Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Bad, Bad Rootkit.TDSS.v2

  1. #1
    Member
    Join Date
    Dec 2007
    Location
    Springfield MA, USA
    Posts
    32

    Default Bad, Bad Rootkit.TDSS.v2

    Hi,
    My anti-virus software keeps finding Rootkit.TDSS.v2 and deleting is over ond over and over. The only way I am able to get on the internet is the disable all of the startup items. I can not even start anything in the Control Panel.

    Here is DDS.txt
    The attach.txt is attached.

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
    Run by Admiral Turron at 18:20:25 on 2012-01-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1079 [GMT -5:00]
    .
    AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\Program Files\freeSSHd\FreeSSHDService.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlservr.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    svchost.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Winternals\Recovery Manager\filestore.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\PC Tools Security\pctsGui.exe
    C:\Program Files\PC Tools Security\pctsAuxs.exe
    C:\Program Files\PC Tools Security\pctsSvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.smith.edu/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools

    security\bdt\PCTBrowserDefender.dll
    BHO: AutorunsDisabled - No File
    BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all

    users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft

    office\office12\GrooveShellExtensions.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

    8.0\acrobat\AcroIEFavClient.dll
    BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - Updater For XFIN_PORTAL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    StartupFolder: c:\docume~1\admira~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
    uPolicies-explorer: NoInstrumentation = 1
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    Trusted Zone: com.tw\asia.msi
    Trusted Zone: com.tw\global.msi
    Trusted Zone: com.tw\www.msi
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: msi.com\www
    Trusted Zone: smith.edu\stod-kvm-a
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

    hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218942204500
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

    hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218942194859
    DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.smith.edu/dana-cached/setup/JuniperSetupSP1.cab
    TCP: Interfaces\{446EA4A1-BEC5-47D1-A446-582624668906} : NameServer = 68.87.71.230,68.87.73.246
    TCP: Interfaces\{97C302CB-1334-4BF2-8F91-80D138F03607} : DhcpNameServer = 68.87.71.230 68.87.73.246
    TCP: Interfaces\{EEB7000A-24A5-4EDC-9B71-8D35124DE109} : NameServer = 68.87.71.230,68.87.73.246
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: AutorunsDisabled - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft

    office\office12\GrooveShellExtensions.dll
    SEH: {299B5FAC-2168-4A5D-A67D-AA4C8F8055DA} - No File
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

    search\MSNLNamespaceMgr.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,credssp.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\admiral turron\application data\mozilla\firefox\profiles\c8qz2hea.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.smith.edu
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\documents and settings\all users\application

    data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application

    data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
    FF - plugin: c:\documents and settings\admiral turron\application data\move networks\plugins\npqmp071706000001.dll
    FF - plugin: c:\documents and settings\admiral turron\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\admiral turron\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\admiral turron\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\all users\application

    data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJPI150_16.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla

    firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

    presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application

    data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

    %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\admiral turron\application data\Move Networks
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-12-9 331880]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-9 341656]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-9 660992]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 494816]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 31704]
    R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2010-12-2 34592]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-12-9 253096]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-12-9 185560]
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-12-11

    546768]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1960584]
    R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-14 12672]
    R2 MSSQL$RECOVERYMANAGER;MSSQL$RECOVERYMANAGER;c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlservr.exe

    -srecoverymanager --> c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlservr.exe -sRECOVERYMANAGER [?]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe

    [2011-12-11 793056]
    R2 RMFilestore;Recovery Manager Data Store;c:\program files\winternals\recovery manager\FileStore.exe [2006-4-11 854528]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-12-9 402336]
    R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-12-9 1117624]
    R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2011-7-26 354176]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-18 54960]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-12-11 56840]
    R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-12-9 70536]
    R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 31848]
    S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan

    enterprise\mferkdk.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]
    S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\pc tools\pc tools utilities\tools\defrag\DMDefragSrv.exe

    [2011-12-11 1038304]
    S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\pc tools\pc tools utilities\tools\repair\DMRepairSrv.exe

    [2011-12-11 1030112]
    S3 FLASHSYS;FLASHSYS;\??\c:\program files\msi\live update 4\lu4\flashsys.sys --> c:\program files\msi\live update 4\lu4\FLASHSYS.sys [?]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-1-8 18560]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]
    S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\msi\live update 5\msibios32_100507.sys [2011-7-9 25912]
    S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\live update 5\NTIOLib.sys [2011-7-9 7680]
    S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-11 34760]
    S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-11 108864]
    S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-11 128120]
    S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 31848]
    S3 SQLAgent$RECOVERYMANAGER;SQLAgent$RECOVERYMANAGER;c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlagent.exe -i

    recoverymanager --> c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlagent.EXE -i RECOVERYMANAGER [?]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2008-8-17 223128]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-4-11 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-4-11 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-4-11 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-4-11 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-4-11 25704]
    S4 atitray;atitray;\??\c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys --> c:\program files\radeon omega

    drivers\v4.8.442\ati tray tools\atitray.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-24 00:55:53 -------- d-----w- c:\documents and settings\all users\application data\WePrint
    2011-12-22 01:33:07 1915791 ----a-w- C:\weprintwin23.exe
    2011-12-22 01:31:39 66048 ----a-w- c:\documents and settings\admiral turron\application data\WePrintCleanAfterBoot.exe
    2011-12-22 00:08:58 -------- d-----w- c:\program files\WePrint
    2011-12-20 23:05:45 -------- d-----w- c:\documents and settings\admiral turron\application data\PCTools
    2011-12-17 23:20:48 -------- d-----w- c:\program files\freeSSHd
    2011-12-16 22:23:23 -------- d-----w- c:\documents and settings\admiral turron\application data\X10 Commander
    2011-12-15 22:44:04 -------- d-----w- c:\windows\system32\IOSUBSYS
    2011-12-15 22:39:17 -------- d-----w- c:\program files\common files\ATI
    2011-12-15 22:37:32 516096 ------w- c:\windows\system32\ati2sgag.exe
    2011-12-15 22:36:38 -------- d-----w- c:\program files\ATI Technologies
    2011-12-12 15:25:47 -------- d-----w- c:\documents and settings\admiral turron\local settings\application data\Threat

    Expert
    .
    ==================== Find3M ====================
    .
    2011-12-19 18:59:21 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 18:59:20 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-12-19 18:59:19 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 18:58:56 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 18:58:55 301224 ----a-w- c:\windows\system32\guard32.dll
    2011-12-12 00:19:49 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2011-12-07 01:02:56 119767706 ----a-w- c:\documents and settings\admiral turron\application data\hkey_local_machine.reg
    2011-12-02 00:11:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-27 03:38:20 3511776 ----a-w- C:\ccsetup312.exe
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-23 00:43:02 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2011-11-23 00:42:40 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2011-11-23 00:41:28 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2011-11-23 00:38:04 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-11-14 21:07:06 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2011-11-14 21:07:04 2246608 ----a-w- c:\windows\PCTBDCore.dll
    2011-11-14 21:07:04 1681360 ----a-w- c:\windows\PCTBDRes.dll
    2011-11-14 21:06:54 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-11-14 20:12:26 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-11-14 20:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 23:47:32 128120 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
    2011-10-25 23:47:26 108864 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
    2011-10-25 23:46:40 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
    2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    .
    ============= FINISH: 18:23:27.77 ===============

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR




    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Dec 2007
    Location
    Springfield MA, USA
    Posts
    32

    Default Reply aswMBr.txt

    Hi,

    Here is the log..

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-18 18:42:50
    -----------------------------
    18:42:50.632 OS Version: Windows 5.1.2600 Service Pack 3
    18:42:50.632 Number of processors: 1 586 0xA00
    18:42:50.647 ComputerName: antec UserName:
    18:42:51.303 Initialize success
    18:43:19.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    18:43:19.132 Disk 0 Vendor: ST3160021A 8.01 Size: 152627MB BusType: 3
    18:43:19.132 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\fasttx2k1Port2Path0Target2Lun0
    18:43:19.132 Disk 1 Vendor: Promise_ 1.10 Size: 114473MB BusType: 1
    18:43:19.147 Disk 0 MBR read successfully
    18:43:19.147 Disk 0 MBR scan
    18:43:19.147 Disk 0 Windows XP default MBR code
    18:43:19.147 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
    18:43:19.163 Disk 0 scanning sectors +312576705
    18:43:19.225 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:43:28.194 Service scanning
    18:43:29.522 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    18:43:30.147 Modules scanning
    18:43:34.928 Module: C:\WINDOWS\System32\Drivers\nvatabus.sys **SUSPICIOUS**
    18:43:50.116 Disk 0 trace - called modules:
    18:43:50.132 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys tskA.tmp hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8af8573c]<<
    18:43:50.132 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af13ab8]
    18:43:50.132 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> [0x8af3a920]
    18:43:50.132 5 PCTCore.sys[f7222407] -> nt!IofCallDriver -> \Device\0000008c[0x8afc1a98]
    18:43:50.132 7 tskA.tmp[f733e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af15940]
    18:43:50.147 Scan finished successfully
    18:44:08.803 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admiral Turron\Desktop\MBR.dat"
    18:44:08.803 The log file has been saved successfully to "C:\Documents and Settings\Admiral Turron\Desktop\aswMBR.txt"

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hey,


    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Dec 2007
    Location
    Springfield MA, USA
    Posts
    32

    Default Ran TDSSKiller

    hi,
    There was no cure option. Only Skip, Copy to quarantine, and delete. I clicked continue and it finished. here is part 1 of the log (to long for one post).

    18:59:40.0600 3012 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
    18:59:42.0616 3012 ============================================================
    18:59:42.0616 3012 Current date / time: 2012/01/18 18:59:42.0616
    18:59:42.0616 3012 SystemInfo:
    18:59:42.0616 3012
    18:59:42.0616 3012 OS Version: 5.1.2600 ServicePack: 3.0
    18:59:42.0616 3012 Product type: Workstation
    18:59:42.0616 3012 ComputerName: antec
    18:59:42.0616 3012 UserName: Admiral Turron
    18:59:42.0616 3012 Windows directory: C:\WINDOWS
    18:59:42.0616 3012 System windows directory: C:\WINDOWS
    18:59:42.0616 3012 Processor architecture: Intel x86
    18:59:42.0616 3012 Number of processors: 1
    18:59:42.0616 3012 Page size: 0x1000
    18:59:42.0616 3012 Boot type: Normal boot
    18:59:42.0616 3012 ============================================================
    18:59:45.0960 3012 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2960000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
    18:59:46.0007 3012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    18:59:46.0007 3012 Drive \Device\Harddisk2\DR4 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:59:46.0132 3012 Initialize success
    18:59:51.0491 5776 ============================================================
    18:59:51.0491 5776 Scan started
    18:59:51.0491 5776 Mode: Manual;
    18:59:51.0491 5776 ============================================================
    18:59:52.0444 5776 Abiosdsk - ok
    18:59:52.0507 5776 abp480n5 - ok
    18:59:52.0585 5776 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\drivers\tskA.tmp
    18:59:52.0585 5776 ACPI - ok
    18:59:52.0694 5776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:59:52.0710 5776 ACPIEC - ok
    18:59:52.0788 5776 adpu160m - ok
    18:59:53.0303 5776 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:59:53.0303 5776 aec - ok
    18:59:53.0413 5776 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    18:59:53.0413 5776 AFD - ok
    18:59:53.0491 5776 Aha154x - ok
    18:59:53.0585 5776 aic78u2 - ok
    18:59:53.0663 5776 aic78xx - ok
    18:59:53.0772 5776 AliIde - ok
    18:59:53.0866 5776 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    18:59:53.0866 5776 AmdK7 - ok
    18:59:53.0975 5776 amsint - ok
    18:59:54.0085 5776 asc - ok
    18:59:54.0147 5776 asc3350p - ok
    18:59:54.0210 5776 asc3550 - ok
    18:59:54.0288 5776 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:59:54.0288 5776 AsyncMac - ok
    18:59:54.0413 5776 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:59:54.0413 5776 atapi - ok
    18:59:54.0507 5776 Atdisk - ok
    18:59:54.0585 5776 ATI Remote Wonder II (c7535e59be72f148f3c5efecadb2c54a) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
    18:59:54.0585 5776 ATI Remote Wonder II - ok
    18:59:54.0725 5776 ati2mtag (b9aa7785f472a658436676cdaafc94da) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    18:59:54.0741 5776 ati2mtag - ok
    18:59:54.0897 5776 ATIAVAIW (de216801d656910d1880af7274ac915e) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
    18:59:54.0897 5776 ATIAVAIW - ok
    18:59:55.0053 5776 atinevxx (ca870dca79fb389657fc6777cc122653) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
    18:59:55.0069 5776 atinevxx - ok
    18:59:55.0163 5776 atinrvxx (2a7fbeac77dba84cdac88409e3ed6afd) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
    18:59:55.0163 5776 atinrvxx - ok
    18:59:55.0241 5776 atitray - ok
    18:59:55.0350 5776 ATITUNEP (8c985ee304545b8613569a0a30be911d) C:\WINDOWS\system32\DRIVERS\atintuxx.sys
    18:59:55.0350 5776 ATITUNEP - ok
    18:59:55.0475 5776 ativraxx (2da08440551aaca2866326eb9f4d2647) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
    18:59:55.0475 5776 ativraxx - ok
    18:59:55.0585 5776 ATIXSAudio (dc396a0d278527b9bb1e9bb340a79dae) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
    18:59:55.0585 5776 ATIXSAudio - ok
    18:59:55.0694 5776 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:59:55.0694 5776 Atmarpc - ok
    18:59:55.0819 5776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:59:55.0819 5776 audstub - ok
    18:59:55.0944 5776 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
    18:59:55.0944 5776 BANTExt - ok
    18:59:56.0085 5776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:59:56.0085 5776 Beep - ok
    18:59:56.0241 5776 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    18:59:56.0241 5776 BVRPMPR5 - ok
    18:59:56.0382 5776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:59:56.0382 5776 cbidf2k - ok
    18:59:56.0491 5776 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    18:59:56.0507 5776 CCDECODE - ok
    18:59:56.0600 5776 cd20xrnt - ok
    18:59:56.0710 5776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:59:56.0710 5776 Cdaudio - ok
    18:59:56.0850 5776 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:59:56.0866 5776 Cdfs - ok
    18:59:56.0975 5776 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:59:56.0975 5776 Cdrom - ok
    18:59:57.0085 5776 Changer - ok
    18:59:57.0241 5776 cmdGuard (a2c97b4f0db351930d58f467948dc51d) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
    18:59:57.0257 5776 cmdGuard - ok
    18:59:57.0382 5776 cmdHlp (a736f2263310fee1799de88cb50c1023) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
    18:59:57.0382 5776 cmdHlp - ok
    18:59:57.0460 5776 CmdIde - ok
    18:59:57.0553 5776 CoolerXPDriver (ab6c82114ee1c9c0fe712f1e5e55c495) C:\Program Files\MSI\PC Alert 4\NTCooler.sys
    18:59:57.0553 5776 CoolerXPDriver - ok
    18:59:57.0647 5776 Cpqarray - ok
    18:59:57.0772 5776 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
    18:59:57.0772 5776 cpuz132 - ok
    18:59:57.0897 5776 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    18:59:57.0897 5776 ctsfm2k - ok
    18:59:58.0007 5776 dac2w2k - ok
    18:59:58.0116 5776 dac960nt - ok
    18:59:58.0428 5776 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:59:58.0428 5776 Disk - ok
    18:59:58.0600 5776 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:59:58.0632 5776 dmboot - ok
    18:59:58.0757 5776 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:59:58.0757 5776 dmio - ok
    18:59:58.0897 5776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:59:58.0897 5776 dmload - ok
    18:59:59.0053 5776 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:59:59.0053 5776 DMusic - ok
    18:59:59.0147 5776 dpti2o - ok
    18:59:59.0210 5776 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:59:59.0210 5776 drmkaud - ok
    18:59:59.0303 5776 dsNcAdpt - ok
    18:59:59.0397 5776 E1000 (c42009e37e377ae55968768e521e05c3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
    18:59:59.0413 5776 E1000 - ok
    18:59:59.0538 5776 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    18:59:59.0538 5776 E100B - ok
    18:59:59.0663 5776 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:59:59.0678 5776 Fastfat - ok
    18:59:59.0803 5776 fasttx2k (8958fc7f2df3c4f0a363a8644583485c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
    18:59:59.0803 5776 fasttx2k - ok
    18:59:59.0960 5776 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    18:59:59.0960 5776 Fdc - ok
    19:00:00.0350 5776 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    19:00:00.0350 5776 Fips - ok
    19:00:00.0491 5776 FLASHSYS - ok
    19:00:00.0882 5776 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    19:00:00.0882 5776 Flpydisk - ok
    19:00:01.0803 5776 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    19:00:02.0272 5776 FltMgr - ok
    19:00:02.0444 5776 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
    19:00:02.0444 5776 FlyUsb - ok
    19:00:02.0585 5776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:00:02.0585 5776 Fs_Rec - ok
    19:00:03.0835 5776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:00:03.0850 5776 Ftdisk - ok
    19:00:04.0100 5776 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    19:00:04.0100 5776 gameenum - ok
    19:00:04.0241 5776 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    19:00:04.0241 5776 GEARAspiWDM - ok
    19:00:04.0366 5776 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:00:04.0382 5776 Gpc - ok
    19:00:04.0507 5776 hcmon (aa90c2ece098a108a9178ac2c04a7649) C:\WINDOWS\system32\drivers\hcmon.sys
    19:00:04.0507 5776 hcmon - ok
    19:00:04.0632 5776 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:00:04.0632 5776 HidUsb - ok
    19:00:04.0757 5776 hpn - ok
    19:00:04.0882 5776 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    19:00:04.0897 5776 HTTP - ok
    19:00:05.0038 5776 i2omgmt - ok
    19:00:05.0116 5776 i2omp - ok
    19:00:05.0194 5776 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:00:05.0194 5776 i8042prt - ok
    19:00:05.0538 5776 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:00:05.0538 5776 Imapi - ok
    19:00:05.0632 5776 ini910u - ok
    19:00:05.0694 5776 Inspect (456003490faa4a2361ceacbfb6409172) C:\WINDOWS\system32\DRIVERS\inspect.sys
    19:00:05.0710 5776 Inspect - ok
    19:00:05.0803 5776 IntelIde - ok
    19:00:05.0928 5776 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    19:00:05.0928 5776 Ip6Fw - ok
    19:00:06.0085 5776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:00:06.0085 5776 IpFilterDriver - ok
    19:00:06.0225 5776 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:00:06.0225 5776 IpInIp - ok
    19:00:06.0366 5776 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:00:06.0382 5776 IpNat - ok
    19:00:06.0507 5776 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:00:06.0507 5776 IPSec - ok
    19:00:06.0616 5776 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:00:06.0616 5776 IRENUM - ok
    19:00:06.0757 5776 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:00:06.0757 5776 isapnp - ok
    19:00:06.0897 5776 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:00:06.0897 5776 Kbdclass - ok
    19:00:07.0022 5776 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    19:00:07.0022 5776 kmixer - ok
    19:00:07.0132 5776 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    19:00:07.0132 5776 KSecDD - ok
    19:00:07.0241 5776 lbrtfdc - ok
    19:00:07.0288 5776 mferkdk - ok
    19:00:07.0397 5776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    19:00:07.0397 5776 mnmdd - ok
    19:00:07.0538 5776 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    19:00:07.0538 5776 Modem - ok
    19:00:07.0647 5776 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:00:07.0647 5776 Mouclass - ok
    19:00:07.0819 5776 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    19:00:07.0819 5776 MountMgr - ok
    19:00:07.0975 5776 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    19:00:07.0975 5776 MPE - ok
    19:00:08.0085 5776 mraid35x - ok
    19:00:08.0272 5776 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:00:08.0288 5776 MRxDAV - ok
    19:00:08.0444 5776 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:00:08.0491 5776 MRxSmb - ok
    19:00:08.0632 5776 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    19:00:08.0632 5776 Msfs - ok
    19:00:08.0741 5776 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
    19:00:08.0741 5776 MSI_MSIBIOS_010507 - ok
    19:00:08.0882 5776 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:00:08.0882 5776 MSKSSRV - ok
    19:00:08.0991 5776 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:00:08.0991 5776 MSPCLOCK - ok
    19:00:09.0100 5776 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    19:00:09.0116 5776 MSPQM - ok
    19:00:09.0272 5776 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:00:09.0272 5776 mssmbios - ok
    19:00:09.0397 5776 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    19:00:09.0397 5776 MSTEE - ok
    19:00:09.0522 5776 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    19:00:09.0522 5776 Mup - ok
    19:00:09.0632 5776 MVDCODEC (a2e9454c71e8eb989c09ea73c3d30528) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
    19:00:09.0632 5776 MVDCODEC - ok
    19:00:09.0741 5776 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    19:00:09.0741 5776 NABTSFEC - ok
    19:00:09.0882 5776 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    19:00:09.0897 5776 NDIS - ok
    19:00:10.0022 5776 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    19:00:10.0022 5776 NdisIP - ok
    19:00:10.0132 5776 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:00:10.0132 5776 NdisTapi - ok
    19:00:10.0272 5776 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:00:10.0272 5776 Ndisuio - ok
    19:00:10.0382 5776 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:00:10.0382 5776 NdisWan - ok
    19:00:10.0507 5776 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    19:00:10.0507 5776 NDProxy - ok
    19:00:10.0616 5776 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:00:10.0616 5776 NetBIOS - ok
    19:00:10.0741 5776 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:00:10.0741 5776 NetBT - ok
    19:00:10.0882 5776 nipplpt2 (90261461c75c1ef5db8de89a809dd3fb) C:\WINDOWS\system32\drivers\nipplpt.sys
    19:00:10.0882 5776 nipplpt2 - ok
    19:00:11.0022 5776 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    19:00:11.0022 5776 Npfs - ok
    19:00:11.0147 5776 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    19:00:11.0163 5776 Ntfs - ok
    19:00:11.0272 5776 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
    19:00:11.0272 5776 NTIOLib_1_0_4 - ok
    19:00:11.0428 5776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    19:00:11.0428 5776 Null - ok
    19:00:11.0538 5776 nvatabus (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
    19:00:11.0538 5776 nvatabus - ok
    19:00:11.0663 5776 NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys
    19:00:11.0678 5776 NVENET - ok
    19:00:11.0819 5776 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
    19:00:11.0819 5776 nv_agp - ok
    19:00:11.0960 5776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:00:11.0960 5776 NwlnkFlt - ok
    19:00:12.0069 5776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:00:12.0069 5776 NwlnkFwd - ok
    19:00:12.0178 5776 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    19:00:12.0178 5776 NwlnkIpx - ok
    19:00:12.0335 5776 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    19:00:12.0335 5776 NwlnkNb - ok
    19:00:12.0444 5776 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    19:00:12.0444 5776 NwlnkSpx - ok
    19:00:12.0600 5776 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    19:00:12.0600 5776 ossrv - ok
    19:00:12.0741 5776 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
    19:00:12.0788 5776 P17 - ok
    19:00:12.0913 5776 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    19:00:12.0913 5776 Parport - ok
    19:00:13.0022 5776 Partizan (e228b03a922d46e29b88c4056861ee78) C:\WINDOWS\system32\drivers\Partizan.sys
    19:00:13.0022 5776 Partizan - ok
    19:00:13.0132 5776 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    19:00:13.0132 5776 PartMgr - ok
    19:00:13.0288 5776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    19:00:13.0288 5776 ParVdm - ok
    19:00:13.0397 5776 PCDCODEC (aa42a27232c45968f03b2fe9c0b6c111) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
    19:00:13.0397 5776 PCDCODEC - ok
    19:00:14.0194 5776 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    19:00:14.0210 5776 PCI - ok
    19:00:14.0288 5776 PCIDump - ok
    19:00:14.0428 5776 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:00:14.0428 5776 PCIIde - ok
    19:00:14.0553 5776 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:00:14.0553 5776 Pcmcia - ok
    19:00:14.0678 5776 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
    19:00:14.0678 5776 Pcouffin - ok
    19:00:14.0788 5776 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
    19:00:14.0788 5776 PCTBD - ok
    19:00:14.0928 5776 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
    19:00:14.0960 5776 PCTCore - ok
    19:00:15.0085 5776 PCTDMDefrag (c37e918f22a8cd4ee999056d1d58ec01) C:\WINDOWS\system32\drivers\PCTDMDefrag.sys
    19:00:15.0085 5776 PCTDMDefrag - ok
    19:00:15.0210 5776 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
    19:00:15.0225 5776 pctDS - ok
    19:00:15.0350 5776 PCTDSMon (93e866c1cbcc80e7ba52941c39985e35) C:\WINDOWS\system32\drivers\PCTDSMon.sys
    19:00:15.0350 5776 PCTDSMon - ok
    19:00:15.0475 5776 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
    19:00:15.0538 5776 pctEFA - ok
    19:00:15.0663 5776 pctgntdi (44fd6a1042c766df69bc6ba55780019d) C:\WINDOWS\system32\drivers\pctgntdi.sys
    19:00:15.0663 5776 pctgntdi - ok
    19:00:15.0803 5776 pctplsg (b5d22f79943e156bf8fabf1e4888820c) C:\WINDOWS\system32\drivers\pctplsg.sys
    19:00:15.0803 5776 pctplsg - ok
    19:00:15.0944 5776 PCTSD (86b9af53e46d0618d230608aed82622f) C:\WINDOWS\system32\Drivers\PCTSD.sys
    19:00:15.0944 5776 PCTSD - ok
    19:00:16.0053 5776 PDCOMP - ok
    19:00:16.0132 5776 PDFRAME - ok
    19:00:16.0225 5776 PDRELI - ok
    19:00:16.0272 5776 PDRFRAME - ok
    19:00:16.0319 5776 perc2 - ok
    19:00:16.0366 5776 perc2hib - ok
    19:00:16.0507 5776 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
    19:00:16.0507 5776 pnarp - ok
    19:00:16.0647 5776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:00:16.0647 5776 PptpMiniport - ok
    19:00:16.0772 5776 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    19:00:16.0772 5776 PSched - ok
    19:00:16.0928 5776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:00:16.0928 5776 Ptilink - ok
    19:00:17.0038 5776 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
    19:00:17.0038 5776 purendis - ok
    19:00:17.0163 5776 PxHelp20 (fd9d44ec6d99edfa3782f870b7e00682) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    19:00:17.0163 5776 PxHelp20 - ok
    19:00:17.0257 5776 ql1080 - ok
    19:00:17.0350 5776 Ql10wnt - ok
    19:00:17.0413 5776 ql12160 - ok
    19:00:17.0460 5776 ql1240 - ok
    19:00:17.0507 5776 ql1280 - ok
    19:00:17.0585 5776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:00:17.0585 5776 RasAcd - ok
    19:00:17.0694 5776 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:00:17.0694 5776 Rasl2tp - ok
    19:00:17.0835 5776 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:00:17.0835 5776 RasPppoe - ok
    19:00:17.0975 5776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:00:17.0975 5776 Raspti - ok
    19:00:18.0085 5776 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:00:18.0100 5776 Rdbss - ok
    19:00:18.0194 5776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:00:18.0194 5776 RDPCDD - ok
    19:00:18.0335 5776 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    19:00:18.0335 5776 rdpdr - ok
    19:00:18.0522 5776 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    19:00:18.0522 5776 RDPWD - ok
    19:00:18.0710 5776 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:00:18.0710 5776 redbook - ok
    19:00:18.0866 5776 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
    19:00:18.0866 5776 RRNetCap - ok
    19:00:18.0882 5776 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
    19:00:18.0882 5776 RRNetCapMP - ok
    19:00:19.0022 5776 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
    19:00:19.0022 5776 rspndr - ok
    19:00:19.0491 5776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:00:19.0491 5776 Secdrv - ok
    19:00:19.0678 5776 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    19:00:19.0678 5776 serenum - ok
    19:00:19.0882 5776 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    19:00:19.0882 5776 Serial - ok
    19:00:20.0022 5776 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:00:20.0022 5776 Sfloppy - ok
    19:00:20.0116 5776 Simbad - ok
    19:00:20.0210 5776 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    19:00:20.0210 5776 SLIP - ok
    19:00:20.0335 5776 snapman (79555b34913cb5d1ea429d295c5a17ac) C:\WINDOWS\system32\DRIVERS\snapman.sys
    19:00:20.0335 5776 snapman - ok
    19:00:20.0444 5776 Sparrow - ok
    19:00:20.0632 5776 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    19:00:20.0647 5776 splitter - ok
    19:00:20.0835 5776 sptd (090adc3d9b5730ac3b20bdd5a54e2d28) C:\WINDOWS\system32\Drivers\sptd.sys
    19:00:20.0835 5776 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 090adc3d9b5730ac3b20bdd5a54e2d28
    19:00:20.0835 5776 sptd ( LockedFile.Multi.Generic ) - warning
    19:00:20.0835 5776 sptd - detected LockedFile.Multi.Generic (1)
    19:00:20.0991 5776 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    19:00:20.0991 5776 sr - ok
    19:00:21.0132 5776 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    19:00:21.0163 5776 Srv - ok
    19:00:21.0335 5776 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    19:00:21.0335 5776 streamip - ok
    19:00:21.0522 5776 supersafer (28f0f7f8e4c9039289c80ca1385bc4b7) C:\WINDOWS\system32\drivers\supersafer.sys
    19:00:21.0522 5776 supersafer - ok
    19:00:21.0647 5776 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:00:21.0647 5776 swenum - ok
    19:00:21.0772 5776 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    19:00:21.0772 5776 swmidi - ok
    19:00:21.0897 5776 symc810 - ok
    19:00:21.0991 5776 symc8xx - ok
    19:00:22.0085 5776 sym_hi - ok
    19:00:22.0178 5776 sym_u3 - ok
    19:00:22.0303 5776 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    19:00:22.0303 5776 sysaudio - ok
    19:00:22.0460 5776 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
    19:00:22.0460 5776 tbhsd - ok
    19:00:22.0585 5776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:00:22.0600 5776 Tcpip - ok
    19:00:22.0710 5776 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:00:22.0710 5776 TDPIPE - ok
    19:00:22.0850 5776 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    19:00:22.0850 5776 TDTCP - ok
    19:00:22.0975 5776 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:00:22.0991 5776 TermDD - ok
    19:00:23.0116 5776 tifsfilter (18f20c81f84599bf457ed640891aad99) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    19:00:23.0116 5776 tifsfilter - ok
    19:00:23.0241 5776 timounter (7c31f485c2f8ce976280c86f3cb13d6c) C:\WINDOWS\system32\DRIVERS\timntr.sys
    19:00:23.0257 5776 timounter - ok
    19:00:23.0366 5776 TosIde - ok
    19:00:23.0475 5776 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
    19:00:23.0475 5776 TVICHW32 - ok
    19:00:23.0600 5776 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    19:00:23.0600 5776 Udfs - ok
    19:00:23.0710 5776 ultra - ok
    19:00:23.0819 5776 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    19:00:23.0835 5776 Update - ok
    19:00:23.0975 5776 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
    19:00:23.0975 5776 USBAAPL - ok
    19:00:24.0085 5776 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    19:00:24.0085 5776 usbccgp - ok
    19:00:24.0210 5776 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:00:24.0210 5776 usbehci - ok
    19:00:24.0303 5776 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:00:24.0319 5776 usbhub - ok
    19:00:24.0413 5776 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    19:00:24.0413 5776 usbohci - ok
    19:00:24.0522 5776 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    19:00:24.0522 5776 usbprint - ok
    19:00:24.0632 5776 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:00:24.0632 5776 USBSTOR - ok
    19:00:24.0757 5776 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
    19:00:24.0772 5776 vaxscsi - ok
    19:00:24.0897 5776 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
    19:00:24.0897 5776 VClone - ok
    19:00:25.0007 5776 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    19:00:25.0007 5776 VgaSave - ok
    19:00:25.0100 5776 ViaIde - ok
    19:00:25.0210 5776 vmci (d02a1df2e6809fc9c2b1126fb264a3e3) C:\WINDOWS\system32\Drivers\vmci.sys
    19:00:25.0210 5776 vmci - ok
    19:00:25.0319 5776 vmkbd (097d71a222afae1fbe3e95a36aae32cc) C:\WINDOWS\system32\drivers\VMkbd.sys
    19:00:25.0319 5776 vmkbd - ok
    19:00:25.0428 5776 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
    19:00:25.0428 5776 VMnetAdapter - ok
    19:00:25.0538 5776 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
    19:00:25.0538 5776 VMnetBridge - ok
    19:00:25.0647 5776 VMnetuserif (fc7b0b68a2a4afbab81fbb8aeeda1d21) C:\WINDOWS\system32\drivers\vmnetuserif.sys
    19:00:25.0663 5776 VMnetuserif - ok
    19:00:25.0772 5776 VMparport (07853acc99421d5752a4205cd6298570) C:\WINDOWS\system32\Drivers\VMparport.sys
    19:00:25.0772 5776 VMparport - ok
    19:00:25.0897 5776 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
    19:00:25.0897 5776 vmusb - ok
    19:00:26.0085 5776 vmx86 (935582f833ba49b6265e66322c6fb382) C:\WINDOWS\system32\Drivers\vmx86.sys
    19:00:26.0116 5776 vmx86 - ok
    19:00:26.0241 5776 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    19:00:26.0241 5776 VolSnap - ok
    19:00:26.0319 5776 vstor2-ws60 (e511cfb4b43b72cf9d1497e7c5bd1534) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
    19:00:26.0319 5776 vstor2-ws60 - ok
    19:00:26.0444 5776 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:00:26.0460 5776 Wanarp - ok
    19:00:26.0538 5776 WDICA - ok
    19:00:26.0600 5776 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    19:00:26.0600 5776 wdmaud - ok
    19:00:26.0819 5776 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    19:00:26.0819 5776 WS2IFSL - ok
    19:00:26.0960 5776 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
    19:00:26.0960 5776 WsAudio_DeviceS(1) - ok
    19:00:27.0085 5776 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
    19:00:27.0085 5776 WsAudio_DeviceS(2) - ok
    19:00:27.0225 5776 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
    19:00:27.0225 5776 WsAudio_DeviceS(3) - ok
    19:00:27.0335 5776 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
    19:00:27.0335 5776 WsAudio_DeviceS(4) - ok
    19:00:27.0444 5776 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
    19:00:27.0444 5776 WsAudio_DeviceS(5) - ok
    19:00:27.0569 5776 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    19:00:27.0585 5776 WSTCODEC - ok
    19:00:27.0647 5776 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    19:00:27.0647 5776 \Device\Harddisk1\DR1 - ok
    19:00:27.0663 5776 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
    19:00:27.0803 5776 \Device\Harddisk0\DR0 - ok
    19:00:27.0819 5776 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
    19:00:27.0819 5776 \Device\Harddisk2\DR4 - ok
    19:00:27.0835 5776 Boot (0x1200) (6a49a88b5a194b4883f7c72364ba8fa2) \Device\Harddisk1\DR1\Partition0
    19:00:27.0835 5776 \Device\Harddisk1\DR1\Partition0 - ok
    19:00:27.0866 5776 Boot (0x1200) (2af75fd008e780901779de87fb211890) \Device\Harddisk0\DR0\Partition0
    19:00:27.0866 5776 \Device\Harddisk0\DR0\Partition0 - ok
    19:00:27.0882 5776 Boot (0x1200) (38cdca3378d7cd35e7d3f4cd363ff988) \Device\Harddisk2\DR4\Partition0
    19:00:27.0882 5776 \Device\Harddisk2\DR4\Partition0 - ok
    19:00:27.0882 5776 ============================================================

  6. #6
    Member
    Join Date
    Dec 2007
    Location
    Springfield MA, USA
    Posts
    32

    Default

    Here is part 2....


    19:00:27.0882 5776 Scan finished
    19:00:27.0882 5776 ============================================================
    19:00:27.0897 4668 Detected object count: 1
    19:00:27.0897 4668 Actual detected object count: 1
    19:01:45.0147 4668 sptd ( LockedFile.Multi.Generic ) - skipped by user
    19:01:45.0147 4668 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    19:04:25.0116 5532 ============================================================
    19:04:25.0116 5532 Scan started
    19:04:25.0116 5532 Mode: Manual;
    19:04:25.0116 5532 ============================================================
    19:04:25.0835 5532 Abiosdsk - ok
    19:04:25.0913 5532 abp480n5 - ok
    19:04:26.0085 5532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\drivers\tskA.tmp
    19:04:26.0085 5532 ACPI - ok
    19:04:26.0194 5532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    19:04:26.0194 5532 ACPIEC - ok
    19:04:26.0288 5532 adpu160m - ok
    19:04:26.0366 5532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    19:04:26.0366 5532 aec - ok
    19:04:26.0491 5532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    19:04:26.0491 5532 AFD - ok
    19:04:26.0632 5532 Aha154x - ok
    19:04:26.0725 5532 aic78u2 - ok
    19:04:26.0803 5532 aic78xx - ok
    19:04:26.0897 5532 AliIde - ok
    19:04:27.0007 5532 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    19:04:27.0007 5532 AmdK7 - ok
    19:04:27.0100 5532 amsint - ok
    19:04:27.0194 5532 asc - ok
    19:04:27.0272 5532 asc3350p - ok
    19:04:27.0366 5532 asc3550 - ok
    19:04:27.0569 5532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:04:27.0569 5532 AsyncMac - ok
    19:04:27.0678 5532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:04:27.0694 5532 atapi - ok
    19:04:27.0772 5532 Atdisk - ok
    19:04:27.0850 5532 ATI Remote Wonder II (c7535e59be72f148f3c5efecadb2c54a) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
    19:04:27.0866 5532 ATI Remote Wonder II - ok
    19:04:27.0991 5532 ati2mtag (b9aa7785f472a658436676cdaafc94da) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    19:04:27.0991 5532 ati2mtag - ok
    19:04:28.0100 5532 ATIAVAIW (de216801d656910d1880af7274ac915e) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
    19:04:28.0100 5532 ATIAVAIW - ok
    19:04:28.0225 5532 atinevxx (ca870dca79fb389657fc6777cc122653) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
    19:04:28.0257 5532 atinevxx - ok
    19:04:28.0413 5532 atinrvxx (2a7fbeac77dba84cdac88409e3ed6afd) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
    19:04:28.0413 5532 atinrvxx - ok
    19:04:28.0491 5532 atitray - ok
    19:04:28.0647 5532 ATITUNEP (8c985ee304545b8613569a0a30be911d) C:\WINDOWS\system32\DRIVERS\atintuxx.sys
    19:04:28.0647 5532 ATITUNEP - ok
    19:04:28.0835 5532 ativraxx (2da08440551aaca2866326eb9f4d2647) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
    19:04:28.0835 5532 ativraxx - ok
    19:04:29.0007 5532 ATIXSAudio (dc396a0d278527b9bb1e9bb340a79dae) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
    19:04:29.0022 5532 ATIXSAudio - ok
    19:04:29.0163 5532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:04:29.0163 5532 Atmarpc - ok
    19:04:29.0288 5532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:04:29.0303 5532 audstub - ok
    19:04:29.0413 5532 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
    19:04:29.0428 5532 BANTExt - ok
    19:04:29.0600 5532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    19:04:29.0600 5532 Beep - ok
    19:04:29.0741 5532 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    19:04:29.0741 5532 BVRPMPR5 - ok
    19:04:29.0835 5532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:04:29.0835 5532 cbidf2k - ok
    19:04:29.0960 5532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    19:04:29.0960 5532 CCDECODE - ok
    19:04:30.0053 5532 cd20xrnt - ok
    19:04:30.0163 5532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:04:30.0163 5532 Cdaudio - ok
    19:04:30.0288 5532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    19:04:30.0288 5532 Cdfs - ok
    19:04:30.0413 5532 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:04:30.0413 5532 Cdrom - ok
    19:04:30.0491 5532 Changer - ok
    19:04:30.0600 5532 cmdGuard (a2c97b4f0db351930d58f467948dc51d) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
    19:04:30.0616 5532 cmdGuard - ok
    19:04:30.0741 5532 cmdHlp (a736f2263310fee1799de88cb50c1023) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
    19:04:30.0741 5532 cmdHlp - ok
    19:04:30.0850 5532 CmdIde - ok
    19:04:30.0944 5532 CoolerXPDriver (ab6c82114ee1c9c0fe712f1e5e55c495) C:\Program Files\MSI\PC Alert 4\NTCooler.sys
    19:04:30.0944 5532 CoolerXPDriver - ok
    19:04:31.0038 5532 Cpqarray - ok
    19:04:31.0147 5532 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
    19:04:31.0147 5532 cpuz132 - ok
    19:04:31.0303 5532 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    19:04:31.0303 5532 ctsfm2k - ok
    19:04:31.0413 5532 dac2w2k - ok
    19:04:31.0460 5532 dac960nt - ok
    19:04:31.0569 5532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    19:04:31.0569 5532 Disk - ok
    19:04:31.0710 5532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    19:04:31.0710 5532 dmboot - ok
    19:04:31.0835 5532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    19:04:31.0835 5532 dmio - ok
    19:04:31.0928 5532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    19:04:31.0928 5532 dmload - ok
    19:04:32.0053 5532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    19:04:32.0053 5532 DMusic - ok
    19:04:32.0147 5532 dpti2o - ok
    19:04:32.0210 5532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    19:04:32.0210 5532 drmkaud - ok
    19:04:32.0303 5532 dsNcAdpt - ok
    19:04:32.0413 5532 E1000 (c42009e37e377ae55968768e521e05c3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
    19:04:32.0413 5532 E1000 - ok
    19:04:32.0616 5532 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    19:04:32.0616 5532 E100B - ok
    19:04:32.0757 5532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    19:04:32.0757 5532 Fastfat - ok
    19:04:32.0866 5532 fasttx2k (8958fc7f2df3c4f0a363a8644583485c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
    19:04:32.0866 5532 fasttx2k - ok
    19:04:32.0975 5532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    19:04:32.0975 5532 Fdc - ok
    19:04:33.0335 5532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    19:04:33.0335 5532 Fips - ok
    19:04:33.0413 5532 FLASHSYS - ok
    19:04:33.0585 5532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    19:04:33.0585 5532 Flpydisk - ok
    19:04:33.0710 5532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    19:04:33.0710 5532 FltMgr - ok
    19:04:33.0835 5532 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
    19:04:33.0835 5532 FlyUsb - ok
    19:04:33.0975 5532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:04:33.0975 5532 Fs_Rec - ok
    19:04:34.0069 5532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:04:34.0069 5532 Ftdisk - ok
    19:04:34.0194 5532 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    19:04:34.0194 5532 gameenum - ok
    19:04:34.0319 5532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    19:04:34.0319 5532 GEARAspiWDM - ok
    19:04:34.0428 5532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:04:34.0428 5532 Gpc - ok
    19:04:34.0616 5532 hcmon (aa90c2ece098a108a9178ac2c04a7649) C:\WINDOWS\system32\drivers\hcmon.sys
    19:04:34.0616 5532 hcmon - ok
    19:04:34.0741 5532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:04:34.0741 5532 HidUsb - ok
    19:04:34.0819 5532 hpn - ok
    19:04:34.0944 5532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    19:04:34.0960 5532 HTTP - ok
    19:04:35.0053 5532 i2omgmt - ok
    19:04:35.0147 5532 i2omp - ok
    19:04:35.0241 5532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:04:35.0241 5532 i8042prt - ok
    19:04:35.0366 5532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:04:35.0366 5532 Imapi - ok
    19:04:35.0491 5532 ini910u - ok
    19:04:35.0632 5532 Inspect (456003490faa4a2361ceacbfb6409172) C:\WINDOWS\system32\DRIVERS\inspect.sys
    19:04:35.0632 5532 Inspect - ok
    19:04:35.0725 5532 IntelIde - ok
    19:04:35.0835 5532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    19:04:35.0835 5532 Ip6Fw - ok
    19:04:35.0960 5532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:04:35.0960 5532 IpFilterDriver - ok
    19:04:36.0069 5532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:04:36.0069 5532 IpInIp - ok
    19:04:36.0194 5532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:04:36.0194 5532 IpNat - ok
    19:04:36.0335 5532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:04:36.0335 5532 IPSec - ok
    19:04:36.0507 5532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:04:36.0507 5532 IRENUM - ok
    19:04:36.0663 5532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:04:36.0663 5532 isapnp - ok
    19:04:36.0788 5532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:04:36.0788 5532 Kbdclass - ok
    19:04:36.0913 5532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    19:04:36.0913 5532 kmixer - ok
    19:04:37.0022 5532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    19:04:37.0022 5532 KSecDD - ok
    19:04:37.0116 5532 lbrtfdc - ok
    19:04:37.0163 5532 mferkdk - ok
    19:04:37.0288 5532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    19:04:37.0288 5532 mnmdd - ok
    19:04:37.0413 5532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    19:04:37.0413 5532 Modem - ok
    19:04:37.0569 5532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:04:37.0585 5532 Mouclass - ok
    19:04:37.0694 5532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    19:04:37.0694 5532 MountMgr - ok
    19:04:37.0803 5532 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    19:04:37.0803 5532 MPE - ok
    19:04:37.0897 5532 mraid35x - ok
    19:04:38.0022 5532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:04:38.0022 5532 MRxDAV - ok
    19:04:38.0163 5532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:04:38.0163 5532 MRxSmb - ok
    19:04:38.0303 5532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    19:04:38.0303 5532 Msfs - ok
    19:04:38.0694 5532 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
    19:04:38.0710 5532 MSI_MSIBIOS_010507 - ok
    19:04:38.0819 5532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:04:38.0819 5532 MSKSSRV - ok
    19:04:38.0928 5532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:04:38.0928 5532 MSPCLOCK - ok
    19:04:39.0053 5532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    19:04:39.0053 5532 MSPQM - ok
    19:04:39.0163 5532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:04:39.0163 5532 mssmbios - ok
    19:04:39.0288 5532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    19:04:39.0288 5532 MSTEE - ok
    19:04:39.0413 5532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    19:04:39.0413 5532 Mup - ok
    19:04:39.0522 5532 MVDCODEC (a2e9454c71e8eb989c09ea73c3d30528) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
    19:04:39.0522 5532 MVDCODEC - ok
    19:04:39.0725 5532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    19:04:39.0725 5532 NABTSFEC - ok
    19:04:39.0850 5532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    19:04:39.0850 5532 NDIS - ok
    19:04:39.0975 5532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    19:04:39.0975 5532 NdisIP - ok
    19:04:40.0100 5532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:04:40.0100 5532 NdisTapi - ok
    19:04:40.0210 5532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:04:40.0210 5532 Ndisuio - ok
    19:04:40.0335 5532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:04:40.0350 5532 NdisWan - ok
    19:04:40.0522 5532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    19:04:40.0522 5532 NDProxy - ok
    19:04:40.0632 5532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:04:40.0632 5532 NetBIOS - ok
    19:04:40.0741 5532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:04:40.0741 5532 NetBT - ok
    19:04:40.0897 5532 nipplpt2 (90261461c75c1ef5db8de89a809dd3fb) C:\WINDOWS\system32\drivers\nipplpt.sys
    19:04:40.0897 5532 nipplpt2 - ok
    19:04:41.0022 5532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    19:04:41.0022 5532 Npfs - ok
    19:04:41.0163 5532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    19:04:41.0163 5532 Ntfs - ok
    19:04:41.0272 5532 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
    19:04:41.0272 5532 NTIOLib_1_0_4 - ok
    19:04:41.0444 5532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    19:04:41.0444 5532 Null - ok
    19:04:41.0600 5532 nvatabus (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
    19:04:41.0600 5532 nvatabus - ok
    19:04:41.0710 5532 NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys
    19:04:41.0710 5532 NVENET - ok
    19:04:41.0819 5532 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
    19:04:41.0835 5532 nv_agp - ok
    19:04:41.0944 5532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:04:41.0944 5532 NwlnkFlt - ok
    19:04:42.0053 5532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:04:42.0053 5532 NwlnkFwd - ok
    19:04:42.0163 5532 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    19:04:42.0163 5532 NwlnkIpx - ok
    19:04:42.0303 5532 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    19:04:42.0303 5532 NwlnkNb - ok
    19:04:42.0428 5532 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    19:04:42.0428 5532 NwlnkSpx - ok
    19:04:42.0616 5532 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    19:04:42.0616 5532 ossrv - ok
    19:04:42.0772 5532 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
    19:04:42.0788 5532 P17 - ok
    19:04:42.0913 5532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    19:04:42.0928 5532 Parport - ok
    19:04:43.0038 5532 Partizan (e228b03a922d46e29b88c4056861ee78) C:\WINDOWS\system32\drivers\Partizan.sys
    19:04:43.0038 5532 Partizan - ok
    19:04:43.0147 5532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    19:04:43.0147 5532 PartMgr - ok
    19:04:43.0257 5532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    19:04:43.0257 5532 ParVdm - ok
    19:04:43.0382 5532 PCDCODEC (aa42a27232c45968f03b2fe9c0b6c111) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
    19:04:43.0382 5532 PCDCODEC - ok
    19:04:43.0538 5532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    19:04:43.0538 5532 PCI - ok
    19:04:43.0882 5532 PCIDump - ok
    19:04:43.0991 5532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:04:43.0991 5532 PCIIde - ok
    19:04:44.0100 5532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:04:44.0116 5532 Pcmcia - ok
    19:04:44.0225 5532 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
    19:04:44.0225 5532 Pcouffin - ok
    19:04:44.0350 5532 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
    19:04:44.0350 5532 PCTBD - ok
    19:04:44.0475 5532 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
    19:04:44.0475 5532 PCTCore - ok
    19:04:44.0616 5532 PCTDMDefrag (c37e918f22a8cd4ee999056d1d58ec01) C:\WINDOWS\system32\drivers\PCTDMDefrag.sys
    19:04:44.0616 5532 PCTDMDefrag - ok
    19:04:44.0725 5532 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
    19:04:44.0741 5532 pctDS - ok
    19:04:44.0850 5532 PCTDSMon (93e866c1cbcc80e7ba52941c39985e35) C:\WINDOWS\system32\drivers\PCTDSMon.sys
    19:04:44.0850 5532 PCTDSMon - ok
    19:04:44.0975 5532 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
    19:04:44.0975 5532 pctEFA - ok
    19:04:45.0100 5532 pctgntdi (44fd6a1042c766df69bc6ba55780019d) C:\WINDOWS\system32\drivers\pctgntdi.sys
    19:04:45.0100 5532 pctgntdi - ok
    19:04:45.0210 5532 pctplsg (b5d22f79943e156bf8fabf1e4888820c) C:\WINDOWS\system32\drivers\pctplsg.sys
    19:04:45.0210 5532 pctplsg - ok
    19:04:45.0335 5532 PCTSD (86b9af53e46d0618d230608aed82622f) C:\WINDOWS\system32\Drivers\PCTSD.sys
    19:04:45.0335 5532 PCTSD - ok
    19:04:45.0428 5532 PDCOMP - ok
    19:04:45.0569 5532 PDFRAME - ok
    19:04:45.0647 5532 PDRELI - ok
    19:04:45.0725 5532 PDRFRAME - ok
    19:04:45.0819 5532 perc2 - ok
    19:04:45.0897 5532 perc2hib - ok
    19:04:46.0038 5532 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
    19:04:46.0038 5532 pnarp - ok
    19:04:46.0163 5532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:04:46.0163 5532 PptpMiniport - ok
    19:04:46.0288 5532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    19:04:46.0288 5532 PSched - ok
    19:04:46.0460 5532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:04:46.0460 5532 Ptilink - ok
    19:04:46.0569 5532 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
    19:04:46.0569 5532 purendis - ok
    19:04:46.0694 5532 PxHelp20 (fd9d44ec6d99edfa3782f870b7e00682) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    19:04:46.0694 5532 PxHelp20 - ok
    19:04:46.0788 5532 ql1080 - ok
    19:04:46.0866 5532 Ql10wnt - ok
    19:04:46.0960 5532 ql12160 - ok
    19:04:47.0038 5532 ql1240 - ok
    19:04:47.0100 5532 ql1280 - ok
    19:04:47.0210 5532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:04:47.0210 5532 RasAcd - ok
    19:04:47.0335 5532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:04:47.0335 5532 Rasl2tp - ok
    19:04:47.0460 5532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:04:47.0460 5532 RasPppoe - ok
    19:04:47.0569 5532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:04:47.0569 5532 Raspti - ok
    19:04:47.0694 5532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:04:47.0694 5532 Rdbss - ok
    19:04:47.0819 5532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:04:47.0819 5532 RDPCDD - ok
    19:04:47.0944 5532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    19:04:47.0944 5532 rdpdr - ok
    19:04:48.0085 5532 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    19:04:48.0085 5532 RDPWD - ok
    19:04:48.0210 5532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:04:48.0210 5532 redbook - ok
    19:04:48.0366 5532 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
    19:04:48.0366 5532 RRNetCap - ok
    19:04:48.0382 5532 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
    19:04:48.0382 5532 RRNetCapMP - ok
    19:04:48.0507 5532 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
    19:04:48.0507 5532 rspndr - ok
    19:04:48.0741 5532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:04:48.0741 5532 Secdrv - ok
    19:04:49.0116 5532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    19:04:49.0116 5532 serenum - ok
    19:04:49.0225 5532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    19:04:49.0225 5532 Serial - ok
    19:04:49.0350 5532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:04:49.0350 5532 Sfloppy - ok
    19:04:49.0475 5532 Simbad - ok
    19:04:49.0616 5532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    19:04:49.0616 5532 SLIP - ok
    19:04:49.0741 5532 snapman (79555b34913cb5d1ea429d295c5a17ac) C:\WINDOWS\system32\DRIVERS\snapman.sys
    19:04:49.0741 5532 snapman - ok
    19:04:49.0835 5532 Sparrow - ok
    19:04:49.0882 5532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    19:04:49.0897 5532 splitter - ok
    19:04:50.0038 5532 sptd (090adc3d9b5730ac3b20bdd5a54e2d28) C:\WINDOWS\system32\Drivers\sptd.sys
    19:04:50.0038 5532 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 090adc3d9b5730ac3b20bdd5a54e2d28
    19:04:50.0038 5532 sptd ( LockedFile.Multi.Generic ) - warning
    19:04:50.0038 5532 sptd - detected LockedFile.Multi.Generic (1)
    19:04:50.0163 5532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    19:04:50.0163 5532 sr - ok
    19:04:50.0319 5532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    19:04:50.0319 5532 Srv - ok
    19:04:50.0507 5532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    19:04:50.0507 5532 streamip - ok
    19:04:50.0647 5532 supersafer (28f0f7f8e4c9039289c80ca1385bc4b7) C:\WINDOWS\system32\drivers\supersafer.sys
    19:04:50.0647 5532 supersafer - ok
    19:04:50.0757 5532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:04:50.0757 5532 swenum - ok
    19:04:50.0866 5532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    19:04:50.0866 5532 swmidi - ok
    19:04:50.0960 5532 symc810 - ok
    19:04:51.0007 5532 symc8xx - ok
    19:04:51.0053 5532 sym_hi - ok
    19:04:51.0100 5532 sym_u3 - ok
    19:04:51.0178 5532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    19:04:51.0178 5532 sysaudio - ok
    19:04:51.0303 5532 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
    19:04:51.0303 5532 tbhsd - ok
    19:04:51.0444 5532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:04:51.0444 5532 Tcpip - ok
    19:04:51.0569 5532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:04:51.0569 5532 TDPIPE - ok
    19:04:51.0678 5532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    19:04:51.0678 5532 TDTCP - ok
    19:04:51.0788 5532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:04:51.0788 5532 TermDD - ok
    19:04:51.0913 5532 tifsfilter (18f20c81f84599bf457ed640891aad99) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    19:04:51.0913 5532 tifsfilter - ok
    19:04:52.0053 5532 timounter (7c31f485c2f8ce976280c86f3cb13d6c) C:\WINDOWS\system32\DRIVERS\timntr.sys
    19:04:52.0053 5532 timounter - ok
    19:04:52.0163 5532 TosIde - ok
    19:04:52.0225 5532 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
    19:04:52.0225 5532 TVICHW32 - ok
    19:04:52.0350 5532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    19:04:52.0366 5532 Udfs - ok
    19:04:52.0460 5532 ultra - ok
    19:04:52.0569 5532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    19:04:52.0569 5532 Update - ok
    19:04:52.0725 5532 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
    19:04:52.0725 5532 USBAAPL - ok
    19:04:52.0835 5532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    19:04:52.0835 5532 usbccgp - ok
    19:04:52.0960 5532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:04:52.0960 5532 usbehci - ok
    19:04:53.0053 5532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:04:53.0069 5532 usbhub - ok
    19:04:53.0178 5532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    19:04:53.0178 5532 usbohci - ok
    19:04:53.0288 5532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    19:04:53.0288 5532 usbprint - ok
    19:04:53.0397 5532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:04:53.0397 5532 USBSTOR - ok
    19:04:53.0522 5532 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
    19:04:53.0522 5532 vaxscsi - ok
    19:04:53.0632 5532 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
    19:04:53.0632 5532 VClone - ok
    19:04:53.0725 5532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    19:04:53.0725 5532 VgaSave - ok
    19:04:53.0835 5532 ViaIde - ok
    19:04:53.0944 5532 vmci (d02a1df2e6809fc9c2b1126fb264a3e3) C:\WINDOWS\system32\Drivers\vmci.sys
    19:04:53.0944 5532 vmci - ok
    19:04:54.0053 5532 vmkbd (097d71a222afae1fbe3e95a36aae32cc) C:\WINDOWS\system32\drivers\VMkbd.sys
    19:04:54.0053 5532 vmkbd - ok
    19:04:54.0428 5532 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
    19:04:54.0428 5532 VMnetAdapter - ok
    19:04:54.0538 5532 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
    19:04:54.0538 5532 VMnetBridge - ok
    19:04:54.0647 5532 VMnetuserif (fc7b0b68a2a4afbab81fbb8aeeda1d21) C:\WINDOWS\system32\drivers\vmnetuserif.sys
    19:04:54.0647 5532 VMnetuserif - ok
    19:04:54.0757 5532 VMparport (07853acc99421d5752a4205cd6298570) C:\WINDOWS\system32\Drivers\VMparport.sys
    19:04:54.0757 5532 VMparport - ok
    19:04:54.0866 5532 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
    19:04:54.0866 5532 vmusb - ok
    19:04:55.0022 5532 vmx86 (935582f833ba49b6265e66322c6fb382) C:\WINDOWS\system32\Drivers\vmx86.sys
    19:04:55.0038 5532 vmx86 - ok
    19:04:55.0147 5532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    19:04:55.0147 5532 VolSnap - ok
    19:04:55.0225 5532 vstor2-ws60 (e511cfb4b43b72cf9d1497e7c5bd1534) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
    19:04:55.0225 5532 vstor2-ws60 - ok
    19:04:55.0366 5532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:04:55.0366 5532 Wanarp - ok
    19:04:55.0460 5532 WDICA - ok
    19:04:55.0522 5532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    19:04:55.0522 5532 wdmaud - ok
    19:04:55.0710 5532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    19:04:55.0710 5532 WS2IFSL - ok
    19:04:55.0835 5532 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
    19:04:55.0835 5532 WsAudio_DeviceS(1) - ok
    19:04:55.0975 5532 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
    19:04:55.0975 5532 WsAudio_DeviceS(2) - ok
    19:04:56.0100 5532 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
    19:04:56.0100 5532 WsAudio_DeviceS(3) - ok
    19:04:56.0225 5532 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
    19:04:56.0225 5532 WsAudio_DeviceS(4) - ok
    19:04:56.0366 5532 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
    19:04:56.0366 5532 WsAudio_DeviceS(5) - ok
    19:04:56.0507 5532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    19:04:56.0507 5532 WSTCODEC - ok
    19:04:56.0569 5532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    19:04:56.0569 5532 \Device\Harddisk1\DR1 - ok
    19:04:56.0585 5532 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
    19:04:56.0725 5532 \Device\Harddisk0\DR0 - ok
    19:04:56.0741 5532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
    19:04:56.0741 5532 \Device\Harddisk2\DR4 - ok
    19:04:56.0741 5532 Boot (0x1200) (6a49a88b5a194b4883f7c72364ba8fa2) \Device\Harddisk1\DR1\Partition0
    19:04:56.0757 5532 \Device\Harddisk1\DR1\Partition0 - ok
    19:04:56.0757 5532 Boot (0x1200) (2af75fd008e780901779de87fb211890) \Device\Harddisk0\DR0\Partition0
    19:04:56.0757 5532 \Device\Harddisk0\DR0\Partition0 - ok
    19:04:56.0772 5532 Boot (0x1200) (38cdca3378d7cd35e7d3f4cd363ff988) \Device\Harddisk2\DR4\Partition0
    19:04:56.0772 5532 \Device\Harddisk2\DR4\Partition0 - ok
    19:04:56.0772 5532 ============================================================
    19:04:56.0772 5532 Scan finished
    19:04:56.0772 5532 ============================================================
    19:04:56.0803 3684 Detected object count: 1
    19:04:56.0803 3684 Actual detected object count: 1
    19:14:18.0319 3684 sptd ( LockedFile.Multi.Generic ) - skipped by user
    19:14:18.0319 3684 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    19:14:24.0210 2152 Deinitialize success

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thats fine, SPTD is your CD Rom driver, it could possibly be infected, lets check further


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Member
    Join Date
    Dec 2007
    Location
    Springfield MA, USA
    Posts
    32

    Default C

    Here is the combofix.txt

    ComboFix 12-01-18.04 - Admiral Turron 01/18/2012 19:54:02.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1264 [GMT -5:00]
    Running from: c:\documents and settings\Admiral Turron\Desktop\ComboFix.exe
    AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Admiral Turron\Application Data\GoogleEarthWinProSetup.exe
    c:\documents and settings\Admiral Turron\GoToAssistDownloadHelper.exe
    c:\documents and settings\Admiral Turron\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
    c:\windows\kb913800.exe
    c:\windows\system32\SET89.tmp
    c:\windows\system32\SET95.tmp
    c:\windows\system32\SETA2.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-17 18:51 . 2012-01-17 18:51 -------- d-----w- c:\documents and settings\Admiral Turron\Local Settings\Application Data\Temp
    2012-01-17 17:43 . 2012-01-17 17:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2012-01-13 16:06 . 2012-01-13 16:06 -------- d-----w- c:\documents and settings\Admiral Turron\Application Data\Curiolab
    2012-01-13 00:44 . 2012-01-13 00:44 98224 ----a-w- c:\windows\system32\drivers\36403866.sys
    2012-01-13 00:44 . 2012-01-13 00:44 187776 ----a-w- c:\windows\system32\drivers\tskA.tmp
    2012-01-13 00:39 . 2012-01-13 20:46 -------- d-----w- C:\TDSSKiller
    2012-01-10 23:16 . 2012-01-10 23:16 -------- d-----w- c:\program files\ERUNT
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2011-12-24 00:55 . 2011-12-24 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\WePrint
    2011-12-22 20:25 . 2012-01-09 01:56 -------- d-----w- c:\documents and settings\Administrator
    2011-12-22 01:33 . 2011-12-22 00:01 1915791 ----a-w- C:\weprintwin23.exe
    2011-12-22 01:31 . 2011-12-22 00:08 66048 ----a-w- c:\documents and settings\Admiral Turron\Application Data\WePrintCleanAfterBoot.exe
    2011-12-22 00:08 . 2011-12-27 02:36 -------- d-----w- c:\program files\WePrint
    2011-12-20 23:05 . 2011-12-20 23:05 -------- d-----w- c:\documents and settings\Admiral Turron\Application Data\PCTools
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-19 18:59 . 2010-09-11 04:40 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-12-19 18:59 . 2010-09-11 04:40 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 18:59 . 2010-09-11 04:40 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-12-19 18:59 . 2010-09-11 04:40 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 18:58 . 2011-11-27 01:28 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 18:58 . 2010-09-11 04:41 301224 ----a-w- c:\windows\system32\guard32.dll
    2011-12-12 00:19 . 2011-12-10 04:33 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2011-12-07 01:02 . 2011-07-27 01:47 119767706 ----a-w- c:\documents and settings\Admiral Turron\Application Data\hkey_local_machine.reg
    2011-12-02 00:11 . 2011-10-14 02:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-27 03:38 . 2011-11-27 03:38 3511776 ----a-w- C:\ccsetup312.exe
    2011-11-23 13:25 . 2007-02-03 17:11 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-23 00:43 . 2011-12-10 04:33 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2011-11-23 00:42 . 2011-12-10 04:33 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2011-11-23 00:41 . 2011-12-11 23:14 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2011-11-23 00:38 . 2011-12-10 04:33 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-11-14 21:07 . 2011-12-11 23:15 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2011-11-14 21:07 . 2011-12-11 23:15 2246608 ----a-w- c:\windows\PCTBDCore.dll
    2011-11-14 21:07 . 2011-12-11 23:15 1681360 ----a-w- c:\windows\PCTBDRes.dll
    2011-11-14 21:06 . 2011-12-11 23:15 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-11-14 20:12 . 2011-12-10 04:33 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-11-14 20:12 . 2011-12-10 04:33 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-11-04 19:20 . 2007-02-03 17:11 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 19:20 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 11:23 . 2004-08-04 03:59 385024 ------w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2007-02-03 16:53 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 05:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 23:47 . 2011-12-11 16:14 128120 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
    2011-10-25 23:47 . 2011-12-11 16:14 108864 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
    2011-10-25 23:46 . 2011-12-11 16:14 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
    2011-10-25 13:33 . 2007-02-03 16:52 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2006-10-30 03:27 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-09-19 84528]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "nForce Tray Options"="sstray.exe" [2003-12-17 73728]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-10-20 53248]
    "iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-10-20 57344]
    "DynSite"="c:\program files\Noel Danjou\DynSite\DynSite.exe" [2007-05-24 1396080]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
    "ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 335872]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-02-15 98304]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\documents and settings\Admiral Turron\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2011-12-21 2401280]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
    2010-05-21 00:11 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-06-24 21:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-07-09 20:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-11-13 11:16 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "mfevtp"=2 (0x2)
    "McTaskManager"=2 (0x2)
    "McShield"=2 (0x2)
    "McAfeeFramework"=2 (0x2)
    "McAfeeEngineService"=2 (0x2)
    "McAfee SiteAdvisor Service"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Hummingbird\\Connectivity\\10.00\\Exceed\\exceed.exe"=
    "c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\SSH Communications Security\\SSH Secure Shell\\SshClient.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
    "c:\\Program Files\\Acronis\\TrueImageConsole\\TrueImageRemoteConsole.exe"=
    "c:\\Program Files\\MSI\\Live Update 5\\LU5.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Admiral Turron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/9/2011 11:33 PM 331880]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/9/2011 11:33 PM 341656]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/9/2011 11:33 PM 660992]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/17/2008 2:54 PM 611064]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 494816]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/10/2010 11:40 PM 31704]
    R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [12/2/2010 10:40 AM 34592]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/9/2011 11:33 PM 253096]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [12/9/2011 11:33 PM 185560]
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12/11/2011 6:15 PM 546768]
    R2 MSSQL$RECOVERYMANAGER;MSSQL$RECOVERYMANAGER;c:\program files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlservr.exe -sRECOVERYMANAGER --> c:\program files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlservr.exe -sRECOVERYMANAGER [?]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/11/2011 11:14 AM 793056]
    R2 RMFilestore;Recovery Manager Data Store;c:\program files\Winternals\Recovery Manager\FileStore.exe [4/11/2006 11:22 PM 854528]
    R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [7/26/2011 8:37 PM 354176]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/18/2008 11:12 PM 54960]
    R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/16/2009 10:17 PM 47360]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [12/11/2011 6:15 PM 56840]
    R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [12/21/2009 2:34 PM 31848]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/11/2011 10:13 PM 136176]
    S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [12/11/2011 11:14 AM 1038304]
    S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [12/11/2011 11:14 AM 1030112]
    S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/8/2011 1:50 PM 18560]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/11/2011 10:13 PM 136176]
    S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [7/9/2011 8:59 PM 25912]
    S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [7/9/2011 8:59 PM 7680]
    S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2/11/2009 12:52 PM 34760]
    S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [12/11/2011 11:14 AM 108864]
    S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [12/11/2011 11:14 AM 128120]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/9/2011 11:33 PM 70536]
    S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [12/21/2009 2:34 PM 31848]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/9/2011 11:33 PM 402336]
    S3 SQLAgent$RECOVERYMANAGER;SQLAgent$RECOVERYMANAGER;c:\program files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlagent.EXE -i RECOVERYMANAGER --> c:\program files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlagent.EXE -i RECOVERYMANAGER [?]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [8/17/2008 3:08 PM 223128]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [4/11/2010 4:14 PM 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [4/11/2010 4:15 PM 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [4/11/2010 4:16 PM 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [4/11/2010 4:17 PM 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [4/11/2010 4:18 PM 25704]
    S4 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 10369355
    *NewlyCreated* - ASWMBR
    *Deregistered* - 10369355
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
    2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-12 03:13]
    .
    2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-12 03:13]
    .
    2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-839522115-1003Core.job
    - c:\documents and settings\Admiral Turron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-06 22:28]
    .
    2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-839522115-1003UA.job
    - c:\documents and settings\Admiral Turron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-06 22:28]
    .
    2011-06-18 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
    .
    2012-01-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-764733703-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-764733703-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.smith.edu/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
    Trusted Zone: com.tw\asia.msi
    Trusted Zone: com.tw\global.msi
    Trusted Zone: com.tw\www.msi
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: msi.com\www
    Trusted Zone: smith.edu\stod-kvm-a
    Trusted Zone: spybot.info\forums
    TCP: Interfaces\{446EA4A1-BEC5-47D1-A446-582624668906}: NameServer = 68.87.71.230,68.87.73.246
    TCP: Interfaces\{EEB7000A-24A5-4EDC-9B71-8D35124DE109}: NameServer = 68.87.71.230,68.87.73.246
    FF - ProfilePath - c:\documents and settings\Admiral Turron\Application Data\Mozilla\Firefox\Profiles\c8qz2hea.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.smith.edu
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Admiral Turron\Application Data\Move Networks
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-78499283.sys
    MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-18 20:12
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
    "ImagePath"="system32\drivers\tskA.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1040)
    c:\windows\system32\guard32.dll
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'winlogon.exe'(2948)
    c:\windows\system32\guard32.dll
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'lsass.exe'(1096)
    c:\windows\system32\guard32.dll
    c:\windows\system32\relog_ap.dll
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    - - - - - - - > 'csrss.exe'(1012)
    c:\windows\system32\cmdcsr.dll
    .
    - - - - - - - > 'csrss.exe'(3456)
    c:\windows\system32\cmdcsr.dll
    .
    Completion time: 2012-01-18 20:21:30
    ComboFix-quarantined-files.txt 2012-01-19 01:21
    .
    Pre-Run: 78,415,294,464 bytes free
    Post-Run: 79,005,110,272 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - CAC533329BB0AF00517EB57957EFB350

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Combofix logs take time to go over, in the meantime run this scanner please

    Download CKScanner by askey127 from Here & save it to your Desktop.
    • Doubleclick CKScanner.exe then click Search For Files
    • When the cursor hourglass disappears, click Save List To File
    • A message box will verify the file saved
    • Please Run this program only once
    • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Member
    Join Date
    Dec 2007
    Location
    Springfield MA, USA
    Posts
    32

    Default CKScanner ran

    Here is CKFiles.txt..

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\ssh communications security\ssh secure shell\ssh-keygen2.exe
    c:\program files\winternals\recovery manager\authkeygen.exe
    scanner sequence 3.LB.11.SUNASE
    ----- EOF -----

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •