Page 8 of 10 FirstFirst ... 45678910 LastLast
Results 71 to 80 of 100

Thread: IDP & Crypt AQLW Trojan DDS Log pasted.

  1. #71
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default ComboFix still reports ZeroAccess Infection

    As I had a few moments inbetween work, I reran ComboFix, but only as far as the message "You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you’re unable to connect to the internet after running ComboFix, reboot once and see if that fixes it. If it's not fixed, run ComboFix one more time".

    Whichleads me to suspect that the Trojan has remnants behind! What I don't understand, is why can ComboFix detect the Trojan but cannot clean it?

  2. #72
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    ComboFix can normally clean it very well but there are instances where the infection just is not able to be cleaned. ZeroAccess is a severe infection that is normally very difficult to remove with only one infection but your system was infected by multiple ZeroAccess infections....more than I have seen on one system so far.

    Like I stated when we began...
    Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
    ....right now I am not seeing the infection showing in the logs which is making it very difficult....

  3. #73
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Scans

    I think our postings crossed so I will do the scans for which you asked. On the questioned posed it was really that obviously ComboFix has detected something on on the one part (hence the warning) but not prviding that in a report!

    I will do the scans as soon as I can (maybe in 30 mins time).

    Again thanks!

  4. #74
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Scans completed

    My 30 mins delay was while I was completing my work for tomorrow, and at the same time waiting for a scan from a Rootkit Unhooker app which I paste up last of all. First the TDDS Killer Report:

    -------------------------------------------
    19:32:29.0187 0576 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
    19:32:29.0218 0576 ============================================================
    19:32:29.0218 0576 Current date / time: 2012/04/30 19:32:29.0218
    19:32:29.0218 0576 SystemInfo:
    19:32:29.0218 0576
    19:32:29.0218 0576 OS Version: 5.1.2600 ServicePack: 3.0
    19:32:29.0218 0576 Product type: Workstation
    19:32:29.0218 0576 ComputerName: KNIGHTS-2EE6007
    19:32:29.0218 0576 UserName: Dr Michael Foster
    19:32:29.0218 0576 Windows directory: C:\WINDOWS
    19:32:29.0218 0576 System windows directory: C:\WINDOWS
    19:32:29.0218 0576 Processor architecture: Intel x86
    19:32:29.0218 0576 Number of processors: 4
    19:32:29.0218 0576 Page size: 0x1000
    19:32:29.0218 0576 Boot type: Normal boot
    19:32:29.0218 0576 ============================================================
    19:32:30.0765 0576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    19:32:30.0765 0576 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
    19:32:30.0765 0576 Drive \Device\Harddisk2\DR5 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'W'
    19:32:30.0812 0576 ============================================================
    19:32:30.0812 0576 \Device\Harddisk0\DR0:
    19:32:30.0812 0576 MBR partitions:
    19:32:30.0812 0576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
    19:32:30.0812 0576 \Device\Harddisk1\DR1:
    19:32:30.0812 0576 MBR partitions:
    19:32:30.0812 0576 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    19:32:30.0812 0576 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    19:32:30.0812 0576 \Device\Harddisk2\DR5:
    19:32:30.0812 0576 MBR partitions:
    19:32:30.0812 0576 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
    19:32:30.0812 0576 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
    19:32:30.0812 0576 ============================================================
    19:32:30.0859 0576 C: <-> \Device\Harddisk0\DR0\Partition0
    19:32:31.0265 0576 E: <-> \Device\Harddisk1\DR1\Partition0
    19:32:31.0312 0576 F: <-> \Device\Harddisk1\DR1\Partition1
    19:32:31.0328 0576 L: <-> \Device\Harddisk2\DR5\Partition0
    19:32:31.0343 0576 M: <-> \Device\Harddisk2\DR5\Partition1
    19:32:31.0343 0576 ============================================================
    19:32:31.0343 0576 Initialize success
    19:32:31.0343 0576 ============================================================
    19:55:10.0187 2636 ============================================================
    19:55:10.0187 2636 Scan started
    19:55:10.0187 2636 Mode: Manual; SigCheck; TDLFS;
    19:55:10.0187 2636 ============================================================
    19:55:11.0078 2636 !SASCORE - ok
    19:55:11.0171 2636 Abiosdsk - ok
    19:55:11.0171 2636 abp480n5 - ok
    19:55:11.0250 2636 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:55:11.0937 2636 ACPI - ok
    19:55:11.0984 2636 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    19:55:12.0078 2636 ACPIEC - ok
    19:55:12.0078 2636 adaptecstoragemanageragent - ok
    19:55:12.0171 2636 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    19:55:12.0187 2636 AdobeFlashPlayerUpdateSvc - ok
    19:55:12.0187 2636 adpu160m - ok
    19:55:12.0203 2636 adsexpb - ok
    19:55:12.0250 2636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    19:55:12.0359 2636 aec - ok
    19:55:12.0390 2636 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    19:55:12.0453 2636 AFD - ok
    19:55:12.0453 2636 Aha154x - ok
    19:55:12.0453 2636 aic78u2 - ok
    19:55:12.0453 2636 aic78xx - ok
    19:55:12.0453 2636 alcxsens - ok
    19:55:12.0515 2636 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    19:55:12.0609 2636 Alerter - ok
    19:55:12.0609 2636 alertservice - ok
    19:55:12.0625 2636 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    19:55:12.0671 2636 ALG - ok
    19:55:12.0671 2636 AliIde - ok
    19:55:12.0812 2636 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    19:55:12.0890 2636 Ambfilt - ok
    19:55:12.0937 2636 amdk7 - ok
    19:55:12.0937 2636 amsint - ok
    19:55:13.0078 2636 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:55:13.0078 2636 Apple Mobile Device - ok
    19:55:13.0109 2636 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    19:55:13.0171 2636 AppMgmt - ok
    19:55:13.0187 2636 ar5211 - ok
    19:55:13.0187 2636 arkbcfltr - ok
    19:55:13.0234 2636 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    19:55:13.0312 2636 Arp1394 - ok
    19:55:13.0312 2636 asc - ok
    19:55:13.0312 2636 asc3350p - ok
    19:55:13.0312 2636 asc3550 - ok
    19:55:13.0406 2636 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    19:55:13.0421 2636 aspnet_state - ok
    19:55:13.0453 2636 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:55:13.0531 2636 AsyncMac - ok
    19:55:13.0593 2636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:55:13.0687 2636 atapi - ok
    19:55:13.0703 2636 Atdisk - ok
    19:55:13.0703 2636 ATKGFNEXSrv - ok
    19:55:13.0703 2636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:55:13.0781 2636 Atmarpc - ok
    19:55:13.0843 2636 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    19:55:13.0921 2636 AudioSrv - ok
    19:55:13.0984 2636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:55:14.0078 2636 audstub - ok
    19:55:14.0390 2636 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    19:55:14.0625 2636 AVGIDSAgent - ok
    19:55:14.0734 2636 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    19:55:14.0750 2636 AVGIDSDriver - ok
    19:55:14.0750 2636 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    19:55:14.0765 2636 AVGIDSEH - ok
    19:55:14.0765 2636 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    19:55:14.0781 2636 AVGIDSFilter - ok
    19:55:14.0812 2636 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    19:55:14.0828 2636 AVGIDSShim - ok
    19:55:14.0906 2636 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    19:55:14.0921 2636 Avgldx86 - ok
    19:55:14.0921 2636 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    19:55:14.0921 2636 Avgmfx86 - ok
    19:55:14.0937 2636 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    19:55:14.0953 2636 Avgrkx86 - ok
    19:55:14.0968 2636 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    19:55:14.0984 2636 Avgtdix - ok
    19:55:15.0062 2636 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    19:55:15.0062 2636 avgwd - ok
    19:55:15.0078 2636 BANTExt - ok
    19:55:15.0125 2636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    19:55:15.0218 2636 Beep - ok
    19:55:15.0218 2636 belmonitorservice - ok
    19:55:15.0281 2636 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    19:55:15.0421 2636 BITS - ok
    19:55:15.0421 2636 BlackBox - ok
    19:55:15.0468 2636 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    19:55:15.0578 2636 Browser - ok
    19:55:15.0609 2636 BrUsbSer - ok
    19:55:15.0625 2636 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    19:55:15.0734 2636 BthEnum - ok
    19:55:15.0750 2636 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    19:55:15.0828 2636 BTHMODEM - ok
    19:55:15.0843 2636 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    19:55:15.0937 2636 BthPan - ok
    19:55:15.0984 2636 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    19:55:16.0031 2636 BTHPORT - ok
    19:55:16.0078 2636 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
    19:55:16.0171 2636 BthServ - ok
    19:55:16.0171 2636 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    19:55:16.0250 2636 BTHUSB - ok
    19:55:16.0265 2636 C-Dilla - ok
    19:55:16.0500 2636 catchme - ok
    19:55:16.0531 2636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:55:16.0640 2636 cbidf2k - ok
    19:55:16.0640 2636 ccevtmgr - ok
    19:55:16.0640 2636 cd20xrnt - ok
    19:55:16.0640 2636 CdaD10BA - ok
    19:55:16.0671 2636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:55:16.0750 2636 Cdaudio - ok
    19:55:16.0781 2636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    19:55:16.0890 2636 Cdfs - ok
    19:55:16.0906 2636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:55:17.0015 2636 Cdrom - ok
    19:55:17.0062 2636 Changer (daf1a8193b6caf0fb858cadcc5c4af4a) C:\WINDOWS\system32\drivers\Changer.sys
    19:55:17.0156 2636 Changer - ok
    19:55:17.0203 2636 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    19:55:17.0281 2636 CiSvc - ok
    19:55:17.0343 2636 CLBStor (0252b4007a8f3a6cc61220cbe122544d) C:\WINDOWS\system32\drivers\CLBStor.sys
    19:55:17.0359 2636 CLBStor - ok
    19:55:17.0421 2636 CLBUDF (dc705765a170f7bd8af3632c93b03f0b) C:\WINDOWS\system32\drivers\CLBUDF.sys
    19:55:17.0437 2636 CLBUDF - ok
    19:55:17.0468 2636 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    19:55:17.0578 2636 ClipSrv - ok
    19:55:17.0671 2636 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:55:17.0687 2636 clr_optimization_v2.0.50727_32 - ok
    19:55:17.0687 2636 CmdIde - ok
    19:55:17.0687 2636 CoachUsb - ok
    19:55:17.0687 2636 commserver - ok
    19:55:17.0687 2636 COMSysApp - ok
    19:55:17.0703 2636 Cpqarray - ok
    19:55:17.0796 2636 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    19:55:17.0796 2636 cpudrv - ok
    19:55:17.0828 2636 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    19:55:17.0906 2636 CryptSvc - ok
    19:55:17.0921 2636 cygserver - ok
    19:55:17.0921 2636 dac2w2k - ok
    19:55:17.0921 2636 dac960nt - ok
    19:55:17.0953 2636 DC21x4 - ok
    19:55:18.0015 2636 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    19:55:18.0109 2636 DcomLaunch - ok
    19:55:18.0171 2636 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    19:55:18.0265 2636 Dhcp - ok
    19:55:18.0312 2636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    19:55:18.0406 2636 Disk - ok
    19:55:18.0406 2636 dladresn - ok
    19:55:18.0406 2636 dlaopiom - ok
    19:55:18.0421 2636 dmadmin - ok
    19:55:18.0484 2636 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    19:55:18.0640 2636 dmboot - ok
    19:55:18.0671 2636 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    19:55:18.0765 2636 dmio - ok
    19:55:18.0796 2636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    19:55:18.0875 2636 dmload - ok
    19:55:18.0890 2636 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    19:55:18.0984 2636 dmserver - ok
    19:55:19.0000 2636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    19:55:19.0078 2636 DMusic - ok
    19:55:19.0125 2636 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    19:55:19.0171 2636 Dnscache - ok
    19:55:19.0218 2636 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    19:55:19.0328 2636 Dot3svc - ok
    19:55:19.0328 2636 dpti2o - ok
    19:55:19.0359 2636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    19:55:19.0437 2636 drmkaud - ok
    19:55:19.0453 2636 EACSvrMngr - ok
    19:55:19.0484 2636 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    19:55:19.0578 2636 EapHost - ok
    19:55:19.0593 2636 EL90X - ok
    19:55:19.0609 2636 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    19:55:19.0718 2636 ERSvc - ok
    19:55:19.0796 2636 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
    19:55:19.0812 2636 esgiguard - ok
    19:55:19.0812 2636 EU3_USB - ok
    19:55:19.0859 2636 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    19:55:19.0890 2636 Eventlog - ok
    19:55:19.0937 2636 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    19:55:19.0984 2636 EventSystem - ok
    19:55:20.0000 2636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    19:55:20.0109 2636 Fastfat - ok
    19:55:20.0156 2636 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    19:55:20.0203 2636 FastUserSwitchingCompatibility - ok
    19:55:20.0250 2636 FaxTalk FaxCenter Pro 8 (18ef9f53f127b8758b257117983df520) C:\Program Files\FaxTalk\FTmsgsvc.exe
    19:55:20.0265 2636 FaxTalk FaxCenter Pro 8 - ok
    19:55:20.0281 2636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    19:55:20.0375 2636 Fdc - ok
    19:55:20.0375 2636 FINEPIX_PCC - ok
    19:55:20.0406 2636 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    19:55:20.0500 2636 Fips - ok
    19:55:20.0515 2636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    19:55:20.0593 2636 Flpydisk - ok
    19:55:20.0625 2636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    19:55:20.0703 2636 FltMgr - ok
    19:55:20.0875 2636 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    19:55:20.0890 2636 FontCache3.0.0.0 - ok
    19:55:20.0890 2636 fsaa - ok
    19:55:20.0937 2636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:55:21.0046 2636 Fs_Rec - ok
    19:55:21.0093 2636 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:55:21.0203 2636 Ftdisk - ok
    19:55:21.0234 2636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    19:55:21.0234 2636 GEARAspiWDM - ok
    19:55:21.0234 2636 getPlusHelper - ok
    19:55:21.0250 2636 giveio - ok
    19:55:21.0250 2636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:55:21.0359 2636 Gpc - ok
    19:55:21.0406 2636 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:55:21.0421 2636 gupdate - ok
    19:55:21.0421 2636 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:55:21.0437 2636 gupdatem - ok
    19:55:21.0437 2636 ham50 - ok
    19:55:21.0453 2636 hap16v2k - ok
    19:55:21.0531 2636 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    19:55:21.0625 2636 HDAudBus - ok
    19:55:21.0671 2636 helpsvc - ok
    19:55:21.0671 2636 HidServ - ok
    19:55:21.0718 2636 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    19:55:21.0812 2636 hkmsvc - ok
    19:55:21.0812 2636 hpn - ok
    19:55:21.0859 2636 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    19:55:21.0906 2636 HSFHWBS2 - ok
    19:55:21.0968 2636 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    19:55:22.0078 2636 HSF_DPV - ok
    19:55:22.0125 2636 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    19:55:22.0171 2636 HTTP - ok
    19:55:22.0203 2636 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    19:55:22.0296 2636 HTTPFilter - ok
    19:55:22.0359 2636 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
    19:55:22.0437 2636 i2omgmt - ok
    19:55:22.0437 2636 i2omp - ok
    19:55:22.0484 2636 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:55:22.0578 2636 i8042prt - ok
    19:55:22.0578 2636 icdsptsv - ok
    19:55:22.0781 2636 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:55:22.0875 2636 idsvc - ok
    19:55:22.0937 2636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:55:23.0031 2636 Imapi - ok
    19:55:23.0078 2636 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    19:55:23.0171 2636 ImapiService - ok
    19:55:23.0187 2636 incdfs - ok
    19:55:23.0187 2636 ini910u - ok
    19:55:23.0187 2636 int15 - ok
    19:55:23.0468 2636 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    19:55:23.0671 2636 IntcAzAudAddService - ok
    19:55:23.0734 2636 IntelIde - ok
    19:55:23.0796 2636 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:55:23.0875 2636 intelppm - ok
    19:55:23.0890 2636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    19:55:24.0000 2636 Ip6Fw - ok
    19:55:24.0015 2636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:55:24.0109 2636 IpFilterDriver - ok
    19:55:24.0140 2636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:55:24.0234 2636 IpInIp - ok
    19:55:24.0265 2636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:55:24.0375 2636 IpNat - ok
    19:55:24.0484 2636 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
    19:55:24.0562 2636 iPod Service - ok
    19:55:24.0625 2636 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:55:24.0718 2636 IPSec - ok
    19:55:24.0750 2636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:55:24.0796 2636 IRENUM - ok
    19:55:24.0828 2636 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:55:24.0937 2636 isapnp - ok
    19:55:25.0031 2636 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
    19:55:25.0031 2636 JavaQuickStarterService - ok
    19:55:25.0093 2636 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:55:25.0171 2636 Kbdclass - ok
    19:55:25.0203 2636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    19:55:25.0281 2636 kmixer - ok
    19:55:25.0296 2636 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    19:55:25.0359 2636 KSecDD - ok
    19:55:25.0406 2636 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    19:55:25.0437 2636 lanmanserver - ok
    19:55:25.0468 2636 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    19:55:25.0500 2636 lanmanworkstation - ok
    19:55:25.0562 2636 lbrtfdc (cc50a66548c2f285bc8a7b0b8aa578e3) C:\WINDOWS\system32\drivers\lbrtfdc.sys
    19:55:25.0625 2636 lbrtfdc - ok
    19:55:25.0640 2636 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    19:55:25.0718 2636 LmHosts - ok
    19:55:25.0734 2636 LUsbFilt - ok
    19:55:25.0734 2636 lxrsge10s - ok
    19:55:25.0734 2636 mafwboot - ok
    19:55:25.0781 2636 MatSvc (0cf633a54c681c65297c63106c4bc376) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
    19:55:25.0843 2636 MatSvc - ok
    19:55:25.0875 2636 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
    19:55:25.0890 2636 MBAMProtector - ok
    19:55:25.0937 2636 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    19:55:25.0953 2636 MBAMService - ok
    19:55:26.0109 2636 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    19:55:26.0171 2636 McComponentHostService - ok
    19:55:26.0171 2636 mcdetect.exe - ok
    19:55:26.0203 2636 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    19:55:26.0218 2636 mdmxsdk - ok
    19:55:26.0250 2636 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    19:55:26.0343 2636 Messenger - ok
    19:55:26.0343 2636 mf - ok
    19:55:26.0359 2636 mindrepair - ok
    19:55:26.0390 2636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    19:55:26.0484 2636 mnmdd - ok
    19:55:26.0500 2636 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    19:55:26.0609 2636 mnmsrvc - ok
    19:55:26.0656 2636 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    19:55:26.0750 2636 Modem - ok
    19:55:26.0765 2636 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    19:55:26.0875 2636 MODEMCSA - ok
    19:55:26.0984 2636 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    19:55:27.0093 2636 Monfilt - ok
    19:55:27.0156 2636 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:55:27.0250 2636 Mouclass - ok
    19:55:27.0281 2636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    19:55:27.0375 2636 MountMgr - ok
    19:55:27.0375 2636 MR97310_USB_DUAL_CAMERA - ok
    19:55:27.0375 2636 mraid35x - ok
    19:55:27.0375 2636 MRV6X32P - ok
    19:55:27.0421 2636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:55:27.0515 2636 MRxDAV - ok
    19:55:27.0578 2636 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:55:27.0640 2636 MRxSmb - ok
    19:55:27.0640 2636 MSCamSvc - ok
    19:55:27.0671 2636 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    19:55:27.0781 2636 MSDTC - ok
    19:55:27.0796 2636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    19:55:27.0890 2636 Msfs - ok
    19:55:27.0890 2636 MSICPL - ok
    19:55:27.0890 2636 MSIServer - ok
    19:55:27.0890 2636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:55:27.0968 2636 MSKSSRV - ok
    19:55:27.0984 2636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:55:28.0046 2636 MSPCLOCK - ok
    19:55:28.0062 2636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    19:55:28.0140 2636 MSPQM - ok
    19:55:28.0187 2636 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:55:28.0281 2636 mssmbios - ok
    19:55:28.0328 2636 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    19:55:28.0375 2636 Mup - ok
    19:55:28.0375 2636 Mvc25U870_VID_1262&PID_25FD - ok
    19:55:28.0375 2636 n558 - ok
    19:55:28.0421 2636 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    19:55:28.0531 2636 napagent - ok
    19:55:28.0531 2636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    19:55:28.0625 2636 NDIS - ok
    19:55:28.0687 2636 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:55:28.0718 2636 NdisTapi - ok
    19:55:28.0718 2636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:55:28.0812 2636 Ndisuio - ok
    19:55:28.0812 2636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:55:28.0890 2636 NdisWan - ok
    19:55:28.0953 2636 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    19:55:28.0968 2636 NDProxy - ok
    19:55:28.0984 2636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:55:29.0078 2636 NetBIOS - ok
    19:55:29.0109 2636 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:55:29.0187 2636 NetBT - ok
    19:55:29.0250 2636 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    19:55:29.0328 2636 NetDDE - ok
    19:55:29.0328 2636 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    19:55:29.0406 2636 NetDDEdsdm - ok
    19:55:29.0437 2636 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:55:29.0515 2636 Netlogon - ok
    19:55:29.0578 2636 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    19:55:29.0656 2636 Netman - ok
    19:55:29.0828 2636 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:55:29.0843 2636 NetTcpPortSharing - ok
    19:55:29.0890 2636 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    19:55:29.0984 2636 NIC1394 - ok
    19:55:30.0031 2636 nicconfigsvc (9c454cd857b4c0ccf7a614b047616503) C:\WINDOWS\system32\SimpTcp.dll
    19:55:30.0109 2636 nicconfigsvc - ok
    19:55:30.0171 2636 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    19:55:30.0203 2636 Nla - ok
    19:55:30.0234 2636 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
    19:55:30.0375 2636 nmwcd - ok
    19:55:30.0437 2636 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    19:55:30.0500 2636 nmwcdc - ok
    19:55:30.0562 2636 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
    19:55:30.0625 2636 nmwcdnsu - ok
    19:55:30.0687 2636 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
    19:55:30.0750 2636 nmwcdnsuc - ok
    19:55:30.0781 2636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    19:55:30.0875 2636 Npfs - ok
    19:55:30.0953 2636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    19:55:31.0046 2636 Ntfs - ok
    19:55:31.0046 2636 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:55:31.0140 2636 NtLmSsp - ok
    19:55:31.0171 2636 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    19:55:31.0281 2636 NtmsSvc - ok
    19:55:31.0328 2636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    19:55:31.0421 2636 Null - ok
    19:55:31.0750 2636 nv (ceab17ba3e0f7de96a4649f896b35131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    19:55:32.0125 2636 nv ( UnsignedFile.Multi.Generic ) - warning
    19:55:32.0125 2636 nv - detected UnsignedFile.Multi.Generic (1)
    19:55:32.0234 2636 NVSvc (df6fd57d6807ae459b3463fbfda02d49) C:\WINDOWS\system32\nvsvc32.exe
    19:55:32.0265 2636 NVSvc ( UnsignedFile.Multi.Generic ) - warning
    19:55:32.0265 2636 NVSvc - detected UnsignedFile.Multi.Generic (1)
    19:55:32.0265 2636 NWHOST - ok
    19:55:32.0296 2636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:55:32.0390 2636 NwlnkFlt - ok
    19:55:32.0390 2636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:55:32.0500 2636 NwlnkFwd - ok
    19:55:32.0531 2636 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    19:55:32.0625 2636 ohci1394 - ok
    19:55:32.0625 2636 omci - ok
    19:55:32.0750 2636 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:55:32.0765 2636 ose - ok
    19:55:32.0812 2636 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    19:55:32.0906 2636 Parport - ok
    19:55:32.0906 2636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    19:55:32.0984 2636 PartMgr - ok
    19:55:33.0015 2636 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    19:55:33.0125 2636 ParVdm - ok
    19:55:33.0171 2636 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    19:55:33.0218 2636 pccsmcfd - ok
    19:55:33.0265 2636 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    19:55:33.0359 2636 PCI - ok
    19:55:33.0359 2636 PCIDump - ok
    19:55:33.0375 2636 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:55:33.0468 2636 PCIIde - ok
    19:55:33.0515 2636 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:55:33.0593 2636 Pcmcia - ok
    19:55:33.0593 2636 pdlndldl - ok
    19:55:33.0593 2636 perc2 - ok
    19:55:33.0593 2636 perc2hib - ok
    19:55:33.0625 2636 pgpsdkservice - ok
    19:55:33.0625 2636 pktfilter - ok
    19:55:33.0687 2636 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    19:55:33.0703 2636 PlugPlay - ok
    19:55:33.0718 2636 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:55:33.0796 2636 PolicyAgent - ok
    19:55:33.0828 2636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:55:33.0937 2636 PptpMiniport - ok
    19:55:33.0937 2636 procexp100 - ok
    19:55:33.0937 2636 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:55:34.0015 2636 ProtectedStorage - ok
    19:55:34.0015 2636 protectionservice - ok
    19:55:34.0015 2636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    19:55:34.0093 2636 PSched - ok
    19:55:34.0125 2636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:55:34.0218 2636 Ptilink - ok
    19:55:34.0234 2636 ql1080 - ok
    19:55:34.0234 2636 Ql10wnt - ok
    19:55:34.0234 2636 ql12160 - ok
    19:55:34.0234 2636 ql1240 - ok
    19:55:34.0234 2636 ql1280 - ok
    19:55:34.0250 2636 ql2100 - ok
    19:55:34.0437 2636 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
    19:55:34.0453 2636 RapportCerberus_34302 - ok
    19:55:34.0500 2636 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
    19:55:34.0515 2636 RapportEI - ok
    19:55:34.0640 2636 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
    19:55:34.0640 2636 RapportIaso - ok
    19:55:34.0656 2636 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\WINDOWS\system32\Drivers\RapportKELL.sys
    19:55:34.0656 2636 RapportKELL - ok
    19:55:34.0734 2636 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    19:55:34.0765 2636 RapportMgmtService - ok
    19:55:34.0796 2636 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
    19:55:34.0812 2636 RapportPG - ok
    19:55:34.0812 2636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:55:34.0890 2636 RasAcd - ok
    19:55:34.0937 2636 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    19:55:35.0015 2636 RasAuto - ok
    19:55:35.0031 2636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:55:35.0109 2636 Rasl2tp - ok
    19:55:35.0171 2636 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    19:55:35.0250 2636 RasMan - ok
    19:55:35.0296 2636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:55:35.0390 2636 RasPppoe - ok
    19:55:35.0406 2636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:55:35.0500 2636 Raspti - ok
    19:55:35.0531 2636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:55:35.0609 2636 Rdbss - ok
    19:55:35.0609 2636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:55:35.0718 2636 RDPCDD - ok
    19:55:35.0750 2636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    19:55:35.0843 2636 rdpdr - ok
    19:55:35.0890 2636 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    19:55:35.0953 2636 RDPWD - ok
    19:55:35.0984 2636 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    19:55:36.0093 2636 RDSessMgr - ok
    19:55:36.0125 2636 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:55:36.0234 2636 redbook - ok
    19:55:36.0281 2636 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    19:55:36.0375 2636 RemoteAccess - ok
    19:55:36.0421 2636 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    19:55:36.0515 2636 RemoteRegistry - ok
    19:55:36.0531 2636 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    19:55:36.0625 2636 RFCOMM - ok
    19:55:36.0859 2636 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    19:55:36.0875 2636 RichVideo - ok
    19:55:36.0875 2636 roxmediadb - ok
    19:55:36.0890 2636 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    19:55:36.0968 2636 RpcLocator - ok
    19:55:37.0015 2636 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    19:55:37.0046 2636 RpcSs - ok
    19:55:37.0093 2636 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    19:55:37.0187 2636 RSVP - ok
    19:55:37.0234 2636 RTL8023xp (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    19:55:37.0265 2636 RTL8023xp ( UnsignedFile.Multi.Generic ) - warning
    19:55:37.0265 2636 RTL8023xp - detected UnsignedFile.Multi.Generic (1)
    19:55:37.0296 2636 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    19:55:37.0375 2636 rtl8139 - ok
    19:55:37.0390 2636 SaiMini - ok
    19:55:37.0421 2636 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:55:37.0484 2636 SamSs - ok
    19:55:37.0593 2636 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    19:55:37.0593 2636 SASDIFSV - ok
    19:55:37.0609 2636 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    19:55:37.0625 2636 SASKUTIL - ok
    19:55:37.0640 2636 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    19:55:37.0750 2636 SCardSvr - ok
    19:55:37.0796 2636 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    19:55:37.0890 2636 Schedule - ok
    19:55:38.0000 2636 SdReadSpool (b9443470baae569d9a3fabbfeb35c4e7) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
    19:55:38.0015 2636 SdReadSpool - ok
    19:55:38.0046 2636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:55:38.0109 2636 Secdrv - ok
    19:55:38.0171 2636 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    19:55:38.0250 2636 seclogon - ok
    19:55:38.0265 2636 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    19:55:38.0328 2636 SENS - ok
    19:55:38.0390 2636 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    19:55:38.0468 2636 Serial - ok
    19:55:38.0562 2636 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    19:55:38.0578 2636 ServiceLayer - ok
    19:55:38.0593 2636 SfCtlCom - ok
    19:55:38.0656 2636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    19:55:38.0765 2636 Sfloppy - ok
    19:55:38.0765 2636 sfsync04 - ok
    19:55:38.0828 2636 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    19:55:38.0921 2636 SharedAccess - ok
    19:55:38.0968 2636 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    19:55:38.0968 2636 ShellHWDetection - ok
    19:55:38.0984 2636 Simbad - ok
    19:55:39.0000 2636 SiRemFil - ok
    19:55:39.0000 2636 smartwiservice - ok
    19:55:39.0015 2636 smservaz - ok
    19:55:39.0015 2636 softfax - ok
    19:55:39.0015 2636 Sparrow - ok
    19:55:39.0062 2636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    19:55:39.0140 2636 splitter - ok
    19:55:39.0171 2636 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    19:55:39.0203 2636 Spooler - ok
    19:55:39.0296 2636 SpyHunter 4 Service (63f2b52947577dbb075fe646bc758a2f) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    19:55:39.0359 2636 SpyHunter 4 Service - ok
    19:55:39.0375 2636 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    19:55:39.0437 2636 sr - ok
    19:55:39.0500 2636 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    19:55:39.0546 2636 srservice - ok
    19:55:39.0593 2636 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    19:55:39.0640 2636 Srv - ok
    19:55:39.0687 2636 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    19:55:39.0750 2636 SSDPSRV - ok
    19:55:39.0796 2636 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    19:55:39.0906 2636 stisvc - ok
    19:55:39.0937 2636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:55:40.0031 2636 swenum - ok
    19:55:40.0078 2636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    19:55:40.0171 2636 swmidi - ok
    19:55:40.0171 2636 SwPrv - ok
    19:55:40.0171 2636 symc810 - ok
    19:55:40.0171 2636 symc8xx - ok
    19:55:40.0203 2636 symdns - ok
    19:55:40.0203 2636 sym_hi - ok
    19:55:40.0203 2636 sym_u3 - ok
    19:55:40.0234 2636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    19:55:40.0312 2636 sysaudio - ok
    19:55:40.0343 2636 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    19:55:40.0437 2636 SysmonLog - ok
    19:55:40.0484 2636 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    19:55:40.0593 2636 TapiSrv - ok
    19:55:40.0656 2636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:55:40.0687 2636 Tcpip - ok
    19:55:40.0734 2636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:55:40.0828 2636 TDPIPE - ok
    19:55:40.0828 2636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    19:55:40.0937 2636 TDTCP - ok
    19:55:40.0953 2636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:55:41.0062 2636 TermDD - ok
    19:55:41.0093 2636 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    19:55:41.0171 2636 TermService - ok
    19:55:41.0234 2636 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    19:55:41.0234 2636 Themes - ok
    19:55:41.0281 2636 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    19:55:41.0328 2636 TlntSvr - ok
    19:55:41.0343 2636 TosIde - ok
    19:55:41.0406 2636 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    19:55:41.0484 2636 TrkWks - ok
    19:55:41.0484 2636 trlokom_rmhsvc - ok
    19:55:41.0500 2636 U2SP - ok
    19:55:41.0531 2636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    19:55:41.0625 2636 Udfs - ok
    19:55:41.0625 2636 ultra - ok
    19:55:41.0687 2636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    19:55:41.0781 2636 Update - ok
    19:55:41.0828 2636 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    19:55:41.0890 2636 upnphost - ok
    19:55:41.0937 2636 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    19:55:42.0015 2636 upperdev - ok
    19:55:42.0062 2636 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    19:55:42.0156 2636 UPS - ok
    19:55:42.0156 2636 upsentry_smart - ok
    19:55:42.0156 2636 USB11LDR - ok
    19:55:42.0156 2636 USBAAPL - ok
    19:55:42.0218 2636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:55:42.0312 2636 usbehci - ok
    19:55:42.0359 2636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:55:42.0453 2636 usbhub - ok
    19:55:42.0484 2636 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    19:55:42.0546 2636 usbprint - ok
    19:55:42.0562 2636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    19:55:42.0656 2636 usbscan - ok
    19:55:42.0671 2636 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
    19:55:42.0750 2636 usbser - ok
    19:55:42.0765 2636 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    19:55:42.0812 2636 UsbserFilt - ok
    19:55:42.0828 2636 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:55:42.0906 2636 USBSTOR - ok
    19:55:42.0968 2636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    19:55:43.0062 2636 usbuhci - ok
    19:55:43.0062 2636 USBVCD - ok
    19:55:43.0109 2636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    19:55:43.0203 2636 VgaSave - ok
    19:55:43.0203 2636 ViaIde - ok
    19:55:43.0218 2636 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    19:55:43.0296 2636 VolSnap - ok
    19:55:43.0296 2636 vrservice - ok
    19:55:43.0328 2636 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    19:55:43.0390 2636 VSS - ok
    19:55:43.0390 2636 w29n51 - ok
    19:55:43.0421 2636 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    19:55:43.0515 2636 W32Time - ok
    19:55:43.0546 2636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:55:43.0640 2636 Wanarp - ok
    19:55:43.0640 2636 wap3gx - ok
    19:55:43.0703 2636 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    19:55:43.0718 2636 Wdf01000 - ok
    19:55:43.0734 2636 WDICA - ok
    19:55:43.0750 2636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    19:55:43.0859 2636 wdmaud - ok
    19:55:43.0906 2636 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    19:55:44.0031 2636 WebClient - ok
    19:55:44.0078 2636 wfxsvc (be2157595c087207676ec716a6be4cce) C:\WINDOWS\system32\WFXSVC.EXE
    19:55:44.0078 2636 wfxsvc ( UnsignedFile.Multi.Generic ) - warning
    19:55:44.0078 2636 wfxsvc - detected UnsignedFile.Multi.Generic (1)
    19:55:44.0203 2636 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    19:55:44.0281 2636 winachsf - ok
    19:55:44.0390 2636 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    19:55:44.0468 2636 winmgmt - ok
    19:55:44.0468 2636 winpowermanager - ok
    19:55:44.0578 2636 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
    19:55:44.0656 2636 WinRM - ok
    19:55:44.0687 2636 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    19:55:44.0734 2636 WmdmPmSN - ok
    19:55:44.0828 2636 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    19:55:44.0906 2636 Wmi - ok
    19:55:44.0937 2636 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    19:55:45.0062 2636 WmiApSrv - ok
    19:55:45.0234 2636 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    19:55:45.0343 2636 WMPNetworkSvc - ok
    19:55:45.0406 2636 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    19:55:45.0437 2636 WpdUsb - ok
    19:55:45.0484 2636 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    19:55:45.0578 2636 WS2IFSL - ok
    19:55:45.0687 2636 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    19:55:45.0765 2636 wscsvc - ok
    19:55:45.0812 2636 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    19:55:45.0890 2636 wuauserv - ok
    19:55:45.0937 2636 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    19:55:45.0984 2636 WudfPf - ok
    19:55:46.0015 2636 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    19:55:46.0046 2636 WudfRd - ok
    19:55:46.0093 2636 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
    19:55:46.0109 2636 WudfSvc - ok
    19:55:46.0187 2636 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    19:55:46.0312 2636 WZCSVC - ok
    19:55:46.0343 2636 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    19:55:46.0468 2636 xmlprov - ok
    19:55:46.0578 2636 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
    19:55:46.0593 2636 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
    19:55:46.0625 2636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    19:55:46.0812 2636 \Device\Harddisk0\DR0 - ok
    19:55:46.0812 2636 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    19:55:47.0296 2636 \Device\Harddisk1\DR1 - ok
    19:55:47.0296 2636 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR5
    19:55:47.0437 2636 \Device\Harddisk2\DR5 - ok
    19:55:47.0453 2636 Boot (0x1200) (de17a28ffae56733026be20e47e5fe8c) \Device\Harddisk0\DR0\Partition0
    19:55:47.0453 2636 \Device\Harddisk0\DR0\Partition0 - ok
    19:55:47.0453 2636 Boot (0x1200) (ab81bc14f7e65a74e1d70e016623b088) \Device\Harddisk1\DR1\Partition0
    19:55:47.0453 2636 \Device\Harddisk1\DR1\Partition0 - ok
    19:55:47.0453 2636 Boot (0x1200) (f0463477c940dfacd8991233674ec997) \Device\Harddisk1\DR1\Partition1
    19:55:47.0453 2636 \Device\Harddisk1\DR1\Partition1 - ok
    19:55:47.0453 2636 Boot (0x1200) (eeec5da32dfa12e1263fca298252a021) \Device\Harddisk2\DR5\Partition0
    19:55:47.0453 2636 \Device\Harddisk2\DR5\Partition0 - ok
    19:55:47.0468 2636 Boot (0x1200) (8cbb6491629c9a350163059652938fd4) \Device\Harddisk2\DR5\Partition1
    19:55:47.0484 2636 \Device\Harddisk2\DR5\Partition1 - ok
    19:55:47.0484 2636 ============================================================
    19:55:47.0484 2636 Scan finished
    19:55:47.0484 2636 ============================================================
    19:55:47.0578 2552 Detected object count: 4
    19:55:47.0578 2552 Actual detected object count: 4
    19:56:03.0953 2552 nv ( UnsignedFile.Multi.Generic ) - skipped by user
    19:56:03.0953 2552 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:56:03.0953 2552 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
    19:56:03.0953 2552 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:56:03.0953 2552 RTL8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
    19:56:03.0953 2552 RTL8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:56:03.0953 2552 wfxsvc ( UnsignedFile.Multi.Generic ) - skipped by user
    19:56:03.0953 2552 wfxsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

  5. #75
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default aswMBR Scan

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-30 19:58:44
    -----------------------------
    19:58:44.687 OS Version: Windows 5.1.2600 Service Pack 3
    19:58:44.687 Number of processors: 4 586 0xF0B
    19:58:44.687 ComputerName: KNIGHTS-2EE6007 UserName:
    19:58:45.515 Initialize success
    20:00:41.296 AVAST engine defs: 12043001
    20:01:26.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    20:01:26.453 Disk 0 Vendor: WDC_WD2500JS-55NCB1 10.02E01 Size: 238475MB BusType: 3
    20:01:26.453 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    20:01:26.453 Disk 1 Vendor: WDC_WD10EARS-00MVWB0 51.0AB51 Size: 953869MB BusType: 3
    20:01:26.468 Disk 0 MBR read successfully
    20:01:26.468 Disk 0 MBR scan
    20:01:26.500 Disk 0 Windows XP default MBR code
    20:01:26.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
    20:01:26.500 Disk 0 scanning sectors +488376000
    20:01:26.609 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:01:37.171 Service scanning
    20:01:59.812 Modules scanning
    20:02:06.546 Disk 0 trace - called modules:
    20:02:06.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS BlackBox.SYS
    20:02:06.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeadab8]
    20:02:06.578 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000077[0x8aeb8030]
    20:02:06.578 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8aee6d98]
    20:02:08.531 AVAST engine scan C:\WINDOWS
    20:02:16.421 AVAST engine scan C:\WINDOWS\system32
    20:04:53.484 AVAST engine scan C:\WINDOWS\system32\drivers
    20:05:10.500 AVAST engine scan C:\Documents and Settings\Dr Michael Foster
    20:06:31.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\Desktop\MBR.dat"
    20:06:31.843 The log file has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\Desktop\aswMBR.txt"

  6. #76
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Rootkit Unlocker Scan Report

    THIS ONE ENDS WITH A WARNING OF A POSSIBLE ROOTKIT

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #4
    ==============================================
    >SSDT State
    ==============================================
    ntkrnlpa.exe-->NtAssignProcessToJobObject, Type: Address change 0x805D6642-->B594D086 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtCreateFile, Type: Address change 0x805790A8-->B594DBE4 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805D1018-->B5B915E0 [C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys]
    ntkrnlpa.exe-->NtDeleteFile, Type: Address change 0x80576C50-->B594DDDC [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x8062458C-->B59515B2 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x8062475C-->B59515E4 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtLoadKey, Type: Address change 0x80626314-->B5951746 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtOpenFile, Type: Address change 0x8057A1A6-->B594DCFC [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB440-->B5017F3C [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
    ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805CB6CC-->B594D3F0 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Address change 0x805B841E-->B594D522 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x80622314-->B59516BC [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtRenameKey, Type: Address change 0x80623B12-->B5951626 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtReplaceKey, Type: Address change 0x806261C4-->B5951658 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x80625AD0-->B595168A [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x805D173A-->B594D02C [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtSetInformationFile, Type: Address change 0x8057B034-->B594DE82 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80622662-->B595154A [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x805D48F4-->B594CFC6 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D29E2-->B5017FE4 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
    ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D2BDC-->B5018080 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
    ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B43CC-->B501811C [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
    ==============================================
    >Shadow
    ==============================================
    win32k.sys-->NtGdiAlphaBlend, Type: Address change 0xBF831475-->B5953E54 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtGdiBitBlt, Type: Address change 0xBF8098F2-->B5953CB4 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtGdiGetPixel, Type: Address change 0xBF8649A1-->B5953D02 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtGdiMaskBlt, Type: Address change 0xBF828A2A-->B5953D8E [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtGdiPlgBlt, Type: Address change 0xBF946632-->B5953DDC [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtGdiStretchBlt, Type: Address change 0xBF89454D-->B5953D34 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtGdiTransparentBlt, Type: Address change 0xBF895025-->B5953E18 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtUserFindWindowEx, Type: Address change 0xBF85BDAF-->B594E2DE [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF89C3CB-->B501843A [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
    win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF85BC6A-->B50183A6 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
    win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF81C550-->B50183E6 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
    win32k.sys-->NtUserPrintWindow, Type: Address change 0xBF891A5E-->B5953E90 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtUserQueryWindow, Type: Address change 0xBF80A0E2-->B594E252 [C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys]
    win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF85F5D2-->B5018338 [C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys]
    ==============================================
    >Processes
    ==============================================
    0x8AF36830 [4] System
    0x8A56A5B0 [128] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
    0x8A583DA0 [288] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
    0x8A588BC0 [320] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
    0x8A5905B8 [492] C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
    0x8A31E7C0 [536] C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia, ServiceLayer Module)
    0x8A55EBC0 [544] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
    0x8A54EDA0 [672] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
    0x8A87D9E0 [692] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
    0x8A52E800 [1012] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation, Malwarebytes Anti-Malware)
    0x8A7B6DA0 [1020] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
    0x8A7B6B20 [1056] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
    0x8A707DA0 [1112] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
    0x8A110DA0 [1116] C:\Program Files\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o., AVG User Interface)
    0x8A74F5A8 [1124] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
    0x8A15EB98 [1364] C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia, Microsoft Bluetooth Media Server)
    0x8A6EDB18 [1396] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
    0x8A663020 [1468] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
    0x8A64C9E0 [1512] C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd., RapportMgmtService)
    0x8A4FF9E0 [1556] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 158.27)
    0x8A97C470 [1580] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
    0x8A998020 [1624] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
    0x8A500B28 [1700] C:\Program Files\CyberLink\Shared Files\RichVideo.exe (-, RichVideo Module)
    0x8A4D6458 [1824] C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe (Solid Documents, LLC, Solid Spool Service)
    0x8A5D8818 [1872] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
    0x8A5B5DA0 [1904] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
    0x8A575BC0 [1996] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
    0x8A4B13D8 [2064] C:\WINDOWS\system32\WFXSVC.EXE (Symantec Corporation, Symantec WinFax PRO NT Service)
    0x8A4AFAF0 [2104] C:\Program Files\winfax\WFXMOD32.EXE (Symantec Corporation, WinFax Pro Serial Modem Driver)
    0x8A4E5BC0 [2132] C:\WINDOWS\system32\WFXSNT40.EXE (Microsoft Corporation, Delrina Fax Port Launcher)
    0x8A492740 [2256] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp., Realtek HD Audio Control Panel)
    0x8A6F5948 [2500] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
    0x8A4869E0 [2568] C:\Program Files\FaxTalk\FTmsgsvc.exe (Thought Communications, Inc., FaxTalk Service Module)
    0x8A435DA0 [2648] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
    0x8A14E020 [2680] C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation, Microsoft Office Word)
    0x8A472A10 [2752] C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc., OCR Aware)
    0x8A58FBD8 [2768] C:\Program Files\FaxTalk\FTclctrl.exe (Thought Communications, Inc., FaxTalk CallControl)
    0x8A404B30 [2872] C:\Program Files\FaxTalk\fapiexe.exe (Thought Communications, Inc., FaxTalk FAPI Module)
    0x8A420BD8 [2880] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp., PowerDVD RC Service)
    0x8A418BD0 [2984] C:\Documents and Settings\Dr Michael Foster\Desktop\Malware Tools\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
    0x8A3DA9E8 [3196] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
    0x8A3E6320 [3248] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
    0x8A36E5C0 [3312] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia, Nokia Launch Application)
    0x8AC63C18 [3476] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
    0x8A465410 [3700] C:\WINDOWS\system32\WudfHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
    0x8A3549F0 [3868] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
    0x8A39C5B8 [3916] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
    0x8A2369A0 [3932] C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation, Microsoft Office Outlook)
    ==============================================
    >Drivers
    ==============================================
    0xB96F9000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6742016 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 158.27 )
    0xB5BEF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6168576 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5423104 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 158.27 )
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1863680 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB952A000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
    0xB9477000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0xB9E1E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xB58DC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB93C1000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xB5A76000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB4D17000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xBF53E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB5A09000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0xB5B0A000 C:\WINDOWS\System32\Drivers\bthport.sys 274432 bytes (Microsoft Corporation, Bluetooth Bus Driver)
    0xB963F000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 270336 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
    0xB46C6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB58A5000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 225280 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0xB5B6D000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 221184 bytes
    0xB941F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB4F12000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB9DF1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB4015000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xB5972000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB9699000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xB59E1000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB5355000 C:\WINDOWS\System32\Drivers\CLBUDF.SYS 159744 bytes (CyberLink Corporation., UDF File System Driver )
    0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xB5A50000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xB594C000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 155648 bytes (Trusteer Ltd., RapportPG)
    0xB5331000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xB5BCB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB96C1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB961C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB59BF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xB599D000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
    0xB40E0000 C:\WINDOWS\system32\DRIVERS\wudfrd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB4AEF000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
    0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB9DD7000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB588C000 C:\WINDOWS\system32\DRIVERS\bthpan.sys 102400 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
    0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xB56BC000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB9681000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 98304 bytes (Realtek Semiconductor Corporation, Realtek 10/100/1000 NDIS 5.1 Driver)
    0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB9460000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB9EAB000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0xB4ED5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB96E5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xB5ACF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB944F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB5320000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
    0xBA2D8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xBA178000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xBA278000 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 65536 bytes (Trusteer Ltd., RapportEI)
    0xBA228000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xBA188000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xBA2A8000 C:\WINDOWS\system32\DRIVERS\rfcomm.sys 61440 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
    0xB586C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xBA208000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xBA248000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 53248 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xBA158000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xBA198000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xBA118000 RapportKELL.sys 49152 bytes (Trusteer Ltd., RapportKE)
    0xBA1B8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xBA288000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xBA168000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xBA1A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xBA2B8000 C:\WINDOWS\system32\DRIVERS\bthmodem.sys 40960 bytes (Microsoft Corporation, Bluetooth Communications Driver)
    0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xBA1E8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xBA1D8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xB40B0000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xBA148000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xBA1C8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xBA268000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xBA258000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xBA488000 C:\DOCUME~1\DRMICH~1\LOCALS~1\Temp\catchme.sys 32768 bytes
    0xBA3A8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xBA4A0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xBA390000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
    0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xBA380000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xBA3D8000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xBA3C0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xBA3B8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xBA398000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
    0xBA388000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xBA478000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xBA3B0000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
    0xBA3D0000 C:\WINDOWS\system32\DRIVERS\BthEnum.sys 20480 bytes (Microsoft Corporation, Bluetooth Bus Extender)
    0xBA480000 C:\WINDOWS\System32\Drivers\BTHUSB.sys 20480 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
    0xBA490000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xBA408000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xBA418000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xBA3F8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xBA410000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xB452B000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
    0xBA4BC000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
    0xB54AC000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes Anti-Malware)
    0xB4D9F000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
    0xB9DAF000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
    0xBA59C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB518C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xB5017000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
    0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xBA56C000 C:\WINDOWS\System32\Drivers\CLBStor.SYS 12288 bytes (Cyberlink Co.,Ltd., Cyberlink Storage Helper Driver (WindowsNT5.x))
    0xB5750000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xBA578000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xB93A9000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xB61D5000 C:\WINDOWS\system32\DRIVERS\sfloppy.sys 12288 bytes (Microsoft Corporation, SCSI Floppy Driver)
    0xB61F5000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
    0xBA5EC000 C:\Program Files\CyberLink\PowerDVD\000.fcl 8192 bytes (Cyberlink Corp., FCL Driver)
    0xBA5CE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xBA5E8000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xBA5CA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xBA5C2000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
    0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xBA5D2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xBA622000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
    0xBA5D6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xBA5B6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xBA5BE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xBA7AF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xBA70C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xBA6BE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    ==============================================
    >Files
    ==============================================
    !-->[Hidden] C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP9\A0004951.data
    !-->[Hidden] C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP9\A0004952.data
    !-->[Hidden] C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP9\A0004953.ini
    ==============================================
    >Hooks
    ==============================================
    ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
    [1512]RapportMgmtService.exe-->kernel32.dll+0x00001BB9, Type: Code Mismatch 0x7C801BB9 + 7097 [43 E4 25 F5]
    [1512]RapportMgmtService.exe-->ntdll.dll-->KiUserApcDispatcher, Type: Inline - RelativeJump 0x7C90E450-->00414DA0 [RapportMgmtService.exe]
    [1512]RapportMgmtService.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x71AB2A6F-->71A00022 [unknown_code_page]
    [1512]RapportMgmtService.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x71AB5355-->71A90022 [unknown_code_page]
    [320]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
    [320]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
    [320]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
    [320]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
    [320]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
    [320]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
    [320]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
    [320]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]


    !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

  7. #77
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default The last report

    On the last report (Rootkit Unhooker) I set it going - was able to begin my work for tomorrow, have dinner, come back and read your reply, as I sent my note (which crossed yours) and still wait another 30 mins, but I hope it yealded some useful info - as a novice I cannot make head nor tail of it!

    Again thanks for your patience and time - much appreciated. Although I am beginning to think it may be time to copy all my data to the second hard drive (I also have a third hard drive hooked up and completely empty). AND wipe the drive and reinstall XP! However if the Trojan can be detected it my be helpful in terms of learning how to solve this particular variant.

    I was using Google Images as a fast way of identifying items to purchase. I clicked on one, and a fraud spyware scanner popped up - I went to kill it using the Task Manager to discover it was disabled. I even download a program "Spy Hunter" which claimed to be able to deal with this and paid for it ($47) to discover it failed - and insult to injury found the blighters had set up a reaccuring payment for $47 every sixth months on my paypal account - so I cancelled the reaccuring payments.

    The system is more stable and I AVG does not keep popping up Trojan warnings anymore, but for safety I disconnect the network cable - which means my network printer cannot be used by the infected machine.

    Ah such are the challenges of life.

  8. #78
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    I still don't see anything that is bad though that is showing up.

    In my opinion...if this were my computer...I would format and reinstall. With the backdoor capabilities and the number of advanced infections that are on the system, I would not hesitate to just save my files and start from scratch because I could never know for sure that the infection is still not in there hiding and waiting and possibly stealing information of mine.

    I can't guarantee that it is a new variant so much as the fact that there were multiple ZeroAccess infections and if we aren't able to hit everything at once than we won't be able to kill it.

  9. #79
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Rapport

    I have noticed from the Rootkit Unhooker report that the Rapport entires have been messed with. Rapport (I am sure you know) is a untility to prevent your passwords being passed on to fraudulant sites and came with my Internet Banking from HSBC.

    I am in the slow business of transferring my data files to Drive F. - is there any chance I can unwittingly transfer the Trojan over - I have AVG running?

  10. #80
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Rapport

    Hi

    When the data is safely on F, I will remove rapport from the system (via add-remove progs) but did not want to disturb it as yet - or should I?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •