1,105,334 Community Members

Hijackthis analysis assistance required

Member Avatar
APSoares
Junior Poster in Training
57 posts since Jun 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi there, I've recently received notification about a virus in my laptop; ran the "highjackthis" report and would like to check if someone can assist me with the analysis of the report to make sure everything is ok:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:10:52, on 09/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2873882369-1758865406-1688001053-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Paul')
O4 - HKUS\S-1-5-21-2873882369-1758865406-1688001053-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Paul')
O4 - HKUS\S-1-5-21-2873882369-1758865406-1688001053-1006\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Paul')
O4 - S-1-5-21-2873882369-1758865406-1688001053-1006 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Paul')
O4 - S-1-5-21-2873882369-1758865406-1688001053-1006 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Paul')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: ACPService - Unknown owner - C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 14609 bytes

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

HiJackThis is rarely used today, please follow the instructions given in our Read Me First sticky and post back here with copy/pastes of the logs produced.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Member Avatar
APSoares
Junior Poster in Training
57 posts since Jun 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

hi Jholland, I'm currently running the files. However, for the instruction point "6. If you are able, RUN ATF-Cleaner.exe." - I've downloaded what it was in the link "ATF-Cleaner.exe by Atribune" and it came up as "PC cleaner". Lots of items have been list and I would have to subscribe to have them fixed. I could not find anything related to the instructions provided though (ie: Where it says Select Files To Delete, Check the Select All Option / Click Empty Selected > OK); so I did not progress with this.I'm not sure it what has been downloaded in the laptop is correct.
I will hopefully be able to post the other files here tomorrow. Thank you.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Have absolutely no idea what it was you actually got when you were supposed to download the ATF Cleaner but that is not what you downloaded. When you got to the Majorgeeks download page what you should have seen was what shows in my print screen, then you should have chosen one of the 3 download links shown, 2 from Majorgeeks and one from Internode which is only for Australian users.Once you click one of those you receive the executable file to save to the computer.
Then you double click that file to install and it definitely IS called the ATF-Cleaner, not PC Cleaner

Attachments ATF_Download_Page.jpg 42.16KB
Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

You need to give the file a little time to show on the monitor. A lot of people get caught out with that and end up downloading software that majorgeeks is advertising, rather than the one they want.

Member Avatar
APSoares
Junior Poster in Training
57 posts since Jun 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I've managed to donwload ATF cleaner and ran before running DDS Scanlogs. Does it affect anything? should I restart from the beginning and run everything again in that specific recommended order? If not, I've attached the requested logs below.

You may also need to know that I'm using VPN sometimes.


• MalwareBytes’ Anti-Malware log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Antonio :: APSOARES [limited]

Protection: Enabled

12/02/2012 19:26:57
mbam-log-2012-02-12 (19-26-57).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293363
Time elapsed: 1 hour(s), 38 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

• GMER One.log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-12 14:23:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: b9n8h1e6.exe; Driver: C:\DOCUME~1\Antonio\LOCALS~1\Temp\uflyrpog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

and GMER Two.log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-12 18:31:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: b9n8h1e6.exe; Driver: C:\DOCUME~1\Antonio\LOCALS~1\Temp\uflyrpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xAA03E080]
SSDT F7DBD9B4 ZwClose
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xAA03EBDE]
SSDT F7DBD96E ZwCreateKey
SSDT F7DBD9BE ZwCreateSection
SSDT F7DBD964 ZwCreateThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xAA03EDD6]
SSDT F7DBD973 ZwDeleteKey
SSDT F7DBD97D ZwDeleteValueKey
SSDT F7DBD9AF ZwDuplicateObject
SSDT F7DBD982 ZwLoadKey
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xAA03ECF6]
SSDT F7DBD950 ZwOpenProcess
SSDT F7DBD955 ZwOpenThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xAA03E51C]
SSDT F7DBD9D7 ZwQueryValueKey
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xAA042620]
SSDT F7DBD98C ZwReplaceKey
SSDT F7DBD9C8 ZwRequestWaitReplyPort
SSDT F7DBD987 ZwRestoreKey
SSDT F7DBD9C3 ZwSetContextThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xAA03EE7C]
SSDT F7DBD9CD ZwSetSecurityObject
SSDT F7DBD978 ZwSetValueKey
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xAA03DFC0]
SSDT F7DBD9D2 ZwSystemDebugControl
SSDT F7DBD95F ZwTerminateProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xAA03DF30]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

• BOTH DDS ScanLogs (DDS.txt & Attach.txt)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Antonio at 12:58:17 on 2012-02-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.296 [GMT 0:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1329103900&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb&cbcxt=mai&snsc=1
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: PC-Helpsoft Toolbar: {256db8bc-7da7-4248-97cd-44e07216b7f1} - c:\program files\pc-helpsoft\prxtbPC-H.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC-Helpsoft Toolbar: {256db8bc-7da7-4248-97cd-44e07216b7f1} - c:\program files\pc-helpsoft\prxtbPC-H.dll
BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\program files\scpad\scpsssh2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC-Helpsoft Toolbar: {256db8bc-7da7-4248-97cd-44e07216b7f1} - c:\program files\pc-helpsoft\prxtbPC-H.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Cleaner] c:\program files\pc cleaner\PCCLauncher.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\antonio\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{CA5507D2-317F-4A97-BBAF-EE4B89A62CBF} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll
Notify: igfxcui - igfxdev.dll
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files\scpad\scpLIB.dll
STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\program files\scpad\scpLIB.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\antonio\application data\mozilla\firefox\profiles\xdbv2m1f.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2011-6-30 45896]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-18 36000]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112]
R2 ACPService;ACPService;c:\program files\philips\camsuite\2.0.15.0\ACPService.exe [2010-8-26 687104]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-18 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-18 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-18 74640]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-4-2 4300]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-8-12 54760]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2011-6-30 204872]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-14 652360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-12-31 9216]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-4-3 72832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-14 20464]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2012-1-9 42192]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-7-19 21520]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-4-2 238464]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-23 7680]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2012-1-9 42192]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2009-9-23 110080]
.
=============== Created Last 30 ================
.
2012-02-12 13:21:42 -------- d-----w- c:\program files\Conduit
2012-02-12 13:21:33 -------- d-----w- c:\documents and settings\antonio\local settings\application data\PC-Helpsoft
2012-02-12 13:21:28 -------- d-----w- c:\documents and settings\antonio\local settings\application data\Conduit
2012-02-12 13:21:20 -------- d-----w- c:\program files\PC-Helpsoft
2012-02-09 20:03:40 388096 ----a-r- c:\documents and settings\antonio\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-09 20:03:38 -------- d-----w- c:\program files\Trend Micro
2012-01-25 10:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-20 18:51:55 -------- d-----w- c:\documents and settings\antonio\application data\OpenCandy
2012-01-20 18:47:16 -------- d-----w- c:\documents and settings\antonio\local settings\application data\AskToolbar
2012-01-20 18:46:45 -------- d-----w- c:\documents and settings\antonio\local settings\application data\APN
2012-01-20 18:45:59 -------- d-----w- c:\program files\DsNET Corp
.
==================== Find3M ====================
.
2012-01-09 19:11:05 42192 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2011-12-21 16:32:06 45896 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2011-12-20 17:23:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86FA6AB8]
3 CLASSPNP[0xF780BFD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000075[0x86FC6838]
5 ACPI[0xF7782620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86F1E940]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x100; CLD ; REP MOVSW ; JMP FAR 0x60:0x1b; }
user != kernel MBR !!!
.
============= FINISH: 13:00:02.82 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 30/07/2009 11:53:39
System Uptime: 13/02/2012 12:51:04 (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NC10/N110
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1596/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 46.951 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 71.885 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP123: 22/11/2011 13:44:19 - System Checkpoint
RP124: 24/11/2011 15:49:12 - System Checkpoint
RP125: 29/11/2011 14:01:13 - System Checkpoint
RP126: 15/12/2011 20:41:30 - Software Distribution Service 3.0
RP127: 16/12/2011 20:34:12 - Software Distribution Service 3.0
RP128: 18/12/2011 08:52:44 - Software Distribution Service 3.0
RP129: 18/12/2011 08:58:27 - Software Distribution Service 3.0
RP130: 06/01/2012 07:17:19 - Installed Rapport
RP131: 13/01/2012 15:50:56 - Software Distribution Service 3.0
RP132: 17/01/2012 18:27:36 - Installed Rapport
RP133: 28/01/2012 14:50:00 - Software Distribution Service 3.0
RP134: 31/01/2012 13:48:29 - Installed Rapport
RP135: 09/02/2012 20:03:35 - Installed HiJackThis
RP136: 12/02/2012 17:32:21 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros WLAN Client
aTube Catcher
aTube Toolbar Updater
Avira Free Antivirus
Bonjour
CopyTrans Suite Remove Only
Easy Display Manager
Easy Network Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 7
Junk Mail filter update
Magic Keyboard
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 7.0 (x86 en-GB)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Namuga 1.3M Webcam
OpenOffice.org 3.0
OpenVPN 2.1_rc20
PC-Helpsoft Toolbar
Philips CamSuite
Play Camera
Protected Copy
Rapport
Realtek High Definition Audio Driver
Samsung Battery Manager
Samsung EDS
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Samsung Wallpaper
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Click to Call
Skype™ 5.5
SweetIM for Messenger 3.6
SweetIM Toolbar for Internet Explorer 4.2
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
Vodafone Mobile Broadband
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows PowerShell(TM) 1.0
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
12/02/2012 18:31:35, error: AR5416 [5001] - Atheros AR5007EG Wireless Network Adapter : Could not allocate the resources necessary for operation.
10/02/2012 15:16:43, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/02/2012 15:16:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
08/02/2012 17:36:05, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0024D2B5A753 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
07/02/2012 18:09:22, error: Service Control Manager [7000] - The Marvell Yukon Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/02/2012 18:09:21, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Marvell Yukon Service service to connect.
07/02/2012 04:39:39, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0024D2B5A753 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
07/02/2012 04:39:21, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
06/02/2012 15:35:31, error: Dhcp [1002] - The IP address lease 10.8.1.78 for the Network Card with network address 00FF225C1255 has been denied by the DHCP server 10.8.1.77 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

I've managed to donwload ATF cleaner and ran before running DDS Scanlogs. Does it affect anything? should I restart from the beginning and run everything again in that specific recommended order?
No worries. Doesn't matter when it was run.

Your log shows a rootkit on the computer, please do the following:

Please download the TDSSKiller following these instructions:
Download the TDSSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);

Run the TDSSKiller.exe file;

Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.
Post back here with the log.

Member Avatar
APSoares
Junior Poster in Training
57 posts since Jun 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

04:43:37.0421 5372 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
04:43:38.0640 5372 ============================================================
04:43:38.0640 5372 Current date / time: 2012/02/14 04:43:38.0640
04:43:38.0640 5372 SystemInfo:
04:43:38.0640 5372
04:43:38.0640 5372 OS Version: 5.1.2600 ServicePack: 3.0
04:43:38.0640 5372 Product type: Workstation
04:43:38.0640 5372 ComputerName: APSOARES
04:43:38.0640 5372 UserName: Antonio
04:43:38.0640 5372 Windows directory: C:\WINDOWS
04:43:38.0640 5372 System windows directory: C:\WINDOWS
04:43:38.0640 5372 Processor architecture: Intel x86
04:43:38.0640 5372 Number of processors: 2
04:43:38.0640 5372 Page size: 0x1000
04:43:38.0640 5372 Boot type: Normal boot
04:43:38.0640 5372 ============================================================
04:43:48.0281 5372 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
04:43:48.0281 5372 \Device\Harddisk0\DR0:
04:43:48.0281 5372 MBR used
04:43:48.0281 5372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x8E168F0
04:43:48.0281 5372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9A19800, BlocksNum 0x8FFF800
04:43:48.0390 5372 Initialize success
04:43:48.0390 5372 ============================================================
04:44:00.0125 4328 ============================================================
04:44:00.0125 4328 Scan started
04:44:00.0125 4328 Mode: Manual;
04:44:00.0125 4328 ============================================================
04:44:02.0375 4328 Abiosdsk - ok
04:44:02.0421 4328 abp480n5 - ok
04:44:02.0609 4328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:44:02.0625 4328 ACPI - ok
04:44:02.0703 4328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
04:44:02.0718 4328 ACPIEC - ok
04:44:03.0656 4328 adpu160m - ok
04:44:03.0718 4328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:44:03.0734 4328 aec - ok
04:44:03.0812 4328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
04:44:03.0812 4328 AFD - ok
04:44:03.0906 4328 Aha154x - ok
04:44:03.0921 4328 aic78u2 - ok
04:44:03.0953 4328 aic78xx - ok
04:44:04.0000 4328 AliIde - ok
04:44:04.0031 4328 amsint - ok
04:44:04.0187 4328 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys
04:44:04.0265 4328 AR5416 - ok
04:44:04.0343 4328 asc - ok
04:44:04.0359 4328 asc3350p - ok
04:44:04.0375 4328 asc3550 - ok
04:44:04.0468 4328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:44:04.0468 4328 AsyncMac - ok
04:44:04.0515 4328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:44:04.0515 4328 atapi - ok
04:44:04.0531 4328 Atdisk - ok
04:44:04.0578 4328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:44:04.0593 4328 Atmarpc - ok
04:44:04.0687 4328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:44:04.0703 4328 audstub - ok
04:44:04.0765 4328 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
04:44:04.0781 4328 avgntflt - ok
04:44:04.0828 4328 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
04:44:04.0828 4328 avipbb - ok
04:44:04.0953 4328 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
04:44:04.0953 4328 avkmgr - ok
04:44:05.0000 4328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:44:05.0000 4328 Beep - ok
04:44:05.0171 4328 btaudio (b6e16da77eafe84a8c5bc44784feeaea) C:\WINDOWS\system32\drivers\btaudio.sys
04:44:05.0187 4328 btaudio - ok
04:44:05.0312 4328 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
04:44:05.0312 4328 BTDriver - ok
04:44:05.0375 4328 BTKRNL (48aad36baefb7820bfeb986763226905) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
04:44:05.0406 4328 BTKRNL - ok
04:44:05.0515 4328 BTWDNDIS (5629767b576a2fdccf1b518843058978) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
04:44:05.0531 4328 BTWDNDIS - ok
04:44:05.0578 4328 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
04:44:05.0578 4328 BTWUSB - ok
04:44:05.0625 4328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:44:05.0625 4328 cbidf2k - ok
04:44:05.0750 4328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
04:44:05.0750 4328 CCDECODE - ok
04:44:05.0765 4328 cd20xrnt - ok
04:44:05.0812 4328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:44:05.0812 4328 Cdaudio - ok
04:44:05.0859 4328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:44:05.0875 4328 Cdfs - ok
04:44:05.0953 4328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:44:05.0953 4328 Cdrom - ok
04:44:05.0968 4328 Changer - ok
04:44:06.0046 4328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
04:44:06.0046 4328 CmBatt - ok
04:44:06.0062 4328 CmdIde - ok
04:44:06.0093 4328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
04:44:06.0109 4328 Compbatt - ok
04:44:06.0203 4328 Cpqarray - ok
04:44:06.0343 4328 dac2w2k - ok
04:44:06.0453 4328 dac960nt - ok
04:44:07.0125 4328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:44:07.0156 4328 Disk - ok
04:44:07.0265 4328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:44:07.0312 4328 dmboot - ok
04:44:07.0437 4328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:44:07.0453 4328 dmio - ok
04:44:07.0531 4328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:44:07.0531 4328 dmload - ok
04:44:07.0640 4328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:44:07.0640 4328 DMusic - ok
04:44:07.0734 4328 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys
04:44:07.0734 4328 DNSeFilter - ok
04:44:07.0812 4328 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
04:44:07.0843 4328 DOSMEMIO - ok
04:44:07.0937 4328 dpti2o - ok
04:44:07.0984 4328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:44:07.0984 4328 drmkaud - ok
04:44:08.0046 4328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:44:08.0062 4328 Fastfat - ok
04:44:08.0093 4328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
04:44:08.0093 4328 Fdc - ok
04:44:08.0171 4328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:44:08.0187 4328 Fips - ok
04:44:08.0234 4328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
04:44:08.0234 4328 Flpydisk - ok
04:44:08.0296 4328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
04:44:08.0296 4328 FltMgr - ok
04:44:08.0359 4328 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
04:44:08.0375 4328 fssfltr - ok
04:44:08.0468 4328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:44:08.0468 4328 Fs_Rec - ok
04:44:08.0546 4328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:44:08.0546 4328 Ftdisk - ok
04:44:08.0593 4328 GbpKm (98149db90fb1425e904e9724f4fde9c5) C:\WINDOWS\system32\drivers\gbpkm.sys
04:44:08.0593 4328 GbpKm - ok
04:44:08.0703 4328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
04:44:08.0718 4328 GEARAspiWDM - ok
04:44:08.0812 4328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:44:08.0812 4328 Gpc - ok
04:44:08.0984 4328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
04:44:08.0984 4328 HDAudBus - ok
04:44:09.0062 4328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:44:09.0062 4328 HidUsb - ok
04:44:09.0109 4328 hpn - ok
04:44:09.0156 4328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:44:09.0171 4328 HTTP - ok
04:44:09.0359 4328 huawei_enumerator (2f23aba465b24a57e8664a124a53cc15) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
04:44:09.0359 4328 huawei_enumerator - ok
04:44:09.0390 4328 hwdatacard (1c09309a3d793c57ef87ac60c6bbd739) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
04:44:09.0390 4328 hwdatacard - ok
04:44:09.0406 4328 i2omgmt - ok
04:44:09.0437 4328 i2omp - ok
04:44:09.0500 4328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:44:09.0500 4328 i8042prt - ok
04:44:09.0843 4328 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
04:44:10.0062 4328 ialm - ok
04:44:10.0187 4328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:44:10.0203 4328 Imapi - ok
04:44:10.0343 4328 ini910u - ok
04:44:10.0562 4328 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys
04:44:10.0718 4328 IntcAzAudAddService - ok
04:44:10.0890 4328 IntelIde - ok
04:44:10.0921 4328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:44:10.0953 4328 intelppm - ok
04:44:11.0000 4328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
04:44:11.0015 4328 Ip6Fw - ok
04:44:11.0125 4328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:44:11.0125 4328 IpFilterDriver - ok
04:44:11.0171 4328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:44:11.0171 4328 IpInIp - ok
04:44:11.0468 4328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:44:11.0468 4328 IpNat - ok
04:44:11.0609 4328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:44:11.0609 4328 IPSec - ok
04:44:11.0656 4328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:44:11.0656 4328 IRENUM - ok
04:44:11.0687 4328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:44:11.0687 4328 isapnp - ok
04:44:11.0812 4328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:44:11.0812 4328 Kbdclass - ok
04:44:11.0859 4328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:44:11.0859 4328 kmixer - ok
04:44:11.0921 4328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:44:11.0937 4328 KSecDD - ok
04:44:12.0031 4328 lbrtfdc - ok
04:44:12.0093 4328 massfilter (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys
04:44:12.0093 4328 massfilter - ok
04:44:12.0125 4328 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
04:44:12.0125 4328 MBAMProtector - ok
04:44:12.0187 4328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:44:12.0187 4328 mnmdd - ok
04:44:12.0281 4328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:44:12.0296 4328 Modem - ok
04:44:12.0359 4328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:44:12.0359 4328 Mouclass - ok
04:44:12.0406 4328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:44:12.0406 4328 mouhid - ok
04:44:12.0484 4328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:44:12.0484 4328 MountMgr - ok
04:44:12.0515 4328 mraid35x - ok
04:44:12.0546 4328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:44:12.0562 4328 MRxDAV - ok
04:44:12.0640 4328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:44:12.0656 4328 MRxSmb - ok
04:44:12.0750 4328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:44:12.0750 4328 Msfs - ok
04:44:12.0843 4328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:44:12.0859 4328 MSKSSRV - ok
04:44:12.0890 4328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:44:12.0890 4328 MSPCLOCK - ok
04:44:12.0953 4328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:44:12.0968 4328 MSPQM - ok
04:44:13.0031 4328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:44:13.0031 4328 mssmbios - ok
04:44:13.0062 4328 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
04:44:13.0078 4328 MSTEE - ok
04:44:13.0125 4328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:44:13.0125 4328 Mup - ok
04:44:13.0203 4328 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
04:44:13.0203 4328 NABTSFEC - ok
04:44:13.0265 4328 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
04:44:13.0281 4328 NDIS - ok
04:44:13.0312 4328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
04:44:13.0312 4328 NdisIP - ok
04:44:13.0421 4328 Ndisrd (c4a2ec41dfb9619fa3b792ea1e7a4b46) C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys
04:44:13.0437 4328 Ndisrd - ok
04:44:13.0437 4328 NdisrdMP (c4a2ec41dfb9619fa3b792ea1e7a4b46) C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys
04:44:13.0437 4328 NdisrdMP - ok
04:44:13.0500 4328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:44:13.0500 4328 NdisTapi - ok
04:44:13.0562 4328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:44:13.0578 4328 Ndisuio - ok
04:44:13.0609 4328 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:44:13.0609 4328 NdisWan - ok
04:44:13.0656 4328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:44:13.0671 4328 NDProxy - ok
04:44:13.0718 4328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:44:13.0718 4328 NetBIOS - ok
04:44:13.0796 4328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:44:13.0796 4328 NetBT - ok
04:44:14.0312 4328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:44:14.0328 4328 Npfs - ok
04:44:14.0421 4328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:44:14.0453 4328 Ntfs - ok
04:44:14.0859 4328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:44:14.0859 4328 Null - ok
04:44:15.0125 4328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:44:15.0125 4328 NwlnkFlt - ok
04:44:15.0171 4328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:44:15.0203 4328 NwlnkFwd - ok
04:44:15.0343 4328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
04:44:15.0343 4328 Parport - ok
04:44:15.0421 4328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:44:15.0421 4328 PartMgr - ok
04:44:15.0484 4328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:44:15.0484 4328 ParVdm - ok
04:44:15.0500 4328 PCASp50 - ok
04:44:15.0578 4328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:44:15.0578 4328 PCI - ok
04:44:15.0625 4328 PCIDump - ok
04:44:15.0703 4328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:44:15.0703 4328 PCIIde - ok
04:44:15.0765 4328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:44:15.0781 4328 Pcmcia - ok
04:44:15.0953 4328 PDCOMP - ok
04:44:15.0984 4328 PDFRAME - ok
04:44:16.0000 4328 PDRELI - ok
04:44:16.0015 4328 PDRFRAME - ok
04:44:16.0062 4328 perc2 - ok
04:44:16.0125 4328 perc2hib - ok
04:44:16.0343 4328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:44:16.0359 4328 PptpMiniport - ok
04:44:16.0390 4328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:44:16.0406 4328 PSched - ok
04:44:16.0453 4328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:44:16.0453 4328 Ptilink - ok
04:44:16.0500 4328 ql1080 - ok
04:44:16.0531 4328 Ql10wnt - ok
04:44:16.0562 4328 ql12160 - ok
04:44:16.0578 4328 ql1240 - ok
04:44:16.0593 4328 ql1280 - ok
04:44:16.0796 4328 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
04:44:16.0828 4328 RapportCerberus_34302 - ok
04:44:16.0968 4328 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
04:44:16.0968 4328 RapportEI - ok
04:44:17.0109 4328 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
04:44:17.0125 4328 RapportIaso - ok
04:44:17.0250 4328 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\WINDOWS\system32\Drivers\RapportKELL.sys
04:44:17.0250 4328 RapportKELL - ok
04:44:17.0484 4328 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
04:44:17.0484 4328 RapportPG - ok
04:44:17.0656 4328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:44:17.0671 4328 RasAcd - ok
04:44:17.0718 4328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:44:17.0718 4328 Rasl2tp - ok
04:44:17.0828 4328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:44:17.0828 4328 RasPppoe - ok
04:44:17.0859 4328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:44:17.0859 4328 Raspti - ok
04:44:17.0937 4328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:44:17.0953 4328 Rdbss - ok
04:44:18.0062 4328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:44:18.0062 4328 RDPCDD - ok
04:44:18.0187 4328 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
04:44:18.0187 4328 RDPWD - ok
04:44:18.0281 4328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:44:18.0312 4328 redbook - ok
04:44:18.0437 4328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:44:18.0437 4328 Secdrv - ok
04:44:18.0531 4328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
04:44:18.0562 4328 Serial - ok
04:44:18.0625 4328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:44:18.0625 4328 Sfloppy - ok
04:44:18.0656 4328 Simbad - ok
04:44:18.0718 4328 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
04:44:18.0734 4328 SLIP - ok
04:44:18.0750 4328 Sparrow - ok
04:44:18.0843 4328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:44:18.0843 4328 splitter - ok
04:44:18.0984 4328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:44:18.0984 4328 sr - ok
04:44:19.0031 4328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:44:19.0031 4328 Srv - ok
04:44:19.0125 4328 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
04:44:19.0125 4328 ssmdrv - ok
04:44:19.0281 4328 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
04:44:19.0281 4328 streamip - ok
04:44:19.0375 4328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:44:19.0375 4328 swenum - ok
04:44:19.0421 4328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:44:19.0421 4328 swmidi - ok
04:44:19.0484 4328 symc810 - ok
04:44:19.0500 4328 symc8xx - ok
04:44:19.0531 4328 sym_hi - ok
04:44:19.0562 4328 sym_u3 - ok
04:44:19.0625 4328 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
04:44:19.0640 4328 SynTP - ok
04:44:19.0703 4328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:44:19.0703 4328 sysaudio - ok
04:44:19.0859 4328 tap0901 (3b45d2674414d1f5400b9c452a7a293f) C:\WINDOWS\system32\DRIVERS\tap0901.sys
04:44:19.0859 4328 tap0901 - ok
04:44:19.0953 4328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:44:19.0968 4328 Tcpip - ok
04:44:20.0062 4328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:44:20.0062 4328 TDPIPE - ok
04:44:20.0109 4328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:44:20.0109 4328 TDTCP - ok
04:44:20.0156 4328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:44:20.0156 4328 TermDD - ok
04:44:20.0234 4328 TosIde - ok
04:44:20.0296 4328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:44:20.0296 4328 Udfs - ok
04:44:20.0343 4328 ultra - ok
04:44:20.0406 4328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:44:20.0421 4328 Update - ok
04:44:20.0515 4328 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
04:44:20.0515 4328 USBAAPL - ok
04:44:20.0593 4328 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
04:44:20.0593 4328 usbaudio - ok
04:44:20.0656 4328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:44:20.0671 4328 usbccgp - ok
04:44:20.0718 4328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:44:20.0718 4328 usbehci - ok
04:44:20.0765 4328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:44:20.0765 4328 usbhub - ok
04:44:20.0859 4328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:44:20.0875 4328 usbscan - ok
04:44:20.0921 4328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:44:20.0921 4328 USBSTOR - ok
04:44:20.0984 4328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:44:20.0984 4328 usbuhci - ok
04:44:21.0171 4328 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
04:44:21.0171 4328 usbvideo - ok
04:44:21.0218 4328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:44:21.0234 4328 VgaSave - ok
04:44:21.0265 4328 ViaIde - ok
04:44:21.0484 4328 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys
04:44:21.0500 4328 VMC326 - ok
04:44:21.0640 4328 vodafone_K3805-z_dc_enum (381ba57c1ee2ab1bafcb4a6035cc305f) C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
04:44:21.0640 4328 vodafone_K3805-z_dc_enum - ok
04:44:21.0703 4328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:44:21.0703 4328 VolSnap - ok
04:44:21.0937 4328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:44:21.0968 4328 Wanarp - ok
04:44:22.0187 4328 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
04:44:22.0203 4328 Wdf01000 - ok
04:44:22.0437 4328 WDICA - ok
04:44:22.0500 4328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:44:22.0515 4328 wdmaud - ok
04:44:22.0734 4328 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
04:44:22.0734 4328 WSTCODEC - ok
04:44:22.0828 4328 yukonwxp (1661bf323aa86d1b6dd1fb6f2402d119) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
04:44:22.0843 4328 yukonwxp - ok
04:44:22.0953 4328 ZTEusbmdm6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
04:44:22.0968 4328 ZTEusbmdm6k - ok
04:44:23.0015 4328 ZTEusbnet (911ba85906bc7602c73441502abfb565) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
04:44:23.0015 4328 ZTEusbnet - ok
04:44:23.0078 4328 ZTEusbnmea (69774b89725ddc4781e0eeb9809f3b20) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
04:44:23.0078 4328 ZTEusbnmea - ok
04:44:23.0125 4328 ZTEusbser6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
04:44:23.0125 4328 ZTEusbser6k - ok
04:44:23.0218 4328 MBR (0x1B8) (a0a345f7ab6f3bac008fb0de602e66cd) \Device\Harddisk0\DR0
04:44:23.0843 4328 \Device\Harddisk0\DR0 - ok
04:44:23.0875 4328 Boot (0x1200) (dc360610185b1cb5e01fef8f8f281174) \Device\Harddisk0\DR0\Partition0
04:44:23.0875 4328 \Device\Harddisk0\DR0\Partition0 - ok
04:44:23.0953 4328 Boot (0x1200) (cb1e3265b1a72b02cbcf096bcb1fb501) \Device\Harddisk0\DR0\Partition1
04:44:23.0953 4328 \Device\Harddisk0\DR0\Partition1 - ok
04:44:23.0953 4328 ============================================================
04:44:23.0953 4328 Scan finished
04:44:23.0953 4328 ============================================================
04:44:24.0000 2212 Detected object count: 0
04:44:24.0000 2212 Actual detected object count: 0

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Ok, let's try this:
Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
Post back with the log.

Member Avatar
APSoares
Junior Poster in Training
57 posts since Jun 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

ComboFix 12-02-15.01 - Antonio 15/02/2012 18:41:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.466 [GMT 0:00]
Running from: c:\documents and settings\Antonio\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Antonio\Application Data\PriceGong
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-12 13:21 . 2012-02-12 13:21 -------- d-----w- c:\program files\Conduit
2012-02-12 13:21 . 2012-02-12 13:23 -------- d-----w- c:\documents and settings\Antonio\Local Settings\Application Data\PC-Helpsoft
2012-02-12 13:21 . 2012-02-12 13:21 -------- d-----w- c:\documents and settings\Antonio\Local Settings\Application Data\Conduit
2012-02-12 13:21 . 2012-02-12 13:21 -------- d-----w- c:\program files\PC-Helpsoft
2012-02-09 20:03 . 2012-02-09 20:03 388096 ----a-r- c:\documents and settings\Antonio\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-09 20:03 . 2012-02-09 20:03 -------- d-----w- c:\program files\Trend Micro
2012-01-25 10:16 . 2012-01-25 10:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-20 18:51 . 2012-01-20 18:52 -------- d-----w- c:\documents and settings\Antonio\Application Data\OpenCandy
2012-01-20 18:47 . 2012-01-20 18:48 -------- d-----w- c:\documents and settings\Antonio\Local Settings\Application Data\AskToolbar
2012-01-20 18:46 . 2012-01-20 18:46 -------- d-----w- c:\documents and settings\Antonio\Local Settings\Application Data\APN
2012-01-20 18:45 . 2012-01-20 18:45 -------- d-----w- c:\program files\DsNET Corp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 18:15 . 2011-10-18 14:17 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-09 19:11 . 2012-01-09 19:11 42192 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2011-12-21 16:32 . 2011-06-30 19:33 45896 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2011-12-20 17:23 . 2011-06-11 10:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-09-14 17:10 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2009-04-02 00:34 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2009-04-02 00:34 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2009-04-02 00:34 60416 ----a-w- c:\windows\system32\packager.exe
2011-09-23 04:44 . 2011-09-28 17:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
"{256db8bc-7da7-4248-97cd-44e07216b7f1}"= "c:\program files\PC-Helpsoft\prxtbPC-H.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{256db8bc-7da7-4248-97cd-44e07216b7f1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{256db8bc-7da7-4248-97cd-44e07216b7f1}]
2011-05-09 08:49 176936 ----a-w- c:\program files\PC-Helpsoft\prxtbPC-H.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:21 1299248 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{256db8bc-7da7-4248-97cd-44e07216b7f1}"= "c:\program files\PC-Helpsoft\prxtbPC-H.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{256db8bc-7da7-4248-97cd-44e07216b7f1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{256DB8BC-7DA7-4248-97CD-44E07216B7F1}"= "c:\program files\PC-Helpsoft\prxtbPC-H.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{256db8bc-7da7-4248-97cd-44e07216b7f1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Antonio\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\documents and settings\Paul\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-01-10 09:49 1358408 ----a-w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Paul\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [30/06/2011 19:33 45896]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/01/2012 10:16 56208]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [18/10/2011 14:17 36000]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 20:39 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/01/2012 10:16 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/01/2012 10:16 164112]
R2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [26/08/2010 14:53 687104]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/10/2011 14:17 86224]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [02/04/2009 01:59 4300]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [30/06/2011 19:33 204872]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/09/2011 17:10 652360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/01/2012 10:16 931640]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [31/12/2010 11:57 9216]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 03:01 30208]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [03/04/2011 09:37 72832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/09/2011 17:10 20464]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [09/01/2012 19:11 42192]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [02/04/2009 02:03 238464]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 13:33 80000]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/02/2010 12:41 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/02/2010 12:41 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [23/09/2009 18:07 7680]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [09/01/2012 19:11 42192]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [23/09/2009 18:08 110080]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - RapportIaso
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 12:41]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 12:41]
.
2012-02-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 16:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
FF - ProfilePath - c:\documents and settings\Antonio\Application Data\Mozilla\Firefox\Profiles\xdbv2m1f.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-PC Cleaner - c:\program files\PC Cleaner\PCCLauncher.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 18:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1552)
c:\program files\GBPLUGIN\gbieh.dll
.
- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\GBPLUGIN\gbieh.dll
c:\program files\Scpad\scpLIB.dll
c:\program files\Scpad\scpMIB.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-02-15 19:00:38
ComboFix-quarantined-files.txt 2012-02-15 19:00
.
Pre-Run: 50,439,180,288 bytes free
Post-Run: 51,407,609,856 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 447195088A5742C8A1C19B0888FA5A52

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

something still there for sure.
Try this one:
Download the TDSSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);
Run the TDSSKiller.exe file;
Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed .
The utility starts scanning the system for malicious and suspicious objects when you click the button Start scan.
f the utility detects an infection with the MBR bootkit, it will report the it has detected an infected object type “Physical drive” and prompt for action:

Cure. This action is only available if the utility has identified the exact type of the bootkit. If it has detected an unknown bootkit, it will be reported as Rootkit.Win32.BackBoot.gen.
Skip.
Copy to quarantine. The utility quarantines the infected MBR.
Restore. The utility restores a standard MBR.
A reboot might require after the disinfection has been completed.
Post back with the log.

Member Avatar
APSoares
Junior Poster in Training
57 posts since Jun 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

15:25:47.0366 0756 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:25:48.0678 0756 ============================================================
15:25:48.0678 0756 Current date / time: 2012/02/21 15:25:48.0678
15:25:48.0678 0756 SystemInfo:
15:25:48.0678 0756
15:25:48.0678 0756 OS Version: 5.1.2600 ServicePack: 3.0
15:25:48.0678 0756 Product type: Workstation
15:25:48.0678 0756 ComputerName: APSOARES
15:25:48.0678 0756 UserName: Antonio
15:25:48.0678 0756 Windows directory: C:\WINDOWS
15:25:48.0678 0756 System windows directory: C:\WINDOWS
15:25:48.0678 0756 Processor architecture: Intel x86
15:25:48.0678 0756 Number of processors: 2
15:25:48.0678 0756 Page size: 0x1000
15:25:48.0678 0756 Boot type: Normal boot
15:25:48.0678 0756 ============================================================
15:25:56.0100 0756 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:25:56.0100 0756 \Device\Harddisk0\DR0:
15:25:56.0100 0756 MBR used
15:25:56.0100 0756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x8E168F0
15:25:56.0100 0756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9A19800, BlocksNum 0x8FFF800
15:25:56.0194 0756 Initialize success
15:25:56.0194 0756 ============================================================
15:26:04.0116 3252 ============================================================
15:26:04.0116 3252 Scan started
15:26:04.0116 3252 Mode: Manual;
15:26:04.0116 3252 ============================================================
15:26:08.0850 3252 Abiosdsk - ok
15:26:08.0913 3252 abp480n5 - ok
15:26:08.0975 3252 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:26:08.0975 3252 ACPI - ok
15:26:09.0022 3252 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:26:09.0038 3252 ACPIEC - ok
15:26:09.0069 3252 adpu160m - ok
15:26:09.0132 3252 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:26:09.0147 3252 aec - ok
15:26:09.0303 3252 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:26:09.0319 3252 AFD - ok
15:26:09.0335 3252 Aha154x - ok
15:26:09.0366 3252 aic78u2 - ok
15:26:09.0397 3252 aic78xx - ok
15:26:09.0475 3252 AliIde - ok
15:26:09.0553 3252 amsint - ok
15:26:09.0757 3252 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys
15:26:09.0803 3252 AR5416 - ok
15:26:10.0100 3252 asc - ok
15:26:10.0132 3252 asc3350p - ok
15:26:10.0147 3252 asc3550 - ok
15:26:10.0288 3252 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:26:10.0288 3252 AsyncMac - ok
15:26:10.0350 3252 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:26:10.0350 3252 atapi - ok
15:26:10.0460 3252 Atdisk - ok
15:26:10.0522 3252 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:26:10.0522 3252 Atmarpc - ok
15:26:10.0569 3252 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:26:10.0569 3252 audstub - ok
15:26:10.0757 3252 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:26:10.0757 3252 avgntflt - ok
15:26:10.0819 3252 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:26:10.0819 3252 avipbb - ok
15:26:10.0991 3252 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:26:11.0007 3252 avkmgr - ok
15:26:11.0053 3252 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:26:11.0069 3252 Beep - ok
15:26:11.0163 3252 btaudio (b6e16da77eafe84a8c5bc44784feeaea) C:\WINDOWS\system32\drivers\btaudio.sys
15:26:11.0178 3252 btaudio - ok
15:26:11.0303 3252 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
15:26:11.0350 3252 BTDriver - ok
15:26:11.0710 3252 BTKRNL (48aad36baefb7820bfeb986763226905) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:26:11.0788 3252 BTKRNL - ok
15:26:11.0913 3252 BTWDNDIS (5629767b576a2fdccf1b518843058978) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
15:26:11.0913 3252 BTWDNDIS - ok
15:26:12.0007 3252 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
15:26:12.0007 3252 BTWUSB - ok
15:26:12.0147 3252 catchme - ok
15:26:12.0272 3252 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:26:12.0288 3252 cbidf2k - ok
15:26:12.0366 3252 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:26:12.0366 3252 CCDECODE - ok
15:26:12.0507 3252 cd20xrnt - ok
15:26:12.0553 3252 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:26:12.0553 3252 Cdaudio - ok
15:26:12.0616 3252 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:26:12.0663 3252 Cdfs - ok
15:26:12.0788 3252 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:26:12.0803 3252 Cdrom - ok
15:26:12.0850 3252 Changer - ok
15:26:12.0928 3252 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:26:12.0928 3252 CmBatt - ok
15:26:13.0053 3252 CmdIde - ok
15:26:13.0100 3252 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:26:13.0116 3252 Compbatt - ok
15:26:13.0178 3252 Cpqarray - ok
15:26:13.0210 3252 dac2w2k - ok
15:26:13.0241 3252 dac960nt - ok
15:26:13.0303 3252 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:26:13.0319 3252 Disk - ok
15:26:13.0382 3252 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:26:13.0413 3252 dmboot - ok
15:26:13.0585 3252 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:26:13.0585 3252 dmio - ok
15:26:13.0710 3252 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:26:13.0725 3252 dmload - ok
15:26:13.0772 3252 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:26:13.0819 3252 DMusic - ok
15:26:13.0991 3252 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys
15:26:13.0991 3252 DNSeFilter - ok
15:26:14.0038 3252 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
15:26:14.0085 3252 DOSMEMIO - ok
15:26:14.0194 3252 dpti2o - ok
15:26:14.0225 3252 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:26:14.0241 3252 drmkaud - ok
15:26:14.0303 3252 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:26:14.0382 3252 Fastfat - ok
15:26:14.0507 3252 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:26:14.0522 3252 Fdc - ok
15:26:14.0538 3252 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:26:14.0553 3252 Fips - ok
15:26:14.0585 3252 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:26:14.0585 3252 Flpydisk - ok
15:26:14.0678 3252 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:26:14.0741 3252 FltMgr - ok
15:26:14.0835 3252 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
15:26:14.0850 3252 fssfltr - ok
15:26:14.0944 3252 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:26:14.0944 3252 Fs_Rec - ok
15:26:15.0007 3252 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:26:15.0022 3252 Ftdisk - ok
15:26:15.0100 3252 GbpKm (98149db90fb1425e904e9724f4fde9c5) C:\WINDOWS\system32\drivers\gbpkm.sys
15:26:15.0100 3252 GbpKm - ok
15:26:15.0194 3252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:26:15.0210 3252 GEARAspiWDM - ok
15:26:15.0241 3252 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:26:15.0257 3252 Gpc - ok
15:26:15.0335 3252 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:26:15.0350 3252 HDAudBus - ok
15:26:15.0772 3252 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:26:15.0788 3252 HidUsb - ok
15:26:17.0007 3252 hpn - ok
15:26:17.0194 3252 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:26:17.0194 3252 HTTP - ok
15:26:17.0366 3252 huawei_enumerator (2f23aba465b24a57e8664a124a53cc15) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
15:26:17.0382 3252 huawei_enumerator - ok
15:26:17.0444 3252 hwdatacard (1c09309a3d793c57ef87ac60c6bbd739) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
15:26:17.0444 3252 hwdatacard - ok
15:26:17.0475 3252 i2omgmt - ok
15:26:17.0491 3252 i2omp - ok
15:26:17.0553 3252 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:26:17.0553 3252 i8042prt - ok
15:26:17.0913 3252 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:26:18.0178 3252 ialm - ok
15:26:18.0319 3252 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:26:18.0319 3252 Imapi - ok
15:26:18.0350 3252 ini910u - ok
15:26:18.0569 3252 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:26:18.0772 3252 IntcAzAudAddService - ok
15:26:18.0882 3252 IntelIde - ok
15:26:18.0944 3252 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:26:18.0944 3252 intelppm - ok
15:26:18.0975 3252 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:26:18.0975 3252 Ip6Fw - ok
15:26:19.0116 3252 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:26:19.0132 3252 IpFilterDriver - ok
15:26:19.0178 3252 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:26:19.0178 3252 IpInIp - ok
15:26:19.0241 3252 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:26:19.0257 3252 IpNat - ok
15:26:19.0428 3252 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:26:19.0428 3252 IPSec - ok
15:26:19.0694 3252 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:26:19.0710 3252 IRENUM - ok
15:26:20.0663 3252 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:26:20.0741 3252 isapnp - ok
15:26:20.0960 3252 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:26:20.0960 3252 Kbdclass - ok
15:26:21.0038 3252 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:26:21.0053 3252 kmixer - ok
15:26:21.0178 3252 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:26:21.0178 3252 KSecDD - ok
15:26:21.0225 3252 lbrtfdc - ok
15:26:21.0335 3252 massfilter (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys
15:26:21.0413 3252 massfilter - ok
15:26:21.0522 3252 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:26:21.0538 3252 MBAMProtector - ok
15:26:21.0616 3252 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:26:21.0616 3252 mnmdd - ok
15:26:21.0663 3252 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:26:21.0694 3252 Modem - ok
15:26:21.0866 3252 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:26:21.0866 3252 Mouclass - ok
15:26:21.0975 3252 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:26:21.0975 3252 mouhid - ok
15:26:22.0178 3252 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:26:22.0194 3252 MountMgr - ok
15:26:22.0210 3252 mraid35x - ok
15:26:22.0257 3252 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:26:22.0272 3252 MRxDAV - ok
15:26:22.0335 3252 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:26:22.0382 3252 MRxSmb - ok
15:26:22.0507 3252 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:26:22.0507 3252 Msfs - ok
15:26:22.0569 3252 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:26:22.0569 3252 MSKSSRV - ok
15:26:22.0616 3252 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:26:22.0616 3252 MSPCLOCK - ok
15:26:22.0772 3252 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:26:22.0772 3252 MSPQM - ok
15:26:22.0835 3252 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:26:22.0835 3252 mssmbios - ok
15:26:22.0944 3252 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:26:22.0944 3252 MSTEE - ok
15:26:23.0007 3252 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:26:23.0022 3252 Mup - ok
15:26:23.0163 3252 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:26:23.0163 3252 NABTSFEC - ok
15:26:24.0913 3252 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
15:26:24.0928 3252 NDIS - ok
15:26:25.0007 3252 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:26:25.0022 3252 NdisIP - ok
15:26:25.0163 3252 Ndisrd (c4a2ec41dfb9619fa3b792ea1e7a4b46) C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys
15:26:25.0163 3252 Ndisrd - ok
15:26:25.0210 3252 NdisrdMP (c4a2ec41dfb9619fa3b792ea1e7a4b46) C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys
15:26:25.0210 3252 NdisrdMP - ok
15:26:25.0257 3252 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:26:25.0257 3252 NdisTapi - ok
15:26:25.0382 3252 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:26:25.0382 3252 Ndisuio - ok
15:26:25.0413 3252 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:26:25.0428 3252 NdisWan - ok
15:26:25.0475 3252 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:26:25.0475 3252 NDProxy - ok
15:26:25.0616 3252 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:26:25.0616 3252 NetBIOS - ok
15:26:25.0663 3252 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:26:25.0678 3252 NetBT - ok
15:26:25.0819 3252 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:26:25.0819 3252 Npfs - ok
15:26:25.0913 3252 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:26:26.0100 3252 Ntfs - ok
15:26:26.0257 3252 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:26:26.0257 3252 Null - ok
15:26:26.0288 3252 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:26:26.0303 3252 NwlnkFlt - ok
15:26:26.0319 3252 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:26:26.0319 3252 NwlnkFwd - ok
15:26:26.0428 3252 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:26:26.0428 3252 Parport - ok
15:26:26.0507 3252 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:26:26.0522 3252 PartMgr - ok
15:26:26.0569 3252 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:26:26.0569 3252 ParVdm - ok
15:26:26.0632 3252 PCASp50 - ok
15:26:26.0678 3252 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:26:26.0710 3252 PCI - ok
15:26:27.0210 3252 PCIDump - ok
15:26:27.0382 3252 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:26:27.0413 3252 PCIIde - ok
15:26:27.0522 3252 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:26:27.0522 3252 Pcmcia - ok
15:26:27.0553 3252 PDCOMP - ok
15:26:27.0600 3252 PDFRAME - ok
15:26:27.0616 3252 PDRELI - ok
15:26:27.0663 3252 PDRFRAME - ok
15:26:27.0741 3252 perc2 - ok
15:26:28.0632 3252 perc2hib - ok
15:26:28.0835 3252 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:26:28.0850 3252 PptpMiniport - ok
15:26:28.0928 3252 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:26:28.0944 3252 PSched - ok
15:26:28.0991 3252 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:26:29.0007 3252 Ptilink - ok
15:26:29.0053 3252 ql1080 - ok
15:26:29.0116 3252 Ql10wnt - ok
15:26:29.0147 3252 ql12160 - ok
15:26:29.0194 3252 ql1240 - ok
15:26:29.0225 3252 ql1280 - ok
15:26:29.0350 3252 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
15:26:29.0366 3252 RapportCerberus_34302 - ok
15:26:29.0507 3252 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
15:26:29.0507 3252 RapportEI - ok
15:26:29.0647 3252 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
15:26:29.0647 3252 RapportIaso - ok
15:26:29.0803 3252 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\WINDOWS\system32\Drivers\RapportKELL.sys
15:26:29.0803 3252 RapportKELL - ok
15:26:29.0960 3252 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
15:26:29.0975 3252 RapportPG - ok
15:26:30.0100 3252 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:26:30.0116 3252 RasAcd - ok
15:26:30.0178 3252 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:26:30.0194 3252 Rasl2tp - ok
15:26:30.0366 3252 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:26:30.0366 3252 RasPppoe - ok
15:26:30.0413 3252 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:26:30.0413 3252 Raspti - ok
15:26:30.0616 3252 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:26:30.0632 3252 Rdbss - ok
15:26:30.0678 3252 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:26:30.0694 3252 RDPCDD - ok
15:26:30.0772 3252 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:26:30.0788 3252 RDPWD - ok
15:26:30.0897 3252 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:26:30.0897 3252 redbook - ok
15:26:31.0163 3252 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:26:31.0163 3252 Secdrv - ok
15:26:31.0272 3252 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:26:31.0272 3252 Serial - ok
15:26:31.0397 3252 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:26:31.0397 3252 Sfloppy - ok
15:26:32.0600 3252 Simbad - ok
15:26:32.0663 3252 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:26:32.0663 3252 SLIP - ok
15:26:32.0741 3252 Sparrow - ok
15:26:32.0819 3252 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:26:32.0819 3252 splitter - ok
15:26:32.0928 3252 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:26:33.0007 3252 sr - ok
15:26:33.0100 3252 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:26:33.0132 3252 Srv - ok
15:26:33.0225 3252 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:26:33.0241 3252 ssmdrv - ok
15:26:33.0288 3252 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:26:33.0350 3252 streamip - ok
15:26:33.0460 3252 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:26:33.0460 3252 swenum - ok
15:26:33.0522 3252 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:26:33.0522 3252 swmidi - ok
15:26:33.0553 3252 symc810 - ok
15:26:33.0569 3252 symc8xx - ok
15:26:33.0600 3252 sym_hi - ok
15:26:33.0632 3252 sym_u3 - ok
15:26:33.0835 3252 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:26:33.0850 3252 SynTP - ok
15:26:34.0288 3252 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:26:34.0288 3252 sysaudio - ok
15:26:34.0350 3252 tap0901 (3b45d2674414d1f5400b9c452a7a293f) C:\WINDOWS\system32\DRIVERS\tap0901.sys
15:26:34.0366 3252 tap0901 - ok
15:26:34.0553 3252 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:26:34.0585 3252 Tcpip - ok
15:26:34.0725 3252 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:26:34.0725 3252 TDPIPE - ok
15:26:34.0772 3252 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:26:34.0772 3252 TDTCP - ok
15:26:34.0913 3252 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:26:34.0928 3252 TermDD - ok
15:26:34.0975 3252 TosIde - ok
15:26:35.0053 3252 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:26:35.0116 3252 Udfs - ok
15:26:35.0210 3252 ultra - ok
15:26:35.0319 3252 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:26:35.0335 3252 Update - ok
15:26:36.0600 3252 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:26:36.0600 3252 USBAAPL - ok
15:26:36.0866 3252 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:26:37.0022 3252 usbaudio - ok
15:26:37.0147 3252 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:26:37.0225 3252 usbccgp - ok
15:26:37.0288 3252 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:26:37.0288 3252 usbehci - ok
15:26:37.0897 3252 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:26:37.0913 3252 usbhub - ok
15:26:38.0007 3252 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:26:38.0085 3252 usbscan - ok
15:26:38.0257 3252 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:26:38.0257 3252 USBSTOR - ok
15:26:38.0319 3252 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:26:38.0335 3252 usbuhci - ok
15:26:38.0444 3252 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:26:38.0507 3252 usbvideo - ok
15:26:38.0647 3252 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:26:38.0647 3252 VgaSave - ok
15:26:38.0663 3252 ViaIde - ok
15:26:38.0741 3252 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys
15:26:38.0757 3252 VMC326 - ok
15:26:38.0928 3252 vodafone_K3805-z_dc_enum (381ba57c1ee2ab1bafcb4a6035cc305f) C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
15:26:38.0928 3252 vodafone_K3805-z_dc_enum - ok
15:26:38.0960 3252 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:26:38.0975 3252 VolSnap - ok
15:26:39.0163 3252 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:26:39.0194 3252 Wanarp - ok
15:26:39.0366 3252 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:26:39.0382 3252 Wdf01000 - ok
15:26:40.0100 3252 WDICA - ok
15:26:40.0147 3252 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:26:40.0163 3252 wdmaud - ok
15:26:40.0397 3252 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:26:40.0413 3252 WS2IFSL - ok
15:26:40.0522 3252 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:26:40.0538 3252 WSTCODEC - ok
15:26:40.0772 3252 yukonwxp (1661bf323aa86d1b6dd1fb6f2402d119) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
15:26:40.0803 3252 yukonwxp - ok
15:26:41.0366 3252 ZTEusbmdm6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
15:26:41.0382 3252 ZTEusbmdm6k - ok
15:26:41.0428 3252 ZTEusbnet (911ba85906bc7602c73441502abfb565) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
15:26:41.0428 3252 ZTEusbnet - ok
15:26:41.0616 3252 ZTEusbnmea (69774b89725ddc4781e0eeb9809f3b20) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
15:26:41.0632 3252 ZTEusbnmea - ok
15:26:41.0663 3252 ZTEusbser6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
15:26:41.0663 3252 ZTEusbser6k - ok
15:26:41.0788 3252 MBR (0x1B8) (a0a345f7ab6f3bac008fb0de602e66cd) \Device\Harddisk0\DR0
15:26:42.0663 3252 \Device\Harddisk0\DR0 - ok
15:26:42.0819 3252 Boot (0x1200) (dc360610185b1cb5e01fef8f8f281174) \Device\Harddisk0\DR0\Partition0
15:26:42.0819 3252 \Device\Harddisk0\DR0\Partition0 - ok
15:26:43.0850 3252 Boot (0x1200) (cb1e3265b1a72b02cbcf096bcb1fb501) \Device\Harddisk0\DR0\Partition1
15:26:43.0850 3252 \Device\Harddisk0\DR0\Partition1 - ok
15:26:43.0897 3252 ============================================================
15:26:43.0897 3252 Scan finished
15:26:43.0897 3252 ============================================================
15:26:44.0038 1184 Detected object count: 0
15:26:44.0038 1184 Actual detected object count: 0

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article