sys is still on the computer you'll be prompted if you wish to overwrite the file. If prompted, press the Y key for Yes to overwrite the file.

Type exit, press ENTER, and then restart the computer.

If this is successful. Run ComboFix and OTL. Post the logs back here.

Edited by sundavis, 16 December 2010 - 10:06 PM.


#7 Guest_dave17_*

Guest_dave17_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2010 - 10:26 PM

Tried it several times on different CD/DVD drives but get permanent the message "Access is denied"

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:20 AM

Posted 16 December 2010 - 10:56 PM

Hi dave17,




At the C:\Windows prompt, please type the following bold command and press Enter

cd system32\drivers

At the C:\windows\system32\drivers> prompt, Please type the following bold command and press Enter

ren usbhub.sys usbhub.sys.old

Note:If you receive a message similar to 'invalid parameter or bad command, ensure you have a space between ren and usbhub.sys and another space between usbhub.sys and usbhub.sys.old

At the C:\windows\system32\drivers> prompt, Please type the following bold command and press Enter

copy x:\i386\usbhub.sys (Replace the X to the letter of your CD drive)

Note:You should see a message '1 file copied'. If you did not see that message, try again and ensure there is a space after the word copy.

#9 Guest_dave17_*

Guest_dave17_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2010 - 11:01 PM

After entering ren usbhub.sys usbhub.sys.old I get the message the system cannot find the file or directory speified.
The XP CD is from Dell and doesn't have a usbhub.sys file in the i386 folder if that helps?

Edited by dave17, 16 December 2010 - 11:15 PM.


#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling

Posted 16 December 2010 - 11:19 PM

Verify you're typing the file you wish to rename correctly. If still not working, jump over that command and proceed the next command copy x:\i386\usbhub.sys and press Enter.

If still no joy, replace the following one expand d:\i386\usbhub.sy_ and press Enter. Make sure you are at the C:\windows\system32\drivers> prompt already. Let me know how things went.

The XP CD is from Dell and doesn't have a usbhub.sys file in the i386 folder if that helps

If that's the case, you may try copy C:\WINDOWS\Service PackFiles\i386\usbhub.sys command at C:\windows\system32\drivers> prompt

Edited by sundavis, 16 December 2010 - 11:30 PM.


#11 Guest_dave17_*

Guest_dave17_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2010 - 11:55 PM

I got it expanded.
Do I restart or is there any other command?

The copy C:\WINDOWS\Service PackFiles\i386\usbhub.sys command cannot find the file

The copy C:\WINDOWS\ServicePackFiles\i386\usbhub.sys command did ask to overwrite the USBHUB.SYS what I agreed.

Edited by dave17, 17 December 2010 - 12:02 AM.


#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:20 AM

Posted 17 December 2010 - 12:02 AM

Hi dave17,


I got it expanded.

Sounds good. Before rebooting your pc, i would like you perform "Disable vbmaf696" and "Delete vbmaf696.sys" one more time. Thanks.

#13 Guest_dave17_*

Guest_dave17_*

  • Guests
  • OFFLINE
  •  

Posted 17 December 2010 - 12:17 AM

When I disable I get the message
The registry entry foe the vbmaf696 service was found.
The service currently has start_type SERVICE_DEMAND_START.
Please record this value.
The new start_type for the service has been set to SERVICE_DISABLED.
The computer must be restarted for the changes to take effect.
Type EXIT if you want to restart the computer now.

When I delete no message shows up!

#14 Guest_dave17_*

Guest_dave17_*

  • Guests
  • OFFLINE
  •  

Posted 17 December 2010 - 12:23 AM

Mouse and Keyboard are both USB and are no working.
I have an externel DVD drive on USB and that is working.
I noticed as soon as windows starts up the light on the mouse goes out.
The light on the keyboard is still on but both do not react.
I still cannot access the computer.

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling

Posted 17 December 2010 - 12:39 AM

Hi dave17,



That's OK, we will take another approach. Please go to your message box and do it as instructed accordingly. Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users