Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

There is no name for this... I'm too stressed....


  • This topic is locked This topic is locked
22 replies to this topic

#1 boboliman

boboliman

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 10 January 2011 - 12:28 PM

My computer at work was fragged in December by a malware attack I have never seen. I could fill up a volume on what it did, but my corporate policy was to send it down to Fort Walton Beach Tech to get it straight.

It came back with 25 programs on it, and a ton of configuration changes. I think they did their best, but it is still starting to exhibit anamolies including ping spikes taking up 100% networking utilization at random times while I loose Internet connectivity, browser redirection, drivers are beginning to be replaced again, and services that were enabled are reconfiguring themselves. AV products are being hacked when they are installed by the registry and the new 2TB drive I have added, will only show 638 Gigabytes IN THE BIOS! ...let alone Windows.

I',m at work and here is a quick RSIT log. Windows 7 64 Pro on an Intel Core 2 Quad, 4 Gig RAM, 400 Gig and 2 TB HD, nVidia FX motherboard with onboard NIC and soundcard and a Sounblaster Xtreme card and an extra NIC card (disbled), I guess they left in the machine after testing. All data has been backed up, and this is a mission critical system to our company. I hav5 computer down and cannot detect and destroy this thing. I feel like we just are patching up a caged beast.

I will be posting my laptop next. It just has Vista on it and the Dell drivers. Everytime I reinstall the OS, it boots up infected at first boot. This is after formating ("low level") with the WD tool and removing the battery, reinstalling the battery and reflashing the BIOS, and taking the battery out again and installing Vista 32 Home from the original Dell media. I need assistance from a pro, badly!!!

Thanks so much....

Boboliman

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:02 AM

Posted 17 January 2011 - 08:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 19 January 2011 - 04:12 AM

Thanks Casey,

Man do I understand the heavy load. I have 6 computers down to this thing.

I am attaching the logs as you asked.



I have been studying this thing and have made many notes.

I'm Readdy to begin.

Fro m the top, this is a loaded Dell 1735 Studio laptop

I have installed a clean new copy of Vista on the laptop just used a 14 year old application to deal with the hidden 3 FAT 12 partitions Booting in DOS 6.6.this thing creates and hides them. I unhd them and deleted them with old FDISK as well as the HPFS part , The MBR is where ther action is. thought I delete it, and it looks like it is gone. I'm afraid ther iit's bac. I feel the only option if highy compressed filr in a dynamic overlay.

During first boot, it has the firwall configged, thr filrsystem rerouted, policies inacted, and the barage of filrs starts with software Distribution directery. A new prefetch and readyboost folder and hundreds of fake files replced in the OS and scrpts oprning ports and on and on. It totally eveades scans becase the file system partitions the bad and good code and thr dupictes have go md5s.

I will be in a t 9:30 EST. tommorrow if your available.

Thaks much, Bob.


Here was my methology



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:02 AM

Posted 20 January 2011 - 09:59 AM

Hello boboliman

Welcome to BleepingComputer :)
========================
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 20 January 2011 - 10:12 AM

Shall Do! I'm downloading it now.... Thanks.

#6 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 20 January 2011 - 10:17 AM

Nothing found (as usual)


2011/01/20 10:14:29.0996 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/20 10:14:29.0997 ================================================================================
2011/01/20 10:14:29.0997 SystemInfo:
2011/01/20 10:14:29.0997
2011/01/20 10:14:29.0997 OS Version: 6.0.6001 ServicePack: 1.0
2011/01/20 10:14:29.0997 Product type: Workstation
2011/01/20 10:14:29.0997 ComputerName: ORION1928
2011/01/20 10:14:29.0997 UserName: ORION
2011/01/20 10:14:29.0997 Windows directory: C:\Windows
2011/01/20 10:14:29.0997 System windows directory: C:\Windows
2011/01/20 10:14:29.0997 Processor architecture: Intel x86
2011/01/20 10:14:29.0997 Number of processors: 2
2011/01/20 10:14:29.0997 Page size: 0x1000
2011/01/20 10:14:29.0997 Boot type: Normal boot
2011/01/20 10:14:29.0997 ================================================================================
2011/01/20 10:14:30.0248 Initialize success
2011/01/20 10:14:46.0763 ================================================================================
2011/01/20 10:14:46.0763 Scan started
2011/01/20 10:14:46.0764 Mode: Manual;
2011/01/20 10:14:46.0764 ================================================================================
2011/01/20 10:14:47.0751 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/01/20 10:14:47.0822 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/01/20 10:14:47.0868 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/01/20 10:14:47.0899 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/01/20 10:14:47.0930 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/01/20 10:14:48.0010 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/01/20 10:14:48.0068 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/01/20 10:14:48.0104 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/20 10:14:48.0138 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/01/20 10:14:48.0174 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/01/20 10:14:48.0198 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/01/20 10:14:48.0237 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/01/20 10:14:48.0271 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/01/20 10:14:48.0329 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/01/20 10:14:48.0365 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/01/20 10:14:48.0410 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/20 10:14:48.0439 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/01/20 10:14:48.0576 atikmdag (38973519d2a61e33e49a09c6b05621cd) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/20 10:14:48.0721 BCM42RLY (bcb27987aaf7962c72b0f337a201cc28) C:\Windows\system32\drivers\BCM42RLY.sys
2011/01/20 10:14:48.0780 BCM43XX (91d216486b05986afcbea3096a47f3ea) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/01/20 10:14:48.0877 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/01/20 10:14:48.0924 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/01/20 10:14:48.0957 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/20 10:14:49.0001 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/20 10:14:49.0030 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/20 10:14:49.0066 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/20 10:14:49.0089 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/20 10:14:49.0113 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/20 10:14:49.0163 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/20 10:14:49.0198 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/01/20 10:14:49.0244 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/20 10:14:49.0279 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/20 10:14:49.0325 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/01/20 10:14:49.0363 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/01/20 10:14:49.0419 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/20 10:14:49.0451 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/01/20 10:14:49.0477 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/20 10:14:49.0504 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/01/20 10:14:49.0536 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/01/20 10:14:49.0580 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/01/20 10:14:49.0638 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/01/20 10:14:49.0693 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/01/20 10:14:49.0739 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/20 10:14:49.0793 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/20 10:14:49.0845 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/01/20 10:14:49.0905 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/01/20 10:14:49.0951 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/01/20 10:14:50.0042 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2011/01/20 10:14:50.0155 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/01/20 10:14:50.0299 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/01/20 10:14:50.0335 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/20 10:14:50.0377 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/01/20 10:14:50.0409 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/01/20 10:14:50.0436 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/20 10:14:50.0462 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/01/20 10:14:50.0503 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/20 10:14:50.0526 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/20 10:14:50.0592 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/01/20 10:14:50.0631 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/20 10:14:50.0666 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/20 10:14:50.0701 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/01/20 10:14:50.0742 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/20 10:14:50.0772 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/01/20 10:14:50.0820 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/01/20 10:14:50.0848 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/01/20 10:14:50.0884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/20 10:14:50.0917 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/01/20 10:14:50.0956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/20 10:14:51.0003 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/01/20 10:14:51.0025 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/20 10:14:51.0068 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/20 10:14:51.0128 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/20 10:14:51.0155 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/20 10:14:51.0177 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/01/20 10:14:51.0200 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/01/20 10:14:51.0226 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/20 10:14:51.0257 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/20 10:14:51.0278 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/20 10:14:51.0352 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/01/20 10:14:51.0376 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/20 10:14:51.0420 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/01/20 10:14:51.0461 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/20 10:14:51.0513 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/20 10:14:51.0560 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/20 10:14:51.0585 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/20 10:14:51.0640 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/20 10:14:51.0665 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/01/20 10:14:51.0696 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/01/20 10:14:51.0728 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/01/20 10:14:51.0768 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/01/20 10:14:51.0804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/20 10:14:51.0843 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/20 10:14:51.0872 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/20 10:14:51.0902 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/01/20 10:14:51.0945 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/01/20 10:14:51.0982 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/20 10:14:52.0025 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/20 10:14:52.0060 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/01/20 10:14:52.0092 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/20 10:14:52.0117 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/20 10:14:52.0141 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/20 10:14:52.0180 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/01/20 10:14:52.0215 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/01/20 10:14:52.0256 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/01/20 10:14:52.0300 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/01/20 10:14:52.0352 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/20 10:14:52.0388 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/20 10:14:52.0423 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/01/20 10:14:52.0457 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/01/20 10:14:52.0496 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/20 10:14:52.0527 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/01/20 10:14:52.0558 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/01/20 10:14:52.0606 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/20 10:14:52.0662 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/01/20 10:14:52.0697 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/20 10:14:52.0729 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/20 10:14:52.0764 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/20 10:14:52.0797 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/01/20 10:14:52.0817 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/20 10:14:52.0859 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/20 10:14:52.0905 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/20 10:14:52.0930 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/01/20 10:14:52.0965 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/20 10:14:53.0026 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/01/20 10:14:53.0063 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/20 10:14:53.0095 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/01/20 10:14:53.0129 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/01/20 10:14:53.0162 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/01/20 10:14:53.0199 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/01/20 10:14:53.0284 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/20 10:14:53.0330 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/01/20 10:14:53.0367 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/01/20 10:14:53.0402 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/01/20 10:14:53.0429 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/01/20 10:14:53.0462 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/01/20 10:14:53.0492 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/01/20 10:14:53.0549 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/20 10:14:53.0626 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/20 10:14:53.0661 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/01/20 10:14:53.0709 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/20 10:14:53.0761 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/01/20 10:14:53.0820 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/20 10:14:53.0857 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/20 10:14:53.0884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/20 10:14:53.0921 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/20 10:14:53.0945 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/20 10:14:53.0969 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/20 10:14:53.0999 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/20 10:14:54.0019 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/20 10:14:54.0060 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/01/20 10:14:54.0084 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/20 10:14:54.0125 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/01/20 10:14:54.0186 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/01/20 10:14:54.0238 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/01/20 10:14:54.0280 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/01/20 10:14:54.0318 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/20 10:14:54.0347 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/20 10:14:54.0421 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/20 10:14:54.0453 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/20 10:14:54.0492 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/01/20 10:14:54.0525 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/01/20 10:14:54.0547 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/01/20 10:14:54.0586 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/01/20 10:14:54.0620 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/20 10:14:54.0653 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/20 10:14:54.0682 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/20 10:14:54.0718 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/01/20 10:14:54.0755 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/01/20 10:14:54.0778 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/01/20 10:14:54.0821 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/01/20 10:14:54.0855 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/01/20 10:14:54.0895 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
2011/01/20 10:14:54.0922 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/20 10:14:54.0944 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/20 10:14:55.0041 STHDA (87b7fc4cde516c40ab84e786b97953dd) C:\Windows\system32\DRIVERS\stwrt.sys
2011/01/20 10:14:55.0107 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/20 10:14:55.0148 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/20 10:14:55.0169 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/20 10:14:55.0192 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/20 10:14:55.0263 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
2011/01/20 10:14:55.0318 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/20 10:14:55.0355 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/20 10:14:55.0392 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/01/20 10:14:55.0425 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/01/20 10:14:55.0454 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/20 10:14:55.0486 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/20 10:14:55.0550 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/20 10:14:55.0603 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/20 10:14:55.0639 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/01/20 10:14:55.0684 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/20 10:14:55.0732 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/20 10:14:55.0767 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/01/20 10:14:55.0802 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/20 10:14:55.0827 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/20 10:14:55.0863 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/20 10:14:55.0917 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/20 10:14:55.0952 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/20 10:14:55.0994 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/20 10:14:56.0018 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/20 10:14:56.0052 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/01/20 10:14:56.0079 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/01/20 10:14:56.0126 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/20 10:14:56.0168 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/20 10:14:56.0219 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/20 10:14:56.0266 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/20 10:14:56.0300 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/01/20 10:14:56.0339 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/01/20 10:14:56.0360 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/01/20 10:14:56.0396 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/01/20 10:14:56.0431 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/01/20 10:14:56.0457 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/01/20 10:14:56.0496 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/01/20 10:14:56.0541 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/01/20 10:14:56.0594 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/20 10:14:56.0621 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/20 10:14:56.0642 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/20 10:14:56.0691 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/01/20 10:14:56.0720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/20 10:14:56.0825 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/20 10:14:56.0871 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/20 10:14:56.0938 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/20 10:14:56.0998 ================================================================================
2011/01/20 10:14:56.0998 Scan finished
2011/01/20 10:14:56.0998 ================================================================================
2011/01/20 10:15:12.0071 Deinitialize success

#7 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 20 January 2011 - 10:19 AM

Nothing found (as usual)


2011/01/20 10:14:29.0996 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/20 10:14:29.0997 ================================================================================
2011/01/20 10:14:29.0997 SystemInfo:
2011/01/20 10:14:29.0997
2011/01/20 10:14:29.0997 OS Version: 6.0.6001 ServicePack: 1.0
2011/01/20 10:14:29.0997 Product type: Workstation
2011/01/20 10:14:29.0997 ComputerName: ORION1928
2011/01/20 10:14:29.0997 UserName: ORION
2011/01/20 10:14:29.0997 Windows directory: C:\Windows
2011/01/20 10:14:29.0997 System windows directory: C:\Windows
2011/01/20 10:14:29.0997 Processor architecture: Intel x86
2011/01/20 10:14:29.0997 Number of processors: 2
2011/01/20 10:14:29.0997 Page size: 0x1000
2011/01/20 10:14:29.0997 Boot type: Normal boot
2011/01/20 10:14:29.0997 ================================================================================
2011/01/20 10:14:30.0248 Initialize success
2011/01/20 10:14:46.0763 ================================================================================
2011/01/20 10:14:46.0763 Scan started
2011/01/20 10:14:46.0764 Mode: Manual;
2011/01/20 10:14:46.0764 ================================================================================
2011/01/20 10:14:47.0751 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/01/20 10:14:47.0822 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/01/20 10:14:47.0868 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/01/20 10:14:47.0899 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/01/20 10:14:47.0930 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/01/20 10:14:48.0010 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/01/20 10:14:48.0068 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/01/20 10:14:48.0104 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/20 10:14:48.0138 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/01/20 10:14:48.0174 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/01/20 10:14:48.0198 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/01/20 10:14:48.0237 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/01/20 10:14:48.0271 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/01/20 10:14:48.0329 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/01/20 10:14:48.0365 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/01/20 10:14:48.0410 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/20 10:14:48.0439 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/01/20 10:14:48.0576 atikmdag (38973519d2a61e33e49a09c6b05621cd) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/20 10:14:48.0721 BCM42RLY (bcb27987aaf7962c72b0f337a201cc28) C:\Windows\system32\drivers\BCM42RLY.sys
2011/01/20 10:14:48.0780 BCM43XX (91d216486b05986afcbea3096a47f3ea) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/01/20 10:14:48.0877 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/01/20 10:14:48.0924 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/01/20 10:14:48.0957 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/20 10:14:49.0001 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/20 10:14:49.0030 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/20 10:14:49.0066 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/20 10:14:49.0089 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/20 10:14:49.0113 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/20 10:14:49.0163 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/20 10:14:49.0198 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/01/20 10:14:49.0244 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/20 10:14:49.0279 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/20 10:14:49.0325 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/01/20 10:14:49.0363 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/01/20 10:14:49.0419 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/20 10:14:49.0451 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/01/20 10:14:49.0477 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/20 10:14:49.0504 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/01/20 10:14:49.0536 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/01/20 10:14:49.0580 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/01/20 10:14:49.0638 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/01/20 10:14:49.0693 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/01/20 10:14:49.0739 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/20 10:14:49.0793 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/20 10:14:49.0845 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/01/20 10:14:49.0905 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/01/20 10:14:49.0951 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/01/20 10:14:50.0042 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2011/01/20 10:14:50.0155 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/01/20 10:14:50.0299 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/01/20 10:14:50.0335 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/20 10:14:50.0377 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/01/20 10:14:50.0409 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/01/20 10:14:50.0436 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/20 10:14:50.0462 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/01/20 10:14:50.0503 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/20 10:14:50.0526 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/20 10:14:50.0592 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/01/20 10:14:50.0631 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/20 10:14:50.0666 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/20 10:14:50.0701 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/01/20 10:14:50.0742 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/20 10:14:50.0772 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/01/20 10:14:50.0820 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/01/20 10:14:50.0848 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/01/20 10:14:50.0884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/20 10:14:50.0917 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/01/20 10:14:50.0956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/20 10:14:51.0003 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/01/20 10:14:51.0025 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/20 10:14:51.0068 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/20 10:14:51.0128 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/20 10:14:51.0155 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/20 10:14:51.0177 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/01/20 10:14:51.0200 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/01/20 10:14:51.0226 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/20 10:14:51.0257 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/20 10:14:51.0278 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/20 10:14:51.0352 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/01/20 10:14:51.0376 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/20 10:14:51.0420 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/01/20 10:14:51.0461 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/20 10:14:51.0513 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/20 10:14:51.0560 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/20 10:14:51.0585 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/20 10:14:51.0640 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/20 10:14:51.0665 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/01/20 10:14:51.0696 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/01/20 10:14:51.0728 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/01/20 10:14:51.0768 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/01/20 10:14:51.0804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/20 10:14:51.0843 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/20 10:14:51.0872 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/20 10:14:51.0902 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/01/20 10:14:51.0945 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/01/20 10:14:51.0982 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/20 10:14:52.0025 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/20 10:14:52.0060 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/01/20 10:14:52.0092 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/20 10:14:52.0117 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/20 10:14:52.0141 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/20 10:14:52.0180 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/01/20 10:14:52.0215 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/01/20 10:14:52.0256 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/01/20 10:14:52.0300 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/01/20 10:14:52.0352 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/20 10:14:52.0388 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/20 10:14:52.0423 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/01/20 10:14:52.0457 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/01/20 10:14:52.0496 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/20 10:14:52.0527 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/01/20 10:14:52.0558 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/01/20 10:14:52.0606 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/20 10:14:52.0662 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/01/20 10:14:52.0697 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/20 10:14:52.0729 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/20 10:14:52.0764 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/20 10:14:52.0797 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/01/20 10:14:52.0817 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/20 10:14:52.0859 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/20 10:14:52.0905 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/20 10:14:52.0930 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/01/20 10:14:52.0965 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/20 10:14:53.0026 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/01/20 10:14:53.0063 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/20 10:14:53.0095 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/01/20 10:14:53.0129 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/01/20 10:14:53.0162 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/01/20 10:14:53.0199 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/01/20 10:14:53.0284 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/20 10:14:53.0330 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/01/20 10:14:53.0367 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/01/20 10:14:53.0402 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/01/20 10:14:53.0429 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/01/20 10:14:53.0462 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/01/20 10:14:53.0492 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/01/20 10:14:53.0549 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/20 10:14:53.0626 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/20 10:14:53.0661 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/01/20 10:14:53.0709 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/20 10:14:53.0761 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/01/20 10:14:53.0820 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/20 10:14:53.0857 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/20 10:14:53.0884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/20 10:14:53.0921 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/20 10:14:53.0945 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/20 10:14:53.0969 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/20 10:14:53.0999 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/20 10:14:54.0019 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/20 10:14:54.0060 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/01/20 10:14:54.0084 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/20 10:14:54.0125 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/01/20 10:14:54.0186 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/01/20 10:14:54.0238 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/01/20 10:14:54.0280 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/01/20 10:14:54.0318 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/20 10:14:54.0347 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/20 10:14:54.0421 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/20 10:14:54.0453 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/20 10:14:54.0492 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/01/20 10:14:54.0525 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/01/20 10:14:54.0547 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/01/20 10:14:54.0586 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/01/20 10:14:54.0620 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/20 10:14:54.0653 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/20 10:14:54.0682 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/20 10:14:54.0718 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/01/20 10:14:54.0755 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/01/20 10:14:54.0778 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/01/20 10:14:54.0821 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/01/20 10:14:54.0855 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/01/20 10:14:54.0895 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
2011/01/20 10:14:54.0922 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/20 10:14:54.0944 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/20 10:14:55.0041 STHDA (87b7fc4cde516c40ab84e786b97953dd) C:\Windows\system32\DRIVERS\stwrt.sys
2011/01/20 10:14:55.0107 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/20 10:14:55.0148 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/20 10:14:55.0169 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/20 10:14:55.0192 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/20 10:14:55.0263 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
2011/01/20 10:14:55.0318 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/20 10:14:55.0355 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/20 10:14:55.0392 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/01/20 10:14:55.0425 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/01/20 10:14:55.0454 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/20 10:14:55.0486 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/20 10:14:55.0550 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/20 10:14:55.0603 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/20 10:14:55.0639 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/01/20 10:14:55.0684 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/20 10:14:55.0732 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/20 10:14:55.0767 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/01/20 10:14:55.0802 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/20 10:14:55.0827 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/20 10:14:55.0863 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/20 10:14:55.0917 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/20 10:14:55.0952 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/20 10:14:55.0994 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/20 10:14:56.0018 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/20 10:14:56.0052 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/01/20 10:14:56.0079 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/01/20 10:14:56.0126 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/20 10:14:56.0168 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/20 10:14:56.0219 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/20 10:14:56.0266 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/20 10:14:56.0300 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/01/20 10:14:56.0339 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/01/20 10:14:56.0360 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/01/20 10:14:56.0396 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/01/20 10:14:56.0431 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/01/20 10:14:56.0457 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/01/20 10:14:56.0496 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/01/20 10:14:56.0541 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/01/20 10:14:56.0594 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/20 10:14:56.0621 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/20 10:14:56.0642 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/20 10:14:56.0691 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/01/20 10:14:56.0720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/20 10:14:56.0825 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/20 10:14:56.0871 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/20 10:14:56.0938 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/20 10:14:56.0998 ================================================================================
2011/01/20 10:14:56.0998 Scan finished
2011/01/20 10:14:56.0998 ================================================================================
2011/01/20 10:15:12.0071 Deinitialize success

#8 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 20 January 2011 - 10:34 AM

Just an FYI, I think the reason no scanner picks anything up, is the fact that after the fresh install of Vista, upon first boot, I have found the file structure to be altered. I see in the registry, entries where files reside at /.//. There is a utility called 7Zip that exposes this segmented filling system.

Also, this malware is embedded into the OS from a dynamic drive overlay I believe when the OS is installed.it forms some hidden partitions then in FAT12 that are pretty empty. You have to see what this malware sets up. It sets up a folder in Windows System32 called Software Distribution where the executibles are built. There is a directory called prefetch, that has databases of everything I so and input. Like a keylogger. There is also a folder there called ReadyBoost that has a ton of trace files in it. All these folders are locked down from me and I had to take ownership of them to see what's in them. I'd say 15% of the Widows files have been renamed and replaced, most drivers have been replaced, and he locks down the grpoledit service from me at first boot. Some of the self defence mechanisms are in place like hidding drives, the recycle bin, fake error messages, etc, when I try to load certain av products...

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:02 AM

Posted 20 January 2011 - 10:43 AM

The log checks for altered file none seem to be altered or faked as far as md5 hash goes.
See if there is a bios update for the machine flash the bios then reinstall Windows again.
See if it then takes it out.
There would be no other place for it to hide but for for ram for a short period of time.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 20 January 2011 - 10:51 AM

I took out the battery, waited, then I put the battery back in and flashed the BIOS. I then took out the batter and disabled this extra cache module on the Dell laptop. I then installed the OS and this is what your seeing now.

#11 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 20 January 2011 - 10:59 AM

Why I say they were replaced is that I went through the list of verified file sizes from microsoft, and they were about 65 Windows files that were no where near the file sizes specified. I am using a program called Spyhunter that creates a list of files that it says are safe (probably because of the MD5 hash, and some of these file names are misspelled and nowhere near the size they should be for the Vista OS.

#12 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 20 January 2011 - 11:12 AM

I just tried to read a new file i have never seen and got this error. Take a look at the path where this file resides....

#13 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 20 January 2011 - 11:53 AM

I have disabled half of the Windows Services and have disabled two thirds of the processes I could identify as being hacked and the system is pretty quiet for now. I am going to shut down my computer and boot from a DOS disk and run Ranishes Diskpart to view the Disk partitions and see if I can backup the MBR and perhaps get into it to see what's going on.

BRB

#14 boboliman

boboliman
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:06:02 AM

Posted 20 January 2011 - 12:06 PM

New GMER attached. Some things are changed it looks like.... I am going to look at the partition. Wierd EXFAT is running and the drivers installed...

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:02 AM

Posted 20 January 2011 - 12:43 PM

I wouldn't trust SpyHunter it used to be in the rouge list a while back.
Not to say I don't believe you but nothing is showing infected.
When you reinstalled Windows did you delete all partitions?
What you can try with a bit better reformatting program such as Active KillDisk.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users