Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef AC / AH infection


  • Please log in to reply
3 replies to this topic

#1 Cerreno

Cerreno

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 08 April 2012 - 01:24 PM

Microsoft Security Essentials has identified sirefef on my system, but can't remove it. Malwarebytes can't either, and it's hijacking my browser - and I don't know what else. I won't post any logs here, but can anyone tell me please what I should post so that someone can help me? Or any precautions I should take in the meantime? Running XP SP3, Firefox. Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:42 AM

Posted 08 April 2012 - 07:16 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Cerreno

Cerreno
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 09 April 2012 - 01:21 PM

Thank you for useful advice. I've done everything as suggested, and post the logs, in order, below. I'm assuming that the length of the log won't be a problem - if it is I'll break it up and post in chunks. Obviously a rootkit infection. Help!


*****


TDSSKiller report:

09:25:11.0375 0420 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
09:25:11.0828 0420 ============================================================
09:25:11.0828 0420 Current date / time: 2012/04/09 09:25:11.0828
09:25:11.0828 0420 SystemInfo:
09:25:11.0828 0420
09:25:11.0828 0420 OS Version: 5.1.2600 ServicePack: 3.0
09:25:11.0828 0420 Product type: Workstation
09:25:11.0828 0420 ComputerName: DARWIN
09:25:11.0828 0420 UserName: David
09:25:11.0828 0420 Windows directory: C:\WINDOWS
09:25:11.0828 0420 System windows directory: C:\WINDOWS
09:25:11.0828 0420 Processor architecture: Intel x86
09:25:11.0828 0420 Number of processors: 1
09:25:11.0828 0420 Page size: 0x1000
09:25:11.0828 0420 Boot type: Normal boot
09:25:11.0828 0420 ============================================================
09:25:16.0015 0420 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE,

SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:25:16.0015 0420 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE,

SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:25:16.0015 0420 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601,

SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:25:16.0031 0420 Drive \Device\Harddisk3\DR7 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81,

SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:25:16.0031 0420 \Device\Harddisk0\DR0:
09:25:16.0031 0420 MBR used
09:25:16.0031 0420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x94E7137
09:25:16.0031 0420 \Device\Harddisk1\DR1:
09:25:16.0031 0420 MBR used
09:25:16.0031 0420 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
09:25:16.0031 0420 \Device\Harddisk2\DR2:
09:25:16.0031 0420 MBR used
09:25:16.0031 0420 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x950E482
09:25:16.0031 0420 \Device\Harddisk3\DR7:
09:25:16.0031 0420 MBR used
09:25:16.0031 0420 \Device\Harddisk3\DR7\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
09:25:16.0859 0420 Initialize success
09:25:16.0859 0420 ============================================================
09:25:34.0921 0260 ============================================================
09:25:34.0921 0260 Scan started
09:25:34.0921 0260 Mode: Manual; TDLFS;
09:25:34.0921 0260 ============================================================
09:25:39.0828 0260 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
09:25:39.0906 0260 6to4 - ok
09:25:40.0234 0260 Abiosdsk - ok
09:25:40.0453 0260 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
09:25:40.0468 0260 abp480n5 - ok
09:25:40.0671 0260 acedrv07 - ok
09:25:41.0093 0260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:25:41.0203 0260 ACPI - ok
09:25:41.0734 0260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:25:41.0750 0260 ACPIEC - ok
09:25:42.0046 0260 acprfmgrsvc - ok
09:25:42.0312 0260 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
09:25:42.0640 0260 Adobe LM Service - ok
09:25:43.0203 0260 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
09:25:43.0234 0260 adpu160m - ok
09:25:43.0593 0260 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
09:25:43.0593 0260 aeaudio - ok
09:25:44.0015 0260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:25:44.0015 0260 aec - ok
09:25:44.0531 0260 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:25:44.0531 0260 AegisP - ok
09:25:44.0921 0260 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:25:44.0937 0260 AFD - ok
09:25:45.0156 0260 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
09:25:45.0171 0260 agp440 - ok
09:25:45.0468 0260 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
09:25:45.0687 0260 agpCPQ - ok
09:25:46.0046 0260 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
09:25:46.0078 0260 Aha154x - ok
09:25:46.0734 0260 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
09:25:46.0750 0260 aic78u2 - ok
09:25:47.0265 0260 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
09:25:47.0296 0260 aic78xx - ok
09:25:47.0640 0260 Aicisvtdsr - ok
09:25:48.0078 0260 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:25:48.0078 0260 Alerter - ok
09:25:48.0281 0260 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:25:48.0296 0260 ALG - ok
09:25:48.0593 0260 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
09:25:48.0609 0260 AliIde - ok
09:25:48.0968 0260 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
09:25:48.0984 0260 alim1541 - ok
09:25:49.0406 0260 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
09:25:49.0468 0260 amdagp - ok
09:25:50.0031 0260 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
09:25:50.0031 0260 amsint - ok
09:25:50.0296 0260 AppMgmt - ok
09:25:51.0203 0260 AR5416 (00e031fe2d849be503fc4a47271f1ea5) C:\WINDOWS\system32\DRIVERS\athw.sys
09:25:51.0953 0260 AR5416 - ok
09:25:52.0437 0260 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
09:25:52.0437 0260 asc - ok
09:25:53.0031 0260 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
09:25:53.0046 0260 asc3350p - ok
09:25:53.0281 0260 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
09:25:53.0281 0260 asc3550 - ok
09:25:53.0531 0260 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

\aspnet_state.exe
09:25:54.0031 0260 aspnet_state - ok
09:25:54.0468 0260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:25:54.0484 0260 AsyncMac - ok
09:25:54.0812 0260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:25:54.0812 0260 atapi - ok
09:25:55.0093 0260 Atdisk - ok
09:25:55.0468 0260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:25:55.0500 0260 Atmarpc - ok
09:25:56.0125 0260 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:25:56.0156 0260 AudioSrv - ok
09:25:56.0625 0260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:25:56.0687 0260 audstub - ok
09:25:57.0000 0260 autostore - ok
09:25:57.0218 0260 avgtdi - ok
09:25:57.0437 0260 awhost32 - ok
09:25:58.0046 0260 bcoreusb - ok
09:25:58.0609 0260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:25:58.0781 0260 Beep - ok
09:25:58.0953 0260 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:25:59.0031 0260 BITS - ok
09:25:59.0281 0260 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:25:59.0281 0260 Browser - ok
09:25:59.0343 0260 CA561 - ok
09:25:59.0593 0260 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
09:25:59.0703 0260 cbidf - ok
09:26:00.0187 0260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:26:00.0187 0260 cbidf2k - ok
09:26:00.0765 0260 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:26:00.0796 0260 CCDECODE - ok
09:26:01.0046 0260 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
09:26:01.0078 0260 cd20xrnt - ok
09:26:01.0468 0260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:26:01.0484 0260 Cdaudio - ok
09:26:01.0906 0260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:26:01.0953 0260 Cdfs - ok
09:26:02.0359 0260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:26:02.0375 0260 Cdrom - ok
09:26:02.0640 0260 Changer - ok
09:26:02.0765 0260 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:26:02.0796 0260 CiSvc - ok
09:26:02.0953 0260 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:26:02.0953 0260 ClipSrv - ok
09:26:03.0484 0260 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c)

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:26:03.0765 0260 clr_optimization_v2.0.50727_32 - ok
09:26:03.0875 0260 CM1063264 - ok
09:26:04.0031 0260 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
09:26:04.0031 0260 CmdIde - ok
09:26:04.0109 0260 COMSysApp - ok
09:26:04.0203 0260 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
09:26:04.0203 0260 Cpqarray - ok
09:26:04.0250 0260 cpucoolserver - ok
09:26:04.0343 0260 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:26:04.0343 0260 CryptSvc - ok
09:26:04.0453 0260 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
09:26:04.0453 0260 dac2w2k - ok
09:26:04.0625 0260 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
09:26:04.0625 0260 dac960nt - ok
09:26:05.0078 0260 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:26:05.0093 0260 DcomLaunch - ok
09:26:05.0187 0260 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:26:05.0187 0260 Dhcp - ok
09:26:05.0343 0260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:26:05.0343 0260 Disk - ok
09:26:05.0375 0260 dmadmin - ok
09:26:05.0500 0260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:26:05.0515 0260 dmboot - ok
09:26:05.0781 0260 DMICall - ok
09:26:05.0984 0260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:26:05.0984 0260 dmio - ok
09:26:06.0140 0260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:26:06.0140 0260 dmload - ok
09:26:06.0234 0260 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:26:06.0234 0260 dmserver - ok
09:26:06.0390 0260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:26:06.0390 0260 DMusic - ok
09:26:06.0468 0260 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
09:26:06.0468 0260 DNINDIS5 - ok
09:26:06.0578 0260 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:26:06.0593 0260 Dnscache - ok
09:26:07.0015 0260 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:26:07.0015 0260 Dot3svc - ok
09:26:07.0171 0260 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
09:26:07.0171 0260 dpti2o - ok
09:26:07.0312 0260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:26:07.0328 0260 drmkaud - ok
09:26:07.0484 0260 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:26:07.0484 0260 E100B - ok
09:26:07.0734 0260 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:26:07.0734 0260 EapHost - ok
09:26:07.0859 0260 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
09:26:07.0859 0260 EL90XBC - ok
09:26:07.0921 0260 elnkupdateservice - ok
09:26:07.0953 0260 emAudio - ok
09:26:08.0140 0260 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:26:08.0140 0260 ERSvc - ok
09:26:08.0250 0260 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:26:08.0265 0260 Eventlog - ok
09:26:08.0421 0260 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
09:26:08.0437 0260 EventSystem - ok
09:26:08.0500 0260 evteng - ok
09:26:08.0703 0260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:26:08.0703 0260 Fastfat - ok
09:26:08.0828 0260 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:26:08.0828 0260 FastUserSwitchingCompatibility - ok
09:26:08.0968 0260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:26:08.0984 0260 Fdc - ok
09:26:09.0218 0260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:26:09.0218 0260 Fips - ok
09:26:09.0375 0260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:26:09.0375 0260 Flpydisk - ok
09:26:09.0515 0260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:26:09.0515 0260 FltMgr - ok
09:26:09.0890 0260 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0

\WPF\PresentationFontCache.exe
09:26:09.0890 0260 FontCache3.0.0.0 - ok
09:26:10.0078 0260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:26:10.0078 0260 Fs_Rec - ok
09:26:10.0250 0260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:26:10.0250 0260 Ftdisk - ok
09:26:10.0406 0260 gmer (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys
09:26:10.0421 0260 gmer - ok
09:26:10.0531 0260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:26:10.0546 0260 Gpc - ok
09:26:10.0578 0260 HabuFltr - ok
09:26:10.0609 0260 hcwPVRP2 - ok
09:26:10.0687 0260 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:26:10.0687 0260 helpsvc - ok
09:26:10.0796 0260 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:26:10.0812 0260 HidServ - ok
09:26:10.0937 0260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:26:10.0937 0260 HidUsb - ok
09:26:11.0171 0260 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:26:11.0171 0260 hkmsvc - ok
09:26:11.0296 0260 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
09:26:11.0312 0260 hpn - ok
09:26:11.0484 0260 hpqcxs08 (a30e97371e38ef45b0757561b2796733) C:\Program Files\HP\Digital

Imaging\bin\hpqcxs08.dll
09:26:11.0531 0260 hpqcxs08 - ok
09:26:11.0687 0260 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:26:11.0687 0260 HPZid412 - ok
09:26:11.0812 0260 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:26:11.0812 0260 HPZipr12 - ok
09:26:11.0921 0260 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:26:11.0921 0260 HPZius12 - ok
09:26:12.0109 0260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:26:12.0125 0260 HTTP - ok
09:26:12.0234 0260 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:26:12.0234 0260 HTTPFilter - ok
09:26:12.0359 0260 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:26:12.0359 0260 i2omgmt - ok
09:26:12.0421 0260 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
09:26:12.0421 0260 i2omp - ok
09:26:12.0562 0260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:26:12.0562 0260 i8042prt - ok
09:26:12.0843 0260 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
09:26:12.0843 0260 i81x - ok
09:26:13.0015 0260 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
09:26:13.0015 0260 iAimFP0 - ok
09:26:13.0187 0260 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
09:26:13.0187 0260 iAimFP1 - ok
09:26:13.0359 0260 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
09:26:13.0375 0260 iAimFP2 - ok
09:26:13.0515 0260 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
09:26:13.0515 0260 iAimFP3 - ok
09:26:13.0859 0260 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
09:26:13.0859 0260 iAimFP4 - ok
09:26:14.0046 0260 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
09:26:14.0046 0260 iAimTV0 - ok
09:26:14.0203 0260 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
09:26:14.0203 0260 iAimTV1 - ok
09:26:14.0312 0260 iAimTV2 - ok
09:26:14.0437 0260 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
09:26:14.0453 0260 iAimTV3 - ok
09:26:14.0859 0260 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
09:26:14.0875 0260 iAimTV4 - ok
09:26:15.0078 0260 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:26:15.0125 0260 IDriverT - ok
09:26:15.0375 0260 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\infocard.exe
09:26:15.0390 0260 idsvc - ok
09:26:15.0453 0260 ifp800 - ok
09:26:15.0562 0260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:26:15.0562 0260 Imapi - ok
09:26:15.0921 0260 Imapi Helper (cbfc802821706c4a7551ced6e00b451e) C:\Program Files\Alex Feinman\ISO

Recorder\ImapiHelper.exe
09:26:15.0921 0260 Imapi Helper - ok
09:26:16.0093 0260 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
09:26:16.0093 0260 ImapiService - ok
09:26:16.0234 0260 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
09:26:16.0234 0260 ini910u - ok
09:26:16.0390 0260 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
09:26:16.0406 0260 IntelC51 - ok
09:26:16.0593 0260 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
09:26:16.0609 0260 IntelC52 - ok
09:26:17.0046 0260 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
09:26:17.0046 0260 IntelC53 - ok
09:26:17.0218 0260 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
09:26:17.0218 0260 IntelIde - ok
09:26:17.0343 0260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:26:17.0343 0260 intelppm - ok
09:26:17.0468 0260 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:26:17.0468 0260 ip6fw - ok
09:26:17.0781 0260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:26:17.0781 0260 IpFilterDriver - ok
09:26:17.0906 0260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:26:17.0906 0260 IpInIp - ok
09:26:18.0093 0260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:26:18.0093 0260 IpNat - ok
09:26:18.0218 0260 Iprip (f08d74ec300b8ba60ca953c58a24d19e) C:\WINDOWS\System32\iprip.dll
09:26:18.0218 0260 Iprip - ok
09:26:18.0390 0260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:26:18.0390 0260 IPSec - ok
09:26:18.0515 0260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:26:18.0515 0260 IRENUM - ok
09:26:19.0171 0260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:26:19.0171 0260 isapnp - ok
09:26:19.0406 0260 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
09:26:19.0406 0260 JavaQuickStarterService - ok
09:26:19.0546 0260 k510bus (b1fe6feac5a501c89057a69c9f5e9d1f) C:\WINDOWS\system32\DRIVERS\k510bus.sys
09:26:19.0546 0260 k510bus - ok
09:26:19.0890 0260 k510mdfl (7a4ecca08560e8ff330acaa4128af7b0) C:\WINDOWS\system32\DRIVERS\k510mdfl.sys
09:26:19.0890 0260 k510mdfl - ok
09:26:20.0046 0260 k510mdm (094d532b727030c3b8b6bd3b743d9526) C:\WINDOWS\system32\DRIVERS\k510mdm.sys
09:26:20.0046 0260 k510mdm - ok
09:26:20.0203 0260 k510mgmt (ad67bfa00ba39c65551338ee001cdddd) C:\WINDOWS\system32\DRIVERS\k510mgmt.sys
09:26:20.0203 0260 k510mgmt - ok
09:26:20.0359 0260 k510obex (7d5094b00a47d871a48d035beb3a0922) C:\WINDOWS\system32\DRIVERS\k510obex.sys
09:26:20.0359 0260 k510obex - ok
09:26:20.0453 0260 k750mdfl - ok
09:26:20.0531 0260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:26:20.0531 0260 Kbdclass - ok
09:26:20.0859 0260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:26:20.0859 0260 kbdhid - ok
09:26:21.0000 0260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:26:21.0000 0260 kmixer - ok
09:26:21.0187 0260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:26:21.0187 0260 KSecDD - ok
09:26:21.0265 0260 l8042pr2 - ok
09:26:21.0328 0260 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:26:21.0328 0260 lanmanserver - ok
09:26:21.0437 0260 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:26:21.0453 0260 lanmanworkstation - ok
09:26:21.0562 0260 Lbd - ok
09:26:21.0921 0260 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
09:26:21.0921 0260 LBeepKE - ok
09:26:22.0078 0260 lbrtfdc - ok
09:26:22.0203 0260 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
09:26:22.0203 0260 LHidFilt - ok
09:26:22.0296 0260 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:26:22.0296 0260 LmHosts - ok
09:26:22.0359 0260 LMIRfsClientNP - ok
09:26:22.0453 0260 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
09:26:22.0453 0260 LMouFilt - ok
09:26:22.0515 0260 ltck000c - ok
09:26:22.0656 0260 LUsbFilt (ddfa88e36d5f8db5fbdbdddc4969db0a) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
09:26:22.0656 0260 LUsbFilt - ok
09:26:22.0875 0260 lvckap - ok
09:26:22.0890 0260 lvusbsta - ok
09:26:23.0062 0260 McAfeeFramework (1bc1a6b644d4cc1964cd851e92b604f4) C:\Program Files\McAfee\Common

Framework\FrameworkService.exe
09:26:23.0062 0260 McAfeeFramework - ok
09:26:23.0171 0260 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:26:23.0171 0260 Messenger - ok
09:26:23.0234 0260 mferkdk - ok
09:26:23.0437 0260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:26:23.0437 0260 mnmdd - ok
09:26:23.0515 0260 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
09:26:23.0515 0260 mnmsrvc - ok
09:26:23.0796 0260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:26:23.0796 0260 Modem - ok
09:26:23.0953 0260 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:26:23.0953 0260 MODEMCSA - ok
09:26:24.0140 0260 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
09:26:24.0140 0260 mohfilt - ok
09:26:24.0296 0260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:26:24.0296 0260 Mouclass - ok
09:26:24.0421 0260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:26:24.0421 0260 mouhid - ok
09:26:24.0578 0260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:26:24.0578 0260 MountMgr - ok
09:26:24.0906 0260 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:26:24.0906 0260 MpFilter - ok
09:26:25.0109 0260 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
09:26:25.0109 0260 mraid35x - ok
09:26:25.0234 0260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:26:25.0250 0260 MRxDAV - ok
09:26:25.0406 0260 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:26:25.0421 0260 MRxSmb - ok
09:26:25.0531 0260 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
09:26:25.0531 0260 MSDTC - ok
09:26:25.0828 0260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:26:25.0828 0260 Msfs - ok
09:26:25.0890 0260 MSIServer - ok
09:26:26.0015 0260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:26:26.0015 0260 MSKSSRV - ok
09:26:26.0203 0260 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security

Client\Antimalware\MsMpEng.exe
09:26:26.0203 0260 MsMpSvc - ok
09:26:26.0359 0260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:26:26.0359 0260 MSPCLOCK - ok
09:26:26.0515 0260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:26:26.0515 0260 MSPQM - ok
09:26:26.0765 0260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:26:26.0765 0260 mssmbios - ok
09:26:26.0921 0260 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:26:26.0921 0260 MSTEE - ok
09:26:27.0093 0260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:26:27.0093 0260 Mup - ok
09:26:27.0250 0260 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:26:27.0250 0260 NABTSFEC - ok
09:26:27.0359 0260 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:26:27.0359 0260 napagent - ok
09:26:27.0515 0260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:26:27.0531 0260 NDIS - ok
09:26:27.0828 0260 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:26:27.0828 0260 NdisIP - ok
09:26:27.0968 0260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:26:27.0968 0260 NdisTapi - ok
09:26:28.0203 0260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:26:28.0203 0260 Ndisuio - ok
09:26:28.0343 0260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:26:28.0343 0260 NdisWan - ok
09:26:28.0484 0260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:26:28.0484 0260 NDProxy - ok
09:26:28.0640 0260 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
09:26:28.0703 0260 Net Driver HPZ12 - ok
09:26:28.0843 0260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:26:28.0843 0260 NetBIOS - ok
09:26:28.0953 0260 NetBT (9ccfb743fc708c5f059a09ed66c34bd6) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:26:28.0953 0260 NetBT - ok
09:26:29.0125 0260 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:26:29.0125 0260 NetDDE - ok
09:26:29.0140 0260 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:26:29.0140 0260 NetDDEdsdm - ok
09:26:29.0265 0260 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:26:29.0265 0260 Netlogon - ok
09:26:29.0375 0260 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:26:29.0390 0260 Netman - ok
09:26:29.0562 0260 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
09:26:29.0562 0260 NetSvc - ok
09:26:29.0890 0260 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\SMSvcHost.exe
09:26:29.0890 0260 NetTcpPortSharing - ok
09:26:30.0046 0260 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:26:30.0046 0260 Nla - ok
09:26:30.0203 0260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:26:30.0203 0260 Npfs - ok
09:26:30.0359 0260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:26:30.0375 0260 Ntfs - ok
09:26:30.0484 0260 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:26:30.0500 0260 NtLmSsp - ok
09:26:30.0750 0260 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:26:30.0765 0260 NtmsSvc - ok
09:26:30.0906 0260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:26:30.0906 0260 Null - ok
09:26:31.0093 0260 nv (66c90afbf0d10a93789f6544be459e72) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:26:31.0125 0260 nv - ok
09:26:31.0218 0260 NVSvc (557015b4919c4a688771221c1338eed0) C:\WINDOWS\System32\nvsvc32.exe
09:26:31.0218 0260 NVSvc - ok
09:26:31.0359 0260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:26:31.0359 0260 NwlnkFlt - ok
09:26:31.0515 0260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:26:31.0515 0260 NwlnkFwd - ok
09:26:31.0734 0260 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
09:26:31.0734 0260 omci - ok
09:26:31.0859 0260 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft

Shared\Source Engine\OSE.EXE
09:26:31.0859 0260 ose - ok
09:26:31.0921 0260 owstimer - ok
09:26:32.0000 0260 p2pgasvc (937a02981f11b2ce96b1d493c95aed2b) C:\WINDOWS\system32\p2pgasvc.dll
09:26:32.0000 0260 p2pgasvc - ok
09:26:32.0125 0260 p2pimsvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
09:26:32.0140 0260 p2pimsvc - ok
09:26:32.0156 0260 p2psvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
09:26:32.0156 0260 p2psvc - ok
09:26:32.0296 0260 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
09:26:32.0296 0260 P3 - ok
09:26:32.0406 0260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:26:32.0421 0260 Parport - ok
09:26:32.0515 0260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:26:32.0515 0260 PartMgr - ok
09:26:32.0765 0260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:26:32.0781 0260 ParVdm - ok
09:26:32.0812 0260 pavatscheduler - ok
09:26:32.0859 0260 pchost - ok
09:26:32.0937 0260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:26:32.0937 0260 PCI - ok
09:26:33.0046 0260 PCIDump - ok
09:26:33.0140 0260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:26:33.0140 0260 PCIIde - ok
09:26:33.0281 0260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:26:33.0281 0260 Pcmcia - ok
09:26:33.0453 0260 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
09:26:33.0468 0260 pcouffin - ok
09:26:33.0578 0260 PDCOMP - ok
09:26:33.0750 0260 PDFRAME - ok
09:26:33.0828 0260 PDRELI - ok
09:26:33.0906 0260 PDRFRAME - ok
09:26:34.0015 0260 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
09:26:34.0015 0260 perc2 - ok
09:26:34.0125 0260 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
09:26:34.0140 0260 perc2hib - ok
09:26:34.0312 0260 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
09:26:34.0312 0260 pfc - ok
09:26:34.0421 0260 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:26:34.0421 0260 PlugPlay - ok
09:26:34.0531 0260 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
09:26:34.0531 0260 Pml Driver HPZ12 - ok
09:26:34.0953 0260 PNRPSvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
09:26:34.0968 0260 PNRPSvc - ok
09:26:35.0062 0260 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:26:35.0078 0260 PolicyAgent - ok
09:26:35.0218 0260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:26:35.0218 0260 PptpMiniport - ok
09:26:35.0343 0260 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:26:35.0343 0260 Processor - ok
09:26:35.0421 0260 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:26:35.0421 0260 ProtectedStorage - ok
09:26:35.0531 0260 ProtoWall - ok
09:26:36.0031 0260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:26:36.0046 0260 PSched - ok
09:26:36.0187 0260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:26:36.0187 0260 Ptilink - ok
09:26:36.0296 0260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:26:36.0296 0260 PxHelp20 - ok
09:26:36.0390 0260 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
09:26:36.0390 0260 ql1080 - ok
09:26:36.0515 0260 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
09:26:36.0515 0260 Ql10wnt - ok
09:26:36.0703 0260 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
09:26:36.0703 0260 ql12160 - ok
09:26:36.0859 0260 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
09:26:36.0859 0260 ql1240 - ok
09:26:37.0015 0260 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
09:26:37.0015 0260 ql1280 - ok
09:26:37.0234 0260 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All

Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
09:26:37.0250 0260 RapportCerberus_34302 - ok
09:26:37.0390 0260 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program

Files\Trusteer\Rapport\bin\RapportEI.sys
09:26:37.0390 0260 RapportEI - ok
09:26:37.0656 0260 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application

data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
09:26:37.0656 0260 RapportIaso - ok
09:26:37.0812 0260 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\WINDOWS\system32\Drivers\RapportKELL.sys
09:26:37.0812 0260 RapportKELL - ok
09:26:37.0953 0260 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program

Files\Trusteer\Rapport\bin\RapportMgmtService.exe
09:26:37.0968 0260 RapportMgmtService - ok
09:26:38.0125 0260 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program

Files\Trusteer\Rapport\bin\RapportPG.sys
09:26:38.0140 0260 RapportPG - ok
09:26:38.0250 0260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:26:38.0250 0260 RasAcd - ok
09:26:38.0343 0260 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:26:38.0343 0260 RasAuto - ok
09:26:38.0515 0260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:26:38.0515 0260 Rasl2tp - ok
09:26:38.0640 0260 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:26:38.0656 0260 RasMan - ok
09:26:38.0796 0260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:26:38.0796 0260 RasPppoe - ok
09:26:38.0906 0260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:26:38.0906 0260 Raspti - ok
09:26:39.0031 0260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:26:39.0031 0260 Rdbss - ok
09:26:39.0187 0260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:26:39.0187 0260 RDPCDD - ok
09:26:39.0312 0260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:26:39.0328 0260 rdpdr - ok
09:26:39.0500 0260 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:26:39.0500 0260 RDPWD - ok
09:26:39.0656 0260 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:26:39.0656 0260 RDSessMgr - ok
09:26:39.0812 0260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:26:39.0812 0260 redbook - ok
09:26:39.0921 0260 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:26:39.0921 0260 RemoteAccess - ok
09:26:40.0062 0260 Rio8Drv (a56fe08ec7473e8580a390bb1081cdd7) C:\WINDOWS\system32\Drivers\Rio8Drv.sys
09:26:40.0062 0260 Rio8Drv - ok
09:26:40.0109 0260 RIOUNIV - ok
09:26:40.0218 0260 RIOXDRV (9845ce9c94b371006de6f7aac49b0f51) C:\WINDOWS\system32\Drivers\RIOXDRV.sys
09:26:40.0218 0260 RIOXDRV - ok
09:26:40.0265 0260 rismxdp - ok
09:26:40.0343 0260 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
09:26:40.0343 0260 RpcLocator - ok
09:26:40.0453 0260 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:26:40.0468 0260 RpcSs - ok
09:26:40.0593 0260 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
09:26:40.0609 0260 RSVP - ok
09:26:40.0671 0260 s616nd5 - ok
09:26:40.0734 0260 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:26:40.0734 0260 SamSs - ok
09:26:40.0828 0260 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:26:40.0828 0260 SASDIFSV - ok
09:26:40.0875 0260 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
09:26:40.0875 0260 SASENUM - ok
09:26:40.0984 0260 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:26:40.0984 0260 SASKUTIL - ok
09:26:41.0093 0260 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:26:41.0093 0260 SCardSvr - ok
09:26:41.0218 0260 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:26:41.0218 0260 Schedule - ok
09:26:41.0296 0260 se26nd5 - ok
09:26:41.0421 0260 se45bus (531ebc57db331c8500c042d9f8a6aef2) C:\WINDOWS\system32\DRIVERS\se45bus.sys
09:26:41.0421 0260 se45bus - ok
09:26:41.0593 0260 se45mdfl (148e7e813681d3a0a05f09826080cc2b) C:\WINDOWS\system32\DRIVERS\se45mdfl.sys
09:26:41.0609 0260 se45mdfl - ok
09:26:41.0781 0260 se45mdm (b4ce022564d0d3fd7b0e5459aa12aa72) C:\WINDOWS\system32\DRIVERS\se45mdm.sys
09:26:41.0781 0260 se45mdm - ok
09:26:41.0953 0260 se45mgmt (6d04ea9c049ebd78d64ade447de3f7eb) C:\WINDOWS\system32\DRIVERS\se45mgmt.sys
09:26:41.0953 0260 se45mgmt - ok
09:26:42.0125 0260 se45nd5 (fdc74beaa13a801fac574bc7af1450c4) C:\WINDOWS\system32\DRIVERS\se45nd5.sys
09:26:42.0125 0260 se45nd5 - ok
09:26:42.0296 0260 se45obex (5e003693822460d37516d9a262de9e11) C:\WINDOWS\system32\DRIVERS\se45obex.sys
09:26:42.0296 0260 se45obex - ok
09:26:42.0453 0260 se45unic (fc7021adb632200da591a55a35a78acc) C:\WINDOWS\system32\DRIVERS\se45unic.sys
09:26:42.0453 0260 se45unic - ok
09:26:42.0640 0260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:26:42.0640 0260 Secdrv - ok
09:26:42.0734 0260 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:26:42.0750 0260 seclogon - ok
09:26:42.0843 0260 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:26:42.0843 0260 SENS - ok
09:26:43.0000 0260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:26:43.0000 0260 serenum - ok
09:26:43.0109 0260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:26:43.0109 0260 Serial - ok
09:26:43.0250 0260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:26:43.0250 0260 Sfloppy - ok
09:26:43.0406 0260 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:26:43.0406 0260 SharedAccess - ok
09:26:43.0531 0260 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:26:43.0531 0260 ShellHWDetection - ok
09:26:43.0687 0260 Simbad - ok
09:26:43.0765 0260 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\System32\tcpsvcs.exe
09:26:43.0765 0260 SimpTcp - ok
09:26:43.0828 0260 SirefefRemover - ok
09:26:43.0984 0260 SIS162u (7bfc3aa52a3aee5695cfda5c32a84db5) C:\WINDOWS\system32\DRIVERS\sis162u.sys
09:26:43.0984 0260 SIS162u - ok
09:26:44.0156 0260 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
09:26:44.0156 0260 sisagp - ok
09:26:44.0203 0260 slimsvc - ok
09:26:44.0312 0260 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:26:44.0312 0260 SLIP - ok
09:26:44.0453 0260 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
09:26:44.0468 0260 smwdm - ok
09:26:44.0750 0260 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
09:26:44.0750 0260 Sparrow - ok
09:26:44.0890 0260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:26:44.0890 0260 splitter - ok
09:26:44.0968 0260 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:26:44.0968 0260 Spooler - ok
09:26:45.0125 0260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
09:26:45.0125 0260 sr - ok
09:26:45.0203 0260 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
09:26:45.0203 0260 srservice - ok
09:26:45.0359 0260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:26:45.0375 0260 Srv - ok
09:26:45.0437 0260 sr_service - ok
09:26:45.0500 0260 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:26:45.0515 0260 SSDPSRV - ok
09:26:45.0625 0260 ssmdrv - ok
09:26:45.0781 0260 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:26:45.0796 0260 stisvc - ok
09:26:45.0953 0260 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:26:45.0953 0260 streamip - ok
09:26:46.0125 0260 STV680 (1c38bfdf92332b488244bf8e2a3f6779) C:\WINDOWS\system32\drivers\STV680.sys
09:26:46.0125 0260 STV680 - ok
09:26:46.0265 0260 STV680m (84bc7e28d97be426b301879233f71de6) C:\WINDOWS\system32\drivers\STV680m.sys
09:26:46.0265 0260 STV680m - ok
09:26:46.0421 0260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:26:46.0421 0260 swenum - ok
09:26:46.0546 0260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:26:46.0546 0260 swmidi - ok
09:26:46.0703 0260 SwPrv - ok
09:26:46.0734 0260 symantecantibotdriver - ok
09:26:46.0812 0260 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
09:26:46.0812 0260 symc810 - ok
09:26:46.0937 0260 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
09:26:46.0937 0260 symc8xx - ok
09:26:47.0062 0260 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
09:26:47.0062 0260 sym_hi - ok
09:26:47.0203 0260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
09:26:47.0218 0260 sym_u3 - ok
09:26:47.0343 0260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:26:47.0343 0260 sysaudio - ok
09:26:47.0453 0260 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:26:47.0468 0260 SysmonLog - ok
09:26:47.0593 0260 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:26:47.0609 0260 TapiSrv - ok
09:26:47.0828 0260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:26:47.0828 0260 Tcpip - ok
09:26:47.0984 0260 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
09:26:48.0000 0260 Tcpip6 - ok
09:26:48.0375 0260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:26:48.0375 0260 TDPIPE - ok
09:26:48.0546 0260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:26:48.0546 0260 TDTCP - ok
09:26:48.0718 0260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:26:48.0718 0260 TermDD - ok
09:26:48.0843 0260 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:26:48.0843 0260 TermService - ok
09:26:48.0968 0260 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:26:48.0968 0260 Themes - ok
09:26:49.0109 0260 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
09:26:49.0125 0260 TosIde - ok
09:26:49.0250 0260 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:26:49.0265 0260 TrkWks - ok
09:26:49.0343 0260 tsircsrv - ok
09:26:49.0437 0260 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
09:26:49.0437 0260 tunmp - ok
09:26:49.0609 0260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:26:49.0609 0260 Udfs - ok
09:26:49.0765 0260 Uim_IM - ok
09:26:49.0796 0260 ulcdrhlp - ok
09:26:49.0875 0260 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
09:26:49.0890 0260 ultra - ok
09:26:50.0062 0260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:26:50.0078 0260 Update - ok
09:26:50.0203 0260 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:26:50.0203 0260 upnphost - ok
09:26:50.0328 0260 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:26:50.0328 0260 UPS - ok
09:26:50.0484 0260 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:26:50.0500 0260 usbaudio - ok
09:26:50.0656 0260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:26:50.0687 0260 usbccgp - ok
09:26:50.0875 0260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:26:50.0875 0260 usbehci - ok
09:26:51.0000 0260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:26:51.0000 0260 usbhub - ok
09:26:51.0125 0260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:26:51.0125 0260 usbprint - ok
09:26:51.0234 0260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:26:51.0250 0260 usbscan - ok
09:26:51.0390 0260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:26:51.0406 0260 USBSTOR - ok
09:26:51.0515 0260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:26:51.0515 0260 usbuhci - ok
09:26:51.0687 0260 usbvideo - ok
09:26:51.0812 0260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:26:51.0812 0260 VgaSave - ok
09:26:51.0953 0260 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
09:26:51.0953 0260 viaagp - ok
09:26:52.0078 0260 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
09:26:52.0078 0260 ViaIde - ok
09:26:52.0234 0260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:26:52.0234 0260 VolSnap - ok
09:26:52.0359 0260 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:26:52.0359 0260 VSS - ok
09:26:52.0515 0260 VtcDrv (0c91d65b29edd38f5e14a4dfe9cdf846) C:\WINDOWS\system32\Drivers\vtcdrv.sys
09:26:52.0531 0260 VtcDrv - ok
09:26:52.0687 0260 vvdsvc - ok
09:26:52.0781 0260 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:26:52.0781 0260 w32time - ok
09:26:52.0921 0260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:26:52.0921 0260 Wanarp - ok
09:26:53.0000 0260 wanatw - ok
09:26:53.0125 0260 WAVEFNDR (f6e0ef02c984dcf7effb166e5226b999) C:\WINDOWS\system32\Drivers\WAVEFNDR.sys
09:26:53.0125 0260 WAVEFNDR - ok
09:26:53.0281 0260 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
09:26:53.0281 0260 wceusbsh - ok
09:26:53.0468 0260 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:26:53.0484 0260 Wdf01000 - ok
09:26:53.0687 0260 WDICA - ok
09:26:53.0796 0260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:26:53.0796 0260 wdmaud - ok
09:26:53.0890 0260 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:26:53.0890 0260 WebClient - ok
09:26:54.0046 0260 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:26:54.0046 0260 winmgmt - ok
09:26:54.0125 0260 winpower - ok
09:26:54.0234 0260 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
09:26:54.0234 0260 WmdmPmSN - ok
09:26:54.0296 0260 WmiAcpi - ok
09:26:54.0406 0260 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:26:54.0406 0260 WmiApSrv - ok
09:26:54.0593 0260 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:26:54.0625 0260 WMPNetworkSvc - ok
09:26:54.0765 0260 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:26:54.0765 0260 WpdUsb - ok
09:26:54.0828 0260 WPN111 - ok
09:26:54.0937 0260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:26:54.0937 0260 WS2IFSL - ok
09:26:55.0046 0260 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:26:55.0046 0260 WSTCODEC - ok
09:26:55.0187 0260 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:26:55.0203 0260 wuauserv - ok
09:26:55.0375 0260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:26:55.0375 0260 WudfPf - ok
09:26:55.0484 0260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:26:55.0484 0260 WudfRd - ok
09:26:55.0609 0260 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:26:55.0625 0260 WudfSvc - ok
09:26:55.0750 0260 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:26:55.0750 0260 WZCSVC - ok
09:26:55.0812 0260 XDva004 - ok
09:26:55.0890 0260 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:26:55.0921 0260 xmlprov - ok
09:26:56.0015 0260 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:26:56.0359 0260 \Device\Harddisk0\DR0 - ok
09:26:56.0375 0260 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:26:56.0453 0260 \Device\Harddisk1\DR1 - ok
09:26:56.0468 0260 MBR (0x1B8) (ad805d4e4b7dc214803daaf28211a06d) \Device\Harddisk2\DR2
09:26:56.0562 0260 \Device\Harddisk2\DR2 - ok
09:26:56.0953 0260 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk3\DR7
09:26:57.0578 0260 \Device\Harddisk3\DR7 - ok
09:26:57.0609 0260 Boot (0x1200) (643ff3877da4803d68186b80ce6f9110) \Device\Harddisk0\DR0\Partition0
09:26:57.0609 0260 \Device\Harddisk0\DR0\Partition0 - ok
09:26:57.0609 0260 Boot (0x1200) (f8b9ac24bdaafda0584eb0a3aa01ee43) \Device\Harddisk1\DR1\Partition0
09:26:57.0625 0260 \Device\Harddisk1\DR1\Partition0 - ok
09:26:57.0625 0260 Boot (0x1200) (2388e87dd0f6713833ef714493f8eca2) \Device\Harddisk2\DR2\Partition0
09:26:57.0625 0260 \Device\Harddisk2\DR2\Partition0 - ok
09:26:57.0640 0260 Boot (0x1200) (318c38e62d1f93236e77edbc862abf06) \Device\Harddisk3\DR7\Partition0
09:26:57.0640 0260 \Device\Harddisk3\DR7\Partition0 - ok
09:26:57.0640 0260 ============================================================
09:26:57.0640 0260 Scan finished
09:26:57.0640 0260 ============================================================
09:26:57.0656 1744 Detected object count: 0
09:26:57.0656 1744 Actual detected object count: 0


GMER REPORT

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 18:00:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 IC35L090AVV207-0 rev.V23OA66A
Running: 0d8puecz.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwAssignProcessToJobObject [0xECDDD086]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwCreateFile [0xECDDDBE4]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302

\RapportCerberus32_34302.sys ZwCreateThread [0xED0935E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwDeleteFile [0xECDDDDDC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwDeleteKey [0xECDE15B2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwDeleteValueKey [0xECDE15E4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwLoadKey [0xECDE1746]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwOpenFile [0xECDDDCFC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwOpenProcess [0xECDDD1FC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwOpenThread [0xECDDD3F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwProtectVirtualMemory [0xECDDD522]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwQueryValueKey [0xECDE16BC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwRenameKey [0xECDE1626]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwReplaceKey [0xECDE1658]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwRestoreKey [0xECDE168A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwSetContextThread [0xECDDD02C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwSetInformationFile [0xECDDDE82]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwSetValueKey [0xECDE154A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwSuspendThread [0xECDDCFC6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwTerminateProcess [0xECDDCEEE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.)

ZwTerminateThread [0xECDDCF36]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys

section is writeable [0xF67B3340, 0xFD9DF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll

section is writeable [0xBF012300, 0x2342C0, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1176] ntdll.dll!KiUserApcDispatcher

7C90E450 5 Bytes JMP 00414DA0 C:\Program

Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1176] kernel32.dll!LoadLibraryExW + C4

7C801BB9 4 Bytes CALL 71A60001
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1176] WS2_32.dll!getaddrinfo

71AB2A6F 5 Bytes JMP 71A00022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1176] WS2_32.dll!gethostbyname

71AB5355 5 Bytes JMP 71A90022
.text C:\WINDOWS\System32\ping.exe[1188] ntdll.dll!NtCreateProcess

7C90D14E 5 Bytes JMP 00A2000A
.text C:\WINDOWS\System32\ping.exe[1188] ntdll.dll!NtCreateProcessEx

7C90D15E 5 Bytes JMP 00A3000A
.text C:\WINDOWS\System32\ping.exe[1188] USER32.dll!GetCursorPos

7E42974E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[1188] USER32.dll!WindowFromPoint

7E429766 5 Bytes JMP 00AA000A
.text C:\WINDOWS\System32\ping.exe[1188] USER32.dll!GetForegroundWindow

7E429823 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\ping.exe[1188] USER32.dll!CreateWindowExW

7E42D0A3 5 Bytes JMP 00AC000A
.text C:\WINDOWS\System32\ping.exe[1188] ole32.dll!CoCreateInstance

774FF1BC 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\ping.exe[1364] ntdll.dll!NtCreateProcess

7C90D14E 5 Bytes JMP 00A2000A
.text C:\WINDOWS\System32\ping.exe[1364] ntdll.dll!NtCreateProcessEx

7C90D15E 5 Bytes JMP 00A3000A
.text C:\WINDOWS\System32\ping.exe[1364] USER32.dll!GetCursorPos

7E42974E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[1364] USER32.dll!WindowFromPoint

7E429766 5 Bytes JMP 00AA000A
.text C:\WINDOWS\System32\ping.exe[1364] USER32.dll!GetForegroundWindow

7E429823 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\ping.exe[1364] USER32.dll!CreateWindowExW

7E42D0A3 5 Bytes JMP 00AC000A
.text C:\WINDOWS\System32\ping.exe[1364] ole32.dll!CoCreateInstance

774FF1BC 5 Bytes JMP 00A8000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] ntdll.dll!KiUserApcDispatcher

7C90E450 5 Bytes JMP 00444990 C:\Program

Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] kernel32.dll!LoadLibraryExW + C4

7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] kernel32.dll!CreateRemoteThread + 174

7C810640 4 Bytes JMP 719B0000
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] USER32.dll!GetGUIThreadInfo + FB

7E428023 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] WS2_32.dll!getaddrinfo

71AB2A6F 5 Bytes JMP 719E0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3872] WS2_32.dll!gethostbyname

71AB5355 5 Bytes JMP 71A20022

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat

fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** )

ECFC9000-ECFE3000 (106496 bytes)













---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** )

1188












Process C:\WINDOWS\System32\ping.exe (*** hidden *** )

1364













---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost@netsvcs

6to4?AppMgmt?AudioSrv?Browser?CryptSvc?DMServer?DHCP?ERSvc?EventSystem?

FastUserSwitchingCompatibility?HidServ?Ias?Iprip?Irmon?LanmanServer?LanmanWorkstation?Messenger?Netman?Nla?Ntmssvc?

NWCWorkstation?Nwsapagent?Rasauto?Rasman?acprfmgrsvc?evteng?Uim_IM?hcwPVRP2?DMICall?autostore?elnkupdateservice?avgtdi?

pchost?acedrv07?owstimer?rismxdp?HabuFltr?winpower?ulcdrhlp?slimsvc?s616nd5?LMIRfsClientNP?lvusbsta?RIOUNIV?XDva004?

tsircsrv?lvckap?cpucoolserver?pavatscheduler?symantecantibotdriver?ltck000c?vvdsvc?awhost32?ifp800?ssmdrv?bcoreusb?se26nd5?

sr_service?WmiAcpi?k750mdfl?l8042pr2?usbvideo?emAudio?CA561?Remoteaccess?Schedule?Seclogon?SENS?Sharedaccess?SRService?

Tapisrv?Themes?TrkWks?W32Time?WZCSVC?Wmi?WmdmPmSp?winmgmt?TermService?wuauserv?BITS?ShellHWDetection?helpsvc?xmlprov?wscsvc?

WmdmPmSN?napagent?hkmsvc?

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB25566$\2996136847

0 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048

0 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\@

2048 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\cfg.ini

323 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\Desktop.ini

4608 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\L

0 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\L\asobptkf

162816 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\oemid

172 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\U

0 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\U\00000001.@

2048 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\U\00000002.@

224768 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\U\00000004.@

1024 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\U\80000000.@

66560 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\U\80000004.@

1024 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\U\80000032.@

115712 bytes
File C:\WINDOWS\$NtUninstallKB25566$\3402017048\version

866 bytes
File C:\Documents and Settings\David\Local Settings\Application

Data\Trusteer\Rapport\user\store\user\rapport_var_1.cfg.data 2096 bytes
File C:\Documents and Settings\NetworkService\Cookies\61LUS1BS.txt

622 bytes
File C:\Documents and Settings\NetworkService\Cookies\760P169E.txt

0 bytes
File C:\Documents and Settings\NetworkService\Cookies\QV450JIY.txt

2868 bytes
File C:\Documents and Settings\NetworkService\Cookies\N4T4R5C8.txt

0 bytes
File C:\Documents and Settings\NetworkService\Cookies\966DGAPV.txt

0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\0NUSEXOT\glamadapt_psrv[3].act 1356 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0NUSEXOT\st[10]

4190 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0NUSEXOT\imp[10]

1505 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\0NUSEXOT\ajsCAWN4ZYM.php 1876 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\0NUSEXOT\scarlett-johansson-radiant-smile[1].jpg 8612 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0NUSEXOT\reese-

witherspoon-beautiful-smile_0[1].jpg 7924 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0NUSEXOT\sofia-

vergara-gorgeous-smile[1].jpg 6669 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\0NUSEXOT\statstracker[3].txt 39 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\0NUSEXOT\statstracker[7].txt 39 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\0NUSEXOT\stCA18KCKP 4237 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\0NUSEXOT\stCA47M1HR 4190 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0NUSEXOT\katy-

perry-profile[1].jpg 7130 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0NUSEXOT\lg

[9].gif 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3OZNK1X\ajs[10]

8253 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\F3OZNK1X\stCADHCGCC 422 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\F3OZNK1X\checkOAuth[2].esi 22 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3OZNK1X\tag

[2].jsp 769 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3OZNK1X\katy-

perry-dressin-up[1].jpg 22010 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3OZNK1X\katy-

perry-part-of-me-trailer[1].jpg 33129 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\F3OZNK1X\stCATQJC1M 4237 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\TKAJGPOR\defaultCA0GQBEV.jpg 3625 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\TKAJGPOR\defaultCA766R54.jpg 4727 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5

\TKAJGPOR\madonnas-girl-gone-wild-video-watch-now-596641[1].txt 0 bytes

---- EOF - GMER 1.0.15 ----

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 18:20:36
-----------------------------
18:20:36.125 OS Version: Windows 5.1.2600 Service Pack 3
18:20:36.125 Number of processors: 1 586 0x209
18:20:36.125 ComputerName: DARWIN UserName: David
18:20:39.015 Initialize success
18:21:25.234 AVAST engine defs: 12040901
18:28:31.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
18:28:31.640 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
18:28:31.656 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
18:28:31.656 Disk 1 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
18:28:31.656 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20
18:28:31.656 Disk 2 Vendor: WDC_WD800BB-00CAA1 17.07W17 Size: 76319MB BusType: 3
18:28:31.734 Disk 0 MBR read successfully
18:28:31.734 Disk 0 MBR scan
18:28:31.828 Disk 0 Windows XP default MBR code
18:28:31.859 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
18:28:31.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 96390
18:28:31.921 Disk 0 scanning sectors +156232125
18:28:32.250 Disk 0 scanning C:\WINDOWS\system32\drivers
18:29:11.640 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Rootkit-gen [Rtk]
18:29:41.500 Disk 0 trace - called modules:
18:29:41.531 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86e72fd0]<<
18:29:41.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873a4ab8]
18:29:41.531 3 CLASSPNP.SYS[f74e1fd7] -> nt!IofCallDriver -> [0x872ddd90]
18:29:41.531 \Driver\00001443[0x86ea13b8] -> IRP_MJ_CREATE -> 0x86e72fd0
18:29:42.531 AVAST engine scan C:\WINDOWS
18:30:45.625 AVAST engine scan C:\WINDOWS\system32
18:35:24.187 File: C:\WINDOWS\system32\mnsframework.dll **INFECTED** Win32:Sirefef-SM [Trj]
18:38:15.625 AVAST engine scan C:\WINDOWS\system32\drivers
18:38:34.328 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Rootkit-gen [Rtk]
18:38:52.421 AVAST engine scan C:\Documents and Settings\David
19:05:05.828 AVAST engine scan C:\Documents and Settings\All Users
19:09:08.718 Scan finished successfully
19:14:44.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David\Desktop\MBR.dat"
19:14:44.906 The log file has been saved successfully to "C:\Documents and Settings\David\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:42 AM

Posted 11 April 2012 - 04:02 AM

TDSSkiller doesnt detect the rootkit in this case

W need advanced tools

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users