Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not sure if I should be concerned


  • Please log in to reply
8 replies to this topic

#1 simon3030

simon3030

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 27 July 2011 - 03:03 PM

Over the last couple of weeks, AVG Free has picked up a couple of tracking cookies, in my Thunderbird default profile - one was 2o7, which I appear to have got rid; the newest one is serving-sys; I have run an AVG scan of the profile folder, whioh found four instances, quarantined two, the others, I tried to quarantine manually, but AVG then froze; run Malwarebytes, which showed nothng, and Spybot, which also showed nothing - yet just now, opened Thunderbird, and AVG showed it was there again....

Is there a one time fix, and why should it be in Thunderbird, and not in Firefox?

EDIT - now found in Firefox profile, ran AVG, showed two instances again - in /cookies.sqlite (as before)...asked AVG to 'remmove unhealed items', and left it to do that. They are now showing as removed...
Where would it come from, and is it a problem if it comes back?


Thanks.

Simon

Edited by simon3030, 27 July 2011 - 03:34 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:47 AM

Posted 27 July 2011 - 03:24 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.

      Scan with SUPERAntiSpyware as follows:[list]
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 simon3030

simon3030
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 29 July 2011 - 01:50 AM

Hi,
Thanks for your reply.
Scanned as requested, logs below.
SuperAntispyware log (found a couple of trojans, and 63 tracking cookies)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/28/2011 at 12:15 PM

Application Version : 4.55.1000

Core Rules Database Version : 7472
Trace Rules Database Version: 5284

Scan type : Complete Scan
Total Scan Time : 05:28:48

Memory items scanned : 775
Memory threats detected : 0
Registry items scanned : 9704
Registry threats detected : 0
File items scanned : 480099
File threats detected : 65

Adware.Tracking Cookie
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@media6degrees[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@content.yieldmanager[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@ads.telegraph.co[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@ad.kickasstorrents[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@microsoftinternetexplorer.112.2o7[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@maniapub.trackmania[1].txt
ec.atdmt.com [ C:\Users\mumsie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5K9P6XQQ ]
s0.2mdn.net [ C:\Users\mumsie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5K9P6XQQ ]
serving-sys.com [ C:\Users\mumsie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5K9P6XQQ ]
spe.atdmt.com [ C:\Users\mumsie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5K9P6XQQ ]
C:\Users\mumsie\AppData\Roaming\Microsoft\Windows\Cookies\mumsie@atdmt[2].txt
C:\Users\mumsie\AppData\Roaming\Microsoft\Windows\Cookies\mumsie@avgtechnologies.112.2o7[1].txt
C:\Users\mumsie\AppData\Roaming\Microsoft\Windows\Cookies\mumsie@doubleclick[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@2o7[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@ad.yieldmanager[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[10].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[11].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[3].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[4].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[5].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[6].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[7].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[8].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@atdmt[9].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@bs.serving-sys[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@CACB2O7J.txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@doubleclick[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@mediaplex[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@msnportal.112.2o7[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@msnportal.112.2o7[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@revsci[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@revsci[3].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@serving-sys[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@serving-sys[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@serving-sys[3].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon's@www.windowsmedia[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@2o7[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@acpmagazines.112.2o7[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@ad.yieldmanager[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[10].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[11].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[3].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[4].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[5].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[6].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[7].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[8].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@atdmt[9].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@bs.serving-sys[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@CACB2O7J.txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@msnportal.112.2o7[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@msnportal.112.2o7[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@msnportal.112.2o7[3].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@msnportal.112.2o7[4].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@revsci[2].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@revsci[3].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@serving-sys[1].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@serving-sys[3].txt
C:\Users\simon's\AppData\Roaming\Microsoft\Windows\Cookies\simon's@www.windowsmedia[2].txt

Trojan.Agent/Gen-Nullo[Micro]
C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\NV_DISP.INF_X86_NEUTRAL_AA60BF6431AB895A\SETA146.TMP

Trojan.Agent/Gen-WinLogon[Fake]
D:\SIMON'S STUFF\MY DOWNLOADS\WINLOGON.EXE


MBAM log (nothing found)
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7299

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

28/07/2011 01:36:33
mbam-log-2011-07-28 (01-36-33).txt

Scan type: Full scan (C:\|D:\|M:\|)
Objects scanned: 774158
Time elapsed: 3 hour(s), 10 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMERlog
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-29 06:34:09
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5 ST3500641AS rev.3.AGE
Running: 5u28coi4.exe; Driver: C:\Users\simon's\AppData\Local\Temp\kxlcifow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x92464FC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x92465A56]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus32_28711.sys ZwCreateThreadEx [0x8BBE2190]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x92465BD4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x9246927C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x924692AE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x92469410]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x92465B2C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA18827A0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x924652F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x92465428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x92469386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x924692F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x92469322]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x92469354]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x92464F66]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x92465C40]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x92469214]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x92464F02]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA1882848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA18828E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA1882980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E84339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBDD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82EC4E48 4 Bytes [C0, 4F, 46, 92] {ROR BYTE [EDI+0x46], 0x92}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82EC4EA4 4 Bytes [56, 5A, 46, 92] {PUSH ESI; POP EDX; INC ESI; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1207 82EC4EFC 4 Bytes [90, 21, BE, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 123F 82EC4F34 8 Bytes [D4, 5B, 46, 92, 7C, 92, 46, ...] {AAM 0x5b; INC ESI; XCHG EDX, EAX; JL 0xffffffffffffff98; INC ESI; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 124F 82EC4F44 4 Bytes [AE, 92, 46, 92] {SCASB ; XCHG EDX, EAX; INC ESI; XCHG EDX, EAX}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1220] ntdll.dll!KiUserApcDispatcher 76FC6F58 5 Bytes JMP 004140F0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1220] WS2_32.dll!getaddrinfo 74E54296 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1220] WS2_32.dll!gethostbyname 74E67673 5 Bytes JMP 71AD0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3252] ntdll.dll!KiUserApcDispatcher 76FC6F58 5 Bytes JMP 0043E8F0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3252] WS2_32.dll!getaddrinfo 74E54296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3252] WS2_32.dll!gethostbyname 74E67673 5 Bytes JMP 71AE0022

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DC2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DA5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DA56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DC24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DB8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DB4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DB506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DB5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73DB6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DB826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DB87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DB901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DBE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3468] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DB4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


I had to uninstall AVD duirng the GMER scan, as it only gives you 15 minutes of no cover at a time.

Let me know what I should do now, thanks for your hrlp.

Simon

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:47 AM

Posted 29 July 2011 - 02:16 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Please perform the above, but do not fix anything.

#5 simon3030

simon3030
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 29 July 2011 - 02:45 AM

Hi,

Carried out the TDSS scan, nothing found.

2011/07/29 08:42:54.0411 0596 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/29 08:42:56.0083 0596 ================================================================================
2011/07/29 08:42:56.0083 0596 SystemInfo:
2011/07/29 08:42:56.0083 0596
2011/07/29 08:42:56.0083 0596 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/29 08:42:56.0083 0596 Product type: Workstation
2011/07/29 08:42:56.0083 0596 ComputerName: HOME-OFFICE
2011/07/29 08:42:56.0083 0596 UserName: simon's
2011/07/29 08:42:56.0083 0596 Windows directory: C:\Windows
2011/07/29 08:42:56.0083 0596 System windows directory: C:\Windows
2011/07/29 08:42:56.0083 0596 Processor architecture: Intel x86
2011/07/29 08:42:56.0083 0596 Number of processors: 1
2011/07/29 08:42:56.0083 0596 Page size: 0x1000
2011/07/29 08:42:56.0083 0596 Boot type: Normal boot
2011/07/29 08:42:56.0083 0596 ================================================================================
2011/07/29 08:43:03.0208 0596 Initialize success
2011/07/29 08:43:06.0973 5056 ================================================================================
2011/07/29 08:43:06.0973 5056 Scan started
2011/07/29 08:43:06.0973 5056 Mode: Manual;
2011/07/29 08:43:06.0973 5056 ================================================================================
2011/07/29 08:43:08.0692 5056 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/29 08:43:08.0786 5056 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/29 08:43:08.0848 5056 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/29 08:43:08.0942 5056 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/29 08:43:09.0083 5056 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/29 08:43:09.0176 5056 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/29 08:43:09.0426 5056 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/07/29 08:43:09.0692 5056 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\Windows\system32\DRIVERS\afcdp.sys
2011/07/29 08:43:09.0879 5056 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/29 08:43:09.0942 5056 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/29 08:43:10.0004 5056 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/29 08:43:10.0098 5056 alcan5wn (293bcaf4ef7afcc4b00d28f75c420356) C:\Windows\system32\DRIVERS\alcan5wn.sys
2011/07/29 08:43:10.0176 5056 alcaudsl (bdb16789e789f087b43b5f75032d4fdc) C:\Windows\system32\DRIVERS\alcaudsl.sys
2011/07/29 08:43:10.0786 5056 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
2011/07/29 08:43:10.0989 5056 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/29 08:43:11.0051 5056 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/29 08:43:11.0114 5056 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/29 08:43:11.0145 5056 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/29 08:43:11.0192 5056 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/29 08:43:11.0254 5056 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/07/29 08:43:11.0301 5056 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/29 08:43:11.0364 5056 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/07/29 08:43:11.0442 5056 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/29 08:43:11.0536 5056 appliand (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
2011/07/29 08:43:11.0567 5056 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
2011/07/29 08:43:11.0614 5056 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/29 08:43:11.0692 5056 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/29 08:43:11.0770 5056 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/29 08:43:11.0817 5056 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/29 08:43:11.0942 5056 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2011/07/29 08:43:12.0020 5056 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/07/29 08:43:12.0051 5056 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/07/29 08:43:12.0114 5056 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/07/29 08:43:12.0161 5056 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/07/29 08:43:12.0239 5056 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/07/29 08:43:12.0286 5056 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/07/29 08:43:12.0348 5056 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/07/29 08:43:12.0395 5056 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/07/29 08:43:12.0504 5056 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/29 08:43:12.0583 5056 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/29 08:43:12.0645 5056 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/29 08:43:12.0708 5056 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/29 08:43:12.0770 5056 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/29 08:43:12.0833 5056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/29 08:43:12.0864 5056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/29 08:43:12.0911 5056 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/29 08:43:12.0958 5056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/29 08:43:13.0004 5056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/29 08:43:13.0051 5056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/29 08:43:13.0145 5056 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/29 08:43:13.0301 5056 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/29 08:43:13.0348 5056 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/29 08:43:13.0411 5056 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/29 08:43:13.0489 5056 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/29 08:43:13.0551 5056 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/29 08:43:13.0598 5056 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/29 08:43:13.0645 5056 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/29 08:43:13.0708 5056 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/29 08:43:13.0754 5056 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/29 08:43:13.0817 5056 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/29 08:43:13.0911 5056 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/29 08:43:13.0958 5056 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/29 08:43:14.0020 5056 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/29 08:43:14.0098 5056 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/29 08:43:14.0161 5056 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
2011/07/29 08:43:14.0192 5056 Dot4Scan (9f7de667c505ce6500becdd8e11644d7) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/07/29 08:43:14.0254 5056 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/29 08:43:14.0317 5056 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/29 08:43:14.0395 5056 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/29 08:43:14.0801 5056 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/29 08:43:14.0973 5056 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/29 08:43:15.0036 5056 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/29 08:43:15.0129 5056 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/29 08:43:15.0192 5056 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/29 08:43:15.0254 5056 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/29 08:43:15.0301 5056 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/29 08:43:15.0348 5056 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/29 08:43:15.0395 5056 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/29 08:43:15.0458 5056 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/29 08:43:15.0551 5056 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/29 08:43:15.0583 5056 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/29 08:43:15.0661 5056 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/29 08:43:15.0708 5056 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/29 08:43:15.0786 5056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/29 08:43:15.0879 5056 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/29 08:43:15.0958 5056 hcw95bda (a9157afe4b6f32dcce9bd18fecd53a0d) C:\Windows\system32\Drivers\hcw95bda.sys
2011/07/29 08:43:15.0989 5056 hcw95rc (eb77f3c96c62e65cc25f04220b9a204a) C:\Windows\system32\DRIVERS\hcw95rc.sys
2011/07/29 08:43:16.0051 5056 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/29 08:43:16.0098 5056 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/29 08:43:16.0161 5056 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/29 08:43:16.0192 5056 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/29 08:43:16.0239 5056 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/29 08:43:16.0333 5056 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/29 08:43:16.0395 5056 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/07/29 08:43:16.0536 5056 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/29 08:43:16.0645 5056 HWiNFO32 (6f92fe577a57896239099aa1f398d9b2) C:\Program Files\HWiNFO32\HWiNFO32.SYS
2011/07/29 08:43:16.0754 5056 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/29 08:43:16.0817 5056 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/29 08:43:16.0864 5056 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/07/29 08:43:16.0942 5056 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/29 08:43:17.0004 5056 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/29 08:43:17.0051 5056 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/29 08:43:17.0098 5056 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/29 08:43:17.0161 5056 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/29 08:43:17.0208 5056 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/29 08:43:17.0286 5056 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/29 08:43:17.0333 5056 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/29 08:43:17.0395 5056 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/29 08:43:17.0426 5056 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/29 08:43:17.0473 5056 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/29 08:43:17.0520 5056 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/29 08:43:17.0567 5056 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/29 08:43:17.0661 5056 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
2011/07/29 08:43:17.0754 5056 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/29 08:43:17.0817 5056 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/29 08:43:17.0879 5056 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/29 08:43:17.0958 5056 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/29 08:43:18.0004 5056 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/29 08:43:18.0036 5056 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/29 08:43:18.0083 5056 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/29 08:43:18.0114 5056 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/29 08:43:18.0176 5056 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/07/29 08:43:18.0254 5056 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/07/29 08:43:18.0317 5056 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/29 08:43:18.0364 5056 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/29 08:43:18.0426 5056 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/29 08:43:18.0473 5056 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/29 08:43:18.0520 5056 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\Windows\system32\DRIVERS\motmodem.sys
2011/07/29 08:43:18.0583 5056 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/29 08:43:18.0614 5056 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/29 08:43:18.0676 5056 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/29 08:43:18.0770 5056 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/29 08:43:18.0864 5056 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/29 08:43:18.0958 5056 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/29 08:43:19.0004 5056 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/29 08:43:19.0067 5056 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/29 08:43:19.0129 5056 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/29 08:43:19.0208 5056 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/29 08:43:19.0270 5056 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/29 08:43:19.0364 5056 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/29 08:43:19.0411 5056 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/29 08:43:19.0458 5056 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/29 08:43:19.0536 5056 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/29 08:43:19.0583 5056 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/29 08:43:19.0614 5056 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/29 08:43:19.0723 5056 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/29 08:43:19.0786 5056 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/29 08:43:19.0817 5056 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/29 08:43:19.0864 5056 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/29 08:43:19.0895 5056 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/29 08:43:19.0973 5056 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/29 08:43:20.0067 5056 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/29 08:43:20.0129 5056 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/29 08:43:20.0161 5056 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/29 08:43:20.0239 5056 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/29 08:43:20.0301 5056 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/29 08:43:20.0364 5056 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/29 08:43:20.0395 5056 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/29 08:43:20.0473 5056 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/29 08:43:20.0567 5056 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/29 08:43:20.0629 5056 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\Windows\system32\drivers\NMgamingms.sys
2011/07/29 08:43:20.0708 5056 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\Windows\system32\drivers\ccdcmb.sys
2011/07/29 08:43:20.0754 5056 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\Windows\system32\drivers\ccdcmbo.sys
2011/07/29 08:43:20.0833 5056 nmwcdnsu (99145c5d4b6c4d6f5ce83ee6abffe294) C:\Windows\system32\drivers\nmwcdnsu.sys
2011/07/29 08:43:20.0911 5056 nmwcdnsuc (faee7b61c6885b091cec1ff06da2e1ab) C:\Windows\system32\drivers\nmwcdnsuc.sys
2011/07/29 08:43:20.0958 5056 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
2011/07/29 08:43:21.0020 5056 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/29 08:43:21.0083 5056 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/29 08:43:21.0239 5056 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/07/29 08:43:21.0333 5056 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/29 08:43:21.0379 5056 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/07/29 08:43:21.0708 5056 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/29 08:43:22.0051 5056 nvoclock (96c5900331bd17344f338d006888bae5) C:\Windows\system32\DRIVERS\nvoclock.sys
2011/07/29 08:43:22.0114 5056 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/07/29 08:43:22.0161 5056 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/07/29 08:43:22.0239 5056 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/29 08:43:22.0286 5056 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/29 08:43:22.0473 5056 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/29 08:43:22.0567 5056 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/29 08:43:22.0598 5056 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/29 08:43:22.0676 5056 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/07/29 08:43:22.0739 5056 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/29 08:43:22.0770 5056 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/29 08:43:22.0817 5056 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/29 08:43:22.0879 5056 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/29 08:43:22.0942 5056 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/29 08:43:23.0114 5056 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/29 08:43:23.0161 5056 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/29 08:43:23.0239 5056 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/29 08:43:23.0317 5056 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/07/29 08:43:23.0395 5056 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/29 08:43:23.0489 5056 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/29 08:43:23.0551 5056 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/29 08:43:23.0692 5056 RapportCerberus_28711 (0308af6ac1758f078f59d6a14f0bfaa9) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus32_28711.sys
2011/07/29 08:43:23.0786 5056 RapportEI (d299e4973da2dc9ded9066232e99e3d2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/07/29 08:43:24.0036 5056 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) C:\Windows\system32\Drivers\RapportKELL.sys
2011/07/29 08:43:24.0098 5056 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/07/29 08:43:24.0208 5056 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/29 08:43:24.0286 5056 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/29 08:43:24.0364 5056 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/29 08:43:24.0426 5056 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/29 08:43:24.0504 5056 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/29 08:43:24.0583 5056 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/29 08:43:24.0661 5056 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/29 08:43:24.0723 5056 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/29 08:43:24.0786 5056 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/29 08:43:24.0848 5056 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/29 08:43:24.0926 5056 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/29 08:43:24.0989 5056 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/29 08:43:25.0114 5056 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/07/29 08:43:25.0208 5056 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/29 08:43:25.0364 5056 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/29 08:43:25.0489 5056 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/29 08:43:25.0614 5056 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/29 08:43:25.0739 5056 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/29 08:43:25.0833 5056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/29 08:43:25.0958 5056 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/29 08:43:26.0020 5056 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/29 08:43:26.0083 5056 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/29 08:43:26.0192 5056 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/29 08:43:26.0270 5056 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/29 08:43:26.0317 5056 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/29 08:43:26.0364 5056 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/29 08:43:26.0442 5056 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/29 08:43:26.0504 5056 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/29 08:43:26.0551 5056 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/29 08:43:26.0598 5056 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/29 08:43:26.0676 5056 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\Windows\system32\DRIVERS\snapman.sys
2011/07/29 08:43:26.0739 5056 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/29 08:43:26.0833 5056 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/29 08:43:26.0879 5056 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/29 08:43:26.0926 5056 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/29 08:43:27.0020 5056 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/29 08:43:27.0098 5056 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/29 08:43:27.0223 5056 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/29 08:43:27.0333 5056 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/29 08:43:27.0395 5056 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/29 08:43:27.0489 5056 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/29 08:43:27.0567 5056 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys
2011/07/29 08:43:27.0614 5056 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/29 08:43:27.0676 5056 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/29 08:43:27.0754 5056 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/29 08:43:27.0848 5056 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys
2011/07/29 08:43:27.0942 5056 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/29 08:43:28.0004 5056 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/29 08:43:28.0083 5056 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/29 08:43:28.0145 5056 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/29 08:43:28.0223 5056 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/29 08:43:28.0317 5056 UimBus (a25e0481da469c3af6ad18c1534b874c) C:\Windows\system32\DRIVERS\UimBus.sys
2011/07/29 08:43:28.0364 5056 Uim_IM (ec2ede874e0eb50a509269676cf5f4bd) C:\Windows\system32\Drivers\Uim_IM.sys
2011/07/29 08:43:28.0442 5056 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/29 08:43:28.0504 5056 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/29 08:43:28.0551 5056 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/29 08:43:28.0629 5056 upperdev (ec01da44b090d2651fc032c8b9257232) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/07/29 08:43:28.0708 5056 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/29 08:43:28.0770 5056 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/07/29 08:43:28.0801 5056 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/29 08:43:28.0864 5056 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\drivers\usbehci.sys
2011/07/29 08:43:28.0911 5056 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/07/29 08:43:28.0973 5056 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
2011/07/29 08:43:29.0083 5056 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/29 08:43:29.0145 5056 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/29 08:43:29.0270 5056 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
2011/07/29 08:43:29.0333 5056 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/07/29 08:43:29.0411 5056 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/29 08:43:29.0458 5056 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/07/29 08:43:29.0504 5056 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/29 08:43:29.0598 5056 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/29 08:43:29.0676 5056 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/29 08:43:29.0739 5056 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/29 08:43:29.0786 5056 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/29 08:43:29.0848 5056 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/29 08:43:29.0895 5056 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/29 08:43:29.0958 5056 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/29 08:43:30.0020 5056 vmm (b0fd6e31ed4acd87eb852c5dac27734a) C:\Windows\system32\Drivers\vmm.sys
2011/07/29 08:43:30.0098 5056 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/29 08:43:30.0145 5056 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/29 08:43:30.0223 5056 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/29 08:43:30.0270 5056 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\Windows\system32\DRIVERS\VMNetSrv.sys
2011/07/29 08:43:30.0317 5056 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/29 08:43:30.0379 5056 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/29 08:43:30.0442 5056 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/29 08:43:30.0504 5056 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/29 08:43:30.0536 5056 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/29 08:43:30.0629 5056 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/29 08:43:30.0708 5056 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/29 08:43:30.0833 5056 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/29 08:43:30.0864 5056 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/29 08:43:31.0020 5056 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/29 08:43:31.0161 5056 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/29 08:43:31.0317 5056 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/29 08:43:31.0442 5056 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/29 08:43:31.0489 5056 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/29 08:43:31.0567 5056 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/29 08:43:31.0598 5056 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/07/29 08:43:31.0629 5056 Boot (0x1200) (46b8eff6e9560934a6a906c86b8275dc) \Device\Harddisk0\DR0\Partition0
2011/07/29 08:43:31.0661 5056 Boot (0x1200) (00364e241dd65ba35e3ee7d75ab2c161) \Device\Harddisk0\DR0\Partition1
2011/07/29 08:43:31.0692 5056 Boot (0x1200) (00ccf720a293e527a1b7d8016517fd15) \Device\Harddisk1\DR1\Partition0
2011/07/29 08:43:31.0692 5056 ================================================================================
2011/07/29 08:43:31.0692 5056 Scan finished
2011/07/29 08:43:31.0692 5056 ================================================================================
2011/07/29 08:43:31.0723 4292 Detected object count: 0
2011/07/29 08:43:31.0723 4292 Actual detected object count: 0

Anything else?

Thnx

Simon

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:47 AM

Posted 29 July 2011 - 12:36 PM

I see nothing that you should be concerned of.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:47 PM

Posted 29 July 2011 - 04:33 PM

And I will add my "Cookie" speech!!

Cookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.

  • Persistent cookies have expiration dates set by the Web server when it passes the cookie and are stored on a user's hard drive until they expire or are deleted. These types of cookies are used to store information between visits to a site and collect identifying information about the user such as surfing behavior or preferences for a specific web site.
  • Session (transient) cookies are not saved to the hard drive, do not collect any information and have no set expiration date. They are used to temporarily hold information in the form of a session identification stored in memory as you browse web pages. These types of cookies are cached only while a user is visiting the Web server issuing the session cookie and are deleted from the cache when the user closes the session.
Cookies can be categorized as:
  • Trusted cookies are from sites you trust, use often, and want to be able to identify and personalize content for you.
  • Nuisance cookies are from those sites you do not recognize or often use but somehow it's put a cookie on your machine.
  • Bad cookies (i.e. persistent cookies, long term and third party tracking cookies) are those that can be linked to an ad company or something that tracks your movements across the web.
The type of persistent cookie that is a cause for some concern are "tracking cookies" because they can be considered a privacy risk. These types of cookies are used to track your Web browsing habits (your movement from site to site). Ad companies use them to record your activity on all sites where they have placed ads. They can keep count of how many times you visited a web page, store your username and password so you don't have to log in and retain your custom settings. When you visit one of these sites, a cookie is placed on your computer. Each time you visit another site that hosts one of their ads, that same cookie is read, and soon they have assembled a list of which of their sites you have visited and which of their ads that you have clicked on. Cookies are used all over the Internet and advertisement companies often plant them whenever your browser loads one of their banners.

Cookies are NOT a "threat". As text files they cannot be executed to cause any damage. Cookies do not cause any pop ups or install malware and they cannot erase or read information from a computer.

Cookies cannot be used to run code (run programs) or to deliver viruses to your computer.

Microsoft's Description of Cookies

To learn more about Cookies, please refer to:Flash cookies (or Local Shared Objects) and Evercookies are a newer way of tracking user behavior and surfing habits but they too are not a threat, nor can they harm your computer.

An Evercookie is a Javascript API created and managed persistent cookie which can be used to identify a user even after they have removed standard and Flash cookies. This is accomplished by creating a new cookie and storing the data in as many storage locations (currently eight) as it can find on the local browser. Storage mechanisms range from Standard HTTP and Flash cookies to HTML5's new storage methods. When evercookie finds that other types of cookies have been removed, it recreates them so they can be reused over and over.Flash cookies are cookie-like data stored on a computer and used by all versions of Adobe Flash Player and similar applications. They can store much more information than traditional browser cookies and they are typically stored within each user’s Application Data directory with a ".SOL" extension, under the Macromedia\FlashPlayer\#SharedObjects folder. Unlike traditional cookies, Flash cookies cannot be managed through browser controls so they are more difficult to find and remove. However, they can be viewed, managed and deleted using the Website Storage Settings panel at Macromedia's Support Site. From this panel, you can change storage settings for a website, delete a specific website or delete all sites which erases any information that may have been stored on the computer. To prevent any Flash Cookies from being stored on your computer, go to the Global Storage Settings panel and uncheck the option “Allow third-party Flash content to store data on your computer”. For more information, please refer to:As long as you surf the Internet, you are going to get cookies and some of your security programs will flag them for removal. However, you can minimize the number of them which are stored on your computer by referring to:Third party utilities to Manage (view & delete) Cookies:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 simon3030

simon3030
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 30 July 2011 - 05:14 PM

Thanks for your help & advice gents, it's much appreciated...

Simon

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:47 PM

Posted 30 July 2011 - 08:36 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users