PDA

View Full Version : Bad, Bad Rootkit.TDSS.v2



Cal626
2012-01-11, 01:57
Hi,
My anti-virus software keeps finding Rootkit.TDSS.v2 and deleting is over ond over and over. The only way I am able to get on the internet is the disable all of the startup items. I can not even start anything in the Control Panel.

Here is DDS.txt
The attach.txt is attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
Run by Admiral Turron at 18:20:25 on 2012-01-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1079 [GMT -5:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\freeSSHd\FreeSSHDService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlservr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
svchost.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Winternals\Recovery Manager\filestore.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smith.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools

security\bdt\PCTBrowserDefender.dll
BHO: AutorunsDisabled - No File
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all

users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft

office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - Updater For XFIN_PORTAL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\admira~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: NoInstrumentation = 1
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: intuit.com\ttlc
Trusted Zone: msi.com\www
Trusted Zone: smith.edu\stod-kvm-a
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218942204500
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218942194859
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.smith.edu/dana-cached/setup/JuniperSetupSP1.cab
TCP: Interfaces\{446EA4A1-BEC5-47D1-A446-582624668906} : NameServer = 68.87.71.230,68.87.73.246
TCP: Interfaces\{97C302CB-1334-4BF2-8F91-80D138F03607} : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{EEB7000A-24A5-4EDC-9B71-8D35124DE109} : NameServer = 68.87.71.230,68.87.73.246
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AutorunsDisabled - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft

office\office12\GrooveShellExtensions.dll
SEH: {299B5FAC-2168-4A5D-A67D-AA4C8F8055DA} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,credssp.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admiral turron\application data\mozilla\firefox\profiles\c8qz2hea.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.smith.edu
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\documents and settings\admiral turron\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\admiral turron\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admiral turron\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admiral turron\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJPI150_16.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla

firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

%profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\admiral turron\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-12-9 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-9 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-9 660992]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 494816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 31704]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2010-12-2 34592]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-12-9 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-12-9 185560]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-12-11

546768]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1960584]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-14 12672]
R2 MSSQL$RECOVERYMANAGER;MSSQL$RECOVERYMANAGER;c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlservr.exe

-srecoverymanager --> c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlservr.exe -sRECOVERYMANAGER [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe

[2011-12-11 793056]
R2 RMFilestore;Recovery Manager Data Store;c:\program files\winternals\recovery manager\FileStore.exe [2006-4-11 854528]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-12-9 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-12-9 1117624]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2011-7-26 354176]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-18 54960]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-12-11 56840]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-12-9 70536]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 31848]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan

enterprise\mferkdk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\pc tools\pc tools utilities\tools\defrag\DMDefragSrv.exe

[2011-12-11 1038304]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\pc tools\pc tools utilities\tools\repair\DMRepairSrv.exe

[2011-12-11 1030112]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\msi\live update 4\lu4\flashsys.sys --> c:\program files\msi\live update 4\lu4\FLASHSYS.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-1-8 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\msi\live update 5\msibios32_100507.sys [2011-7-9 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\live update 5\NTIOLib.sys [2011-7-9 7680]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-11 34760]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-11 108864]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-11 128120]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 31848]
S3 SQLAgent$RECOVERYMANAGER;SQLAgent$RECOVERYMANAGER;c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlagent.exe -i

recoverymanager --> c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlagent.EXE -i RECOVERYMANAGER [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2008-8-17 223128]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-4-11 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-4-11 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-4-11 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-4-11 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-4-11 25704]
S4 atitray;atitray;\??\c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys --> c:\program files\radeon omega

drivers\v4.8.442\ati tray tools\atitray.sys [?]
.
=============== Created Last 30 ================
.
2011-12-24 00:55:53 -------- d-----w- c:\documents and settings\all users\application data\WePrint
2011-12-22 01:33:07 1915791 ----a-w- C:\weprintwin23.exe
2011-12-22 01:31:39 66048 ----a-w- c:\documents and settings\admiral turron\application data\WePrintCleanAfterBoot.exe
2011-12-22 00:08:58 -------- d-----w- c:\program files\WePrint
2011-12-20 23:05:45 -------- d-----w- c:\documents and settings\admiral turron\application data\PCTools
2011-12-17 23:20:48 -------- d-----w- c:\program files\freeSSHd
2011-12-16 22:23:23 -------- d-----w- c:\documents and settings\admiral turron\application data\X10 Commander
2011-12-15 22:44:04 -------- d-----w- c:\windows\system32\IOSUBSYS
2011-12-15 22:39:17 -------- d-----w- c:\program files\common files\ATI
2011-12-15 22:37:32 516096 ------w- c:\windows\system32\ati2sgag.exe
2011-12-15 22:36:38 -------- d-----w- c:\program files\ATI Technologies
2011-12-12 15:25:47 -------- d-----w- c:\documents and settings\admiral turron\local settings\application data\Threat

Expert
.
==================== Find3M ====================
.
2011-12-19 18:59:21 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59:20 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59:19 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58:56 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58:55 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-12 00:19:49 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-12-07 01:02:56 119767706 ----a-w- c:\documents and settings\admiral turron\application data\hkey_local_machine.reg
2011-12-02 00:11:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-27 03:38:20 3511776 ----a-w- C:\ccsetup312.exe
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 00:43:02 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 00:42:40 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-23 00:41:28 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-11-23 00:38:04 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-14 21:07:06 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-14 21:07:04 2246608 ----a-w- c:\windows\PCTBDCore.dll
2011-11-14 21:07:04 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-14 21:06:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-14 20:12:26 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-14 20:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 23:47:32 128120 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
2011-10-25 23:47:26 108864 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
2011-10-25 23:46:40 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 18:23:27.77 ===============

ken545
2012-01-19, 01:34
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR




Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

Cal626
2012-01-19, 01:47
Hi,

Here is the log..

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-18 18:42:50
-----------------------------
18:42:50.632 OS Version: Windows 5.1.2600 Service Pack 3
18:42:50.632 Number of processors: 1 586 0xA00
18:42:50.647 ComputerName: antec UserName:
18:42:51.303 Initialize success
18:43:19.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:43:19.132 Disk 0 Vendor: ST3160021A 8.01 Size: 152627MB BusType: 3
18:43:19.132 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\fasttx2k1Port2Path0Target2Lun0
18:43:19.132 Disk 1 Vendor: Promise_ 1.10 Size: 114473MB BusType: 1
18:43:19.147 Disk 0 MBR read successfully
18:43:19.147 Disk 0 MBR scan
18:43:19.147 Disk 0 Windows XP default MBR code
18:43:19.147 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
18:43:19.163 Disk 0 scanning sectors +312576705
18:43:19.225 Disk 0 scanning C:\WINDOWS\system32\drivers
18:43:28.194 Service scanning
18:43:29.522 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
18:43:30.147 Modules scanning
18:43:34.928 Module: C:\WINDOWS\System32\Drivers\nvatabus.sys **SUSPICIOUS**
18:43:50.116 Disk 0 trace - called modules:
18:43:50.132 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys tskA.tmp hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8af8573c]<<
18:43:50.132 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af13ab8]
18:43:50.132 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> [0x8af3a920]
18:43:50.132 5 PCTCore.sys[f7222407] -> nt!IofCallDriver -> \Device\0000008c[0x8afc1a98]
18:43:50.132 7 tskA.tmp[f733e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af15940]
18:43:50.147 Scan finished successfully
18:44:08.803 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admiral Turron\Desktop\MBR.dat"
18:44:08.803 The log file has been saved successfully to "C:\Documents and Settings\Admiral Turron\Desktop\aswMBR.txt"

ken545
2012-01-19, 01:54
Hey,


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

Cal626
2012-01-19, 02:32
hi,
There was no cure option. Only Skip, Copy to quarantine, and delete. I clicked continue and it finished. here is part 1 of the log (to long for one post).

18:59:40.0600 3012 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
18:59:42.0616 3012 ============================================================
18:59:42.0616 3012 Current date / time: 2012/01/18 18:59:42.0616
18:59:42.0616 3012 SystemInfo:
18:59:42.0616 3012
18:59:42.0616 3012 OS Version: 5.1.2600 ServicePack: 3.0
18:59:42.0616 3012 Product type: Workstation
18:59:42.0616 3012 ComputerName: antec
18:59:42.0616 3012 UserName: Admiral Turron
18:59:42.0616 3012 Windows directory: C:\WINDOWS
18:59:42.0616 3012 System windows directory: C:\WINDOWS
18:59:42.0616 3012 Processor architecture: Intel x86
18:59:42.0616 3012 Number of processors: 1
18:59:42.0616 3012 Page size: 0x1000
18:59:42.0616 3012 Boot type: Normal boot
18:59:42.0616 3012 ============================================================
18:59:45.0960 3012 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2960000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
18:59:46.0007 3012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:59:46.0007 3012 Drive \Device\Harddisk2\DR4 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:59:46.0132 3012 Initialize success
18:59:51.0491 5776 ============================================================
18:59:51.0491 5776 Scan started
18:59:51.0491 5776 Mode: Manual;
18:59:51.0491 5776 ============================================================
18:59:52.0444 5776 Abiosdsk - ok
18:59:52.0507 5776 abp480n5 - ok
18:59:52.0585 5776 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\drivers\tskA.tmp
18:59:52.0585 5776 ACPI - ok
18:59:52.0694 5776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:59:52.0710 5776 ACPIEC - ok
18:59:52.0788 5776 adpu160m - ok
18:59:53.0303 5776 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:59:53.0303 5776 aec - ok
18:59:53.0413 5776 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:59:53.0413 5776 AFD - ok
18:59:53.0491 5776 Aha154x - ok
18:59:53.0585 5776 aic78u2 - ok
18:59:53.0663 5776 aic78xx - ok
18:59:53.0772 5776 AliIde - ok
18:59:53.0866 5776 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
18:59:53.0866 5776 AmdK7 - ok
18:59:53.0975 5776 amsint - ok
18:59:54.0085 5776 asc - ok
18:59:54.0147 5776 asc3350p - ok
18:59:54.0210 5776 asc3550 - ok
18:59:54.0288 5776 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:59:54.0288 5776 AsyncMac - ok
18:59:54.0413 5776 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:59:54.0413 5776 atapi - ok
18:59:54.0507 5776 Atdisk - ok
18:59:54.0585 5776 ATI Remote Wonder II (c7535e59be72f148f3c5efecadb2c54a) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
18:59:54.0585 5776 ATI Remote Wonder II - ok
18:59:54.0725 5776 ati2mtag (b9aa7785f472a658436676cdaafc94da) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:59:54.0741 5776 ati2mtag - ok
18:59:54.0897 5776 ATIAVAIW (de216801d656910d1880af7274ac915e) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
18:59:54.0897 5776 ATIAVAIW - ok
18:59:55.0053 5776 atinevxx (ca870dca79fb389657fc6777cc122653) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
18:59:55.0069 5776 atinevxx - ok
18:59:55.0163 5776 atinrvxx (2a7fbeac77dba84cdac88409e3ed6afd) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
18:59:55.0163 5776 atinrvxx - ok
18:59:55.0241 5776 atitray - ok
18:59:55.0350 5776 ATITUNEP (8c985ee304545b8613569a0a30be911d) C:\WINDOWS\system32\DRIVERS\atintuxx.sys
18:59:55.0350 5776 ATITUNEP - ok
18:59:55.0475 5776 ativraxx (2da08440551aaca2866326eb9f4d2647) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
18:59:55.0475 5776 ativraxx - ok
18:59:55.0585 5776 ATIXSAudio (dc396a0d278527b9bb1e9bb340a79dae) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
18:59:55.0585 5776 ATIXSAudio - ok
18:59:55.0694 5776 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:59:55.0694 5776 Atmarpc - ok
18:59:55.0819 5776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:59:55.0819 5776 audstub - ok
18:59:55.0944 5776 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
18:59:55.0944 5776 BANTExt - ok
18:59:56.0085 5776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:59:56.0085 5776 Beep - ok
18:59:56.0241 5776 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
18:59:56.0241 5776 BVRPMPR5 - ok
18:59:56.0382 5776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:59:56.0382 5776 cbidf2k - ok
18:59:56.0491 5776 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:59:56.0507 5776 CCDECODE - ok
18:59:56.0600 5776 cd20xrnt - ok
18:59:56.0710 5776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:59:56.0710 5776 Cdaudio - ok
18:59:56.0850 5776 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:59:56.0866 5776 Cdfs - ok
18:59:56.0975 5776 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:59:56.0975 5776 Cdrom - ok
18:59:57.0085 5776 Changer - ok
18:59:57.0241 5776 cmdGuard (a2c97b4f0db351930d58f467948dc51d) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
18:59:57.0257 5776 cmdGuard - ok
18:59:57.0382 5776 cmdHlp (a736f2263310fee1799de88cb50c1023) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
18:59:57.0382 5776 cmdHlp - ok
18:59:57.0460 5776 CmdIde - ok
18:59:57.0553 5776 CoolerXPDriver (ab6c82114ee1c9c0fe712f1e5e55c495) C:\Program Files\MSI\PC Alert 4\NTCooler.sys
18:59:57.0553 5776 CoolerXPDriver - ok
18:59:57.0647 5776 Cpqarray - ok
18:59:57.0772 5776 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
18:59:57.0772 5776 cpuz132 - ok
18:59:57.0897 5776 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
18:59:57.0897 5776 ctsfm2k - ok
18:59:58.0007 5776 dac2w2k - ok
18:59:58.0116 5776 dac960nt - ok
18:59:58.0428 5776 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:59:58.0428 5776 Disk - ok
18:59:58.0600 5776 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:59:58.0632 5776 dmboot - ok
18:59:58.0757 5776 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:59:58.0757 5776 dmio - ok
18:59:58.0897 5776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:59:58.0897 5776 dmload - ok
18:59:59.0053 5776 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:59:59.0053 5776 DMusic - ok
18:59:59.0147 5776 dpti2o - ok
18:59:59.0210 5776 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:59:59.0210 5776 drmkaud - ok
18:59:59.0303 5776 dsNcAdpt - ok
18:59:59.0397 5776 E1000 (c42009e37e377ae55968768e521e05c3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
18:59:59.0413 5776 E1000 - ok
18:59:59.0538 5776 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:59:59.0538 5776 E100B - ok
18:59:59.0663 5776 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:59:59.0678 5776 Fastfat - ok
18:59:59.0803 5776 fasttx2k (8958fc7f2df3c4f0a363a8644583485c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
18:59:59.0803 5776 fasttx2k - ok
18:59:59.0960 5776 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:59:59.0960 5776 Fdc - ok
19:00:00.0350 5776 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:00:00.0350 5776 Fips - ok
19:00:00.0491 5776 FLASHSYS - ok
19:00:00.0882 5776 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:00:00.0882 5776 Flpydisk - ok
19:00:01.0803 5776 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:00:02.0272 5776 FltMgr - ok
19:00:02.0444 5776 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
19:00:02.0444 5776 FlyUsb - ok
19:00:02.0585 5776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:00:02.0585 5776 Fs_Rec - ok
19:00:03.0835 5776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:00:03.0850 5776 Ftdisk - ok
19:00:04.0100 5776 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:00:04.0100 5776 gameenum - ok
19:00:04.0241 5776 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:00:04.0241 5776 GEARAspiWDM - ok
19:00:04.0366 5776 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:00:04.0382 5776 Gpc - ok
19:00:04.0507 5776 hcmon (aa90c2ece098a108a9178ac2c04a7649) C:\WINDOWS\system32\drivers\hcmon.sys
19:00:04.0507 5776 hcmon - ok
19:00:04.0632 5776 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:00:04.0632 5776 HidUsb - ok
19:00:04.0757 5776 hpn - ok
19:00:04.0882 5776 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:00:04.0897 5776 HTTP - ok
19:00:05.0038 5776 i2omgmt - ok
19:00:05.0116 5776 i2omp - ok
19:00:05.0194 5776 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:00:05.0194 5776 i8042prt - ok
19:00:05.0538 5776 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:00:05.0538 5776 Imapi - ok
19:00:05.0632 5776 ini910u - ok
19:00:05.0694 5776 Inspect (456003490faa4a2361ceacbfb6409172) C:\WINDOWS\system32\DRIVERS\inspect.sys
19:00:05.0710 5776 Inspect - ok
19:00:05.0803 5776 IntelIde - ok
19:00:05.0928 5776 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:00:05.0928 5776 Ip6Fw - ok
19:00:06.0085 5776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:00:06.0085 5776 IpFilterDriver - ok
19:00:06.0225 5776 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:00:06.0225 5776 IpInIp - ok
19:00:06.0366 5776 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:00:06.0382 5776 IpNat - ok
19:00:06.0507 5776 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:00:06.0507 5776 IPSec - ok
19:00:06.0616 5776 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:00:06.0616 5776 IRENUM - ok
19:00:06.0757 5776 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:00:06.0757 5776 isapnp - ok
19:00:06.0897 5776 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:00:06.0897 5776 Kbdclass - ok
19:00:07.0022 5776 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:00:07.0022 5776 kmixer - ok
19:00:07.0132 5776 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:00:07.0132 5776 KSecDD - ok
19:00:07.0241 5776 lbrtfdc - ok
19:00:07.0288 5776 mferkdk - ok
19:00:07.0397 5776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:00:07.0397 5776 mnmdd - ok
19:00:07.0538 5776 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:00:07.0538 5776 Modem - ok
19:00:07.0647 5776 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:00:07.0647 5776 Mouclass - ok
19:00:07.0819 5776 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:00:07.0819 5776 MountMgr - ok
19:00:07.0975 5776 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:00:07.0975 5776 MPE - ok
19:00:08.0085 5776 mraid35x - ok
19:00:08.0272 5776 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:00:08.0288 5776 MRxDAV - ok
19:00:08.0444 5776 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:00:08.0491 5776 MRxSmb - ok
19:00:08.0632 5776 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:00:08.0632 5776 Msfs - ok
19:00:08.0741 5776 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
19:00:08.0741 5776 MSI_MSIBIOS_010507 - ok
19:00:08.0882 5776 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:00:08.0882 5776 MSKSSRV - ok
19:00:08.0991 5776 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:00:08.0991 5776 MSPCLOCK - ok
19:00:09.0100 5776 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:00:09.0116 5776 MSPQM - ok
19:00:09.0272 5776 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:00:09.0272 5776 mssmbios - ok
19:00:09.0397 5776 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:00:09.0397 5776 MSTEE - ok
19:00:09.0522 5776 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:00:09.0522 5776 Mup - ok
19:00:09.0632 5776 MVDCODEC (a2e9454c71e8eb989c09ea73c3d30528) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
19:00:09.0632 5776 MVDCODEC - ok
19:00:09.0741 5776 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:00:09.0741 5776 NABTSFEC - ok
19:00:09.0882 5776 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:00:09.0897 5776 NDIS - ok
19:00:10.0022 5776 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:00:10.0022 5776 NdisIP - ok
19:00:10.0132 5776 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:00:10.0132 5776 NdisTapi - ok
19:00:10.0272 5776 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:00:10.0272 5776 Ndisuio - ok
19:00:10.0382 5776 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:00:10.0382 5776 NdisWan - ok
19:00:10.0507 5776 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:00:10.0507 5776 NDProxy - ok
19:00:10.0616 5776 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:00:10.0616 5776 NetBIOS - ok
19:00:10.0741 5776 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:00:10.0741 5776 NetBT - ok
19:00:10.0882 5776 nipplpt2 (90261461c75c1ef5db8de89a809dd3fb) C:\WINDOWS\system32\drivers\nipplpt.sys
19:00:10.0882 5776 nipplpt2 - ok
19:00:11.0022 5776 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:00:11.0022 5776 Npfs - ok
19:00:11.0147 5776 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:00:11.0163 5776 Ntfs - ok
19:00:11.0272 5776 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
19:00:11.0272 5776 NTIOLib_1_0_4 - ok
19:00:11.0428 5776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:00:11.0428 5776 Null - ok
19:00:11.0538 5776 nvatabus (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
19:00:11.0538 5776 nvatabus - ok
19:00:11.0663 5776 NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys
19:00:11.0678 5776 NVENET - ok
19:00:11.0819 5776 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
19:00:11.0819 5776 nv_agp - ok
19:00:11.0960 5776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:00:11.0960 5776 NwlnkFlt - ok
19:00:12.0069 5776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:00:12.0069 5776 NwlnkFwd - ok
19:00:12.0178 5776 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:00:12.0178 5776 NwlnkIpx - ok
19:00:12.0335 5776 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:00:12.0335 5776 NwlnkNb - ok
19:00:12.0444 5776 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:00:12.0444 5776 NwlnkSpx - ok
19:00:12.0600 5776 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
19:00:12.0600 5776 ossrv - ok
19:00:12.0741 5776 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
19:00:12.0788 5776 P17 - ok
19:00:12.0913 5776 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:00:12.0913 5776 Parport - ok
19:00:13.0022 5776 Partizan (e228b03a922d46e29b88c4056861ee78) C:\WINDOWS\system32\drivers\Partizan.sys
19:00:13.0022 5776 Partizan - ok
19:00:13.0132 5776 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:00:13.0132 5776 PartMgr - ok
19:00:13.0288 5776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:00:13.0288 5776 ParVdm - ok
19:00:13.0397 5776 PCDCODEC (aa42a27232c45968f03b2fe9c0b6c111) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
19:00:13.0397 5776 PCDCODEC - ok
19:00:14.0194 5776 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:00:14.0210 5776 PCI - ok
19:00:14.0288 5776 PCIDump - ok
19:00:14.0428 5776 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:00:14.0428 5776 PCIIde - ok
19:00:14.0553 5776 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:00:14.0553 5776 Pcmcia - ok
19:00:14.0678 5776 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
19:00:14.0678 5776 Pcouffin - ok
19:00:14.0788 5776 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
19:00:14.0788 5776 PCTBD - ok
19:00:14.0928 5776 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
19:00:14.0960 5776 PCTCore - ok
19:00:15.0085 5776 PCTDMDefrag (c37e918f22a8cd4ee999056d1d58ec01) C:\WINDOWS\system32\drivers\PCTDMDefrag.sys
19:00:15.0085 5776 PCTDMDefrag - ok
19:00:15.0210 5776 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
19:00:15.0225 5776 pctDS - ok
19:00:15.0350 5776 PCTDSMon (93e866c1cbcc80e7ba52941c39985e35) C:\WINDOWS\system32\drivers\PCTDSMon.sys
19:00:15.0350 5776 PCTDSMon - ok
19:00:15.0475 5776 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
19:00:15.0538 5776 pctEFA - ok
19:00:15.0663 5776 pctgntdi (44fd6a1042c766df69bc6ba55780019d) C:\WINDOWS\system32\drivers\pctgntdi.sys
19:00:15.0663 5776 pctgntdi - ok
19:00:15.0803 5776 pctplsg (b5d22f79943e156bf8fabf1e4888820c) C:\WINDOWS\system32\drivers\pctplsg.sys
19:00:15.0803 5776 pctplsg - ok
19:00:15.0944 5776 PCTSD (86b9af53e46d0618d230608aed82622f) C:\WINDOWS\system32\Drivers\PCTSD.sys
19:00:15.0944 5776 PCTSD - ok
19:00:16.0053 5776 PDCOMP - ok
19:00:16.0132 5776 PDFRAME - ok
19:00:16.0225 5776 PDRELI - ok
19:00:16.0272 5776 PDRFRAME - ok
19:00:16.0319 5776 perc2 - ok
19:00:16.0366 5776 perc2hib - ok
19:00:16.0507 5776 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
19:00:16.0507 5776 pnarp - ok
19:00:16.0647 5776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:00:16.0647 5776 PptpMiniport - ok
19:00:16.0772 5776 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:00:16.0772 5776 PSched - ok
19:00:16.0928 5776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:00:16.0928 5776 Ptilink - ok
19:00:17.0038 5776 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
19:00:17.0038 5776 purendis - ok
19:00:17.0163 5776 PxHelp20 (fd9d44ec6d99edfa3782f870b7e00682) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:00:17.0163 5776 PxHelp20 - ok
19:00:17.0257 5776 ql1080 - ok
19:00:17.0350 5776 Ql10wnt - ok
19:00:17.0413 5776 ql12160 - ok
19:00:17.0460 5776 ql1240 - ok
19:00:17.0507 5776 ql1280 - ok
19:00:17.0585 5776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:00:17.0585 5776 RasAcd - ok
19:00:17.0694 5776 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:00:17.0694 5776 Rasl2tp - ok
19:00:17.0835 5776 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:00:17.0835 5776 RasPppoe - ok
19:00:17.0975 5776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:00:17.0975 5776 Raspti - ok
19:00:18.0085 5776 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:00:18.0100 5776 Rdbss - ok
19:00:18.0194 5776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:00:18.0194 5776 RDPCDD - ok
19:00:18.0335 5776 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:00:18.0335 5776 rdpdr - ok
19:00:18.0522 5776 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:00:18.0522 5776 RDPWD - ok
19:00:18.0710 5776 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:00:18.0710 5776 redbook - ok
19:00:18.0866 5776 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
19:00:18.0866 5776 RRNetCap - ok
19:00:18.0882 5776 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
19:00:18.0882 5776 RRNetCapMP - ok
19:00:19.0022 5776 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:00:19.0022 5776 rspndr - ok
19:00:19.0491 5776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:00:19.0491 5776 Secdrv - ok
19:00:19.0678 5776 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:00:19.0678 5776 serenum - ok
19:00:19.0882 5776 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:00:19.0882 5776 Serial - ok
19:00:20.0022 5776 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:00:20.0022 5776 Sfloppy - ok
19:00:20.0116 5776 Simbad - ok
19:00:20.0210 5776 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:00:20.0210 5776 SLIP - ok
19:00:20.0335 5776 snapman (79555b34913cb5d1ea429d295c5a17ac) C:\WINDOWS\system32\DRIVERS\snapman.sys
19:00:20.0335 5776 snapman - ok
19:00:20.0444 5776 Sparrow - ok
19:00:20.0632 5776 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:00:20.0647 5776 splitter - ok
19:00:20.0835 5776 sptd (090adc3d9b5730ac3b20bdd5a54e2d28) C:\WINDOWS\system32\Drivers\sptd.sys
19:00:20.0835 5776 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 090adc3d9b5730ac3b20bdd5a54e2d28
19:00:20.0835 5776 sptd ( LockedFile.Multi.Generic ) - warning
19:00:20.0835 5776 sptd - detected LockedFile.Multi.Generic (1)
19:00:20.0991 5776 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:00:20.0991 5776 sr - ok
19:00:21.0132 5776 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:00:21.0163 5776 Srv - ok
19:00:21.0335 5776 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:00:21.0335 5776 streamip - ok
19:00:21.0522 5776 supersafer (28f0f7f8e4c9039289c80ca1385bc4b7) C:\WINDOWS\system32\drivers\supersafer.sys
19:00:21.0522 5776 supersafer - ok
19:00:21.0647 5776 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:00:21.0647 5776 swenum - ok
19:00:21.0772 5776 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:00:21.0772 5776 swmidi - ok
19:00:21.0897 5776 symc810 - ok
19:00:21.0991 5776 symc8xx - ok
19:00:22.0085 5776 sym_hi - ok
19:00:22.0178 5776 sym_u3 - ok
19:00:22.0303 5776 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:00:22.0303 5776 sysaudio - ok
19:00:22.0460 5776 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
19:00:22.0460 5776 tbhsd - ok
19:00:22.0585 5776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:00:22.0600 5776 Tcpip - ok
19:00:22.0710 5776 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:00:22.0710 5776 TDPIPE - ok
19:00:22.0850 5776 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:00:22.0850 5776 TDTCP - ok
19:00:22.0975 5776 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:00:22.0991 5776 TermDD - ok
19:00:23.0116 5776 tifsfilter (18f20c81f84599bf457ed640891aad99) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:00:23.0116 5776 tifsfilter - ok
19:00:23.0241 5776 timounter (7c31f485c2f8ce976280c86f3cb13d6c) C:\WINDOWS\system32\DRIVERS\timntr.sys
19:00:23.0257 5776 timounter - ok
19:00:23.0366 5776 TosIde - ok
19:00:23.0475 5776 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
19:00:23.0475 5776 TVICHW32 - ok
19:00:23.0600 5776 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:00:23.0600 5776 Udfs - ok
19:00:23.0710 5776 ultra - ok
19:00:23.0819 5776 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:00:23.0835 5776 Update - ok
19:00:23.0975 5776 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:00:23.0975 5776 USBAAPL - ok
19:00:24.0085 5776 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:00:24.0085 5776 usbccgp - ok
19:00:24.0210 5776 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:00:24.0210 5776 usbehci - ok
19:00:24.0303 5776 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:00:24.0319 5776 usbhub - ok
19:00:24.0413 5776 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:00:24.0413 5776 usbohci - ok
19:00:24.0522 5776 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:00:24.0522 5776 usbprint - ok
19:00:24.0632 5776 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:00:24.0632 5776 USBSTOR - ok
19:00:24.0757 5776 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
19:00:24.0772 5776 vaxscsi - ok
19:00:24.0897 5776 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
19:00:24.0897 5776 VClone - ok
19:00:25.0007 5776 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:00:25.0007 5776 VgaSave - ok
19:00:25.0100 5776 ViaIde - ok
19:00:25.0210 5776 vmci (d02a1df2e6809fc9c2b1126fb264a3e3) C:\WINDOWS\system32\Drivers\vmci.sys
19:00:25.0210 5776 vmci - ok
19:00:25.0319 5776 vmkbd (097d71a222afae1fbe3e95a36aae32cc) C:\WINDOWS\system32\drivers\VMkbd.sys
19:00:25.0319 5776 vmkbd - ok
19:00:25.0428 5776 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
19:00:25.0428 5776 VMnetAdapter - ok
19:00:25.0538 5776 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
19:00:25.0538 5776 VMnetBridge - ok
19:00:25.0647 5776 VMnetuserif (fc7b0b68a2a4afbab81fbb8aeeda1d21) C:\WINDOWS\system32\drivers\vmnetuserif.sys
19:00:25.0663 5776 VMnetuserif - ok
19:00:25.0772 5776 VMparport (07853acc99421d5752a4205cd6298570) C:\WINDOWS\system32\Drivers\VMparport.sys
19:00:25.0772 5776 VMparport - ok
19:00:25.0897 5776 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
19:00:25.0897 5776 vmusb - ok
19:00:26.0085 5776 vmx86 (935582f833ba49b6265e66322c6fb382) C:\WINDOWS\system32\Drivers\vmx86.sys
19:00:26.0116 5776 vmx86 - ok
19:00:26.0241 5776 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:00:26.0241 5776 VolSnap - ok
19:00:26.0319 5776 vstor2-ws60 (e511cfb4b43b72cf9d1497e7c5bd1534) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
19:00:26.0319 5776 vstor2-ws60 - ok
19:00:26.0444 5776 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:00:26.0460 5776 Wanarp - ok
19:00:26.0538 5776 WDICA - ok
19:00:26.0600 5776 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:00:26.0600 5776 wdmaud - ok
19:00:26.0819 5776 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:00:26.0819 5776 WS2IFSL - ok
19:00:26.0960 5776 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
19:00:26.0960 5776 WsAudio_DeviceS(1) - ok
19:00:27.0085 5776 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
19:00:27.0085 5776 WsAudio_DeviceS(2) - ok
19:00:27.0225 5776 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
19:00:27.0225 5776 WsAudio_DeviceS(3) - ok
19:00:27.0335 5776 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
19:00:27.0335 5776 WsAudio_DeviceS(4) - ok
19:00:27.0444 5776 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
19:00:27.0444 5776 WsAudio_DeviceS(5) - ok
19:00:27.0569 5776 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:00:27.0585 5776 WSTCODEC - ok
19:00:27.0647 5776 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:00:27.0647 5776 \Device\Harddisk1\DR1 - ok
19:00:27.0663 5776 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
19:00:27.0803 5776 \Device\Harddisk0\DR0 - ok
19:00:27.0819 5776 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
19:00:27.0819 5776 \Device\Harddisk2\DR4 - ok
19:00:27.0835 5776 Boot (0x1200) (6a49a88b5a194b4883f7c72364ba8fa2) \Device\Harddisk1\DR1\Partition0
19:00:27.0835 5776 \Device\Harddisk1\DR1\Partition0 - ok
19:00:27.0866 5776 Boot (0x1200) (2af75fd008e780901779de87fb211890) \Device\Harddisk0\DR0\Partition0
19:00:27.0866 5776 \Device\Harddisk0\DR0\Partition0 - ok
19:00:27.0882 5776 Boot (0x1200) (38cdca3378d7cd35e7d3f4cd363ff988) \Device\Harddisk2\DR4\Partition0
19:00:27.0882 5776 \Device\Harddisk2\DR4\Partition0 - ok
19:00:27.0882 5776 ============================================================

Cal626
2012-01-19, 02:33
Here is part 2....


19:00:27.0882 5776 Scan finished
19:00:27.0882 5776 ============================================================
19:00:27.0897 4668 Detected object count: 1
19:00:27.0897 4668 Actual detected object count: 1
19:01:45.0147 4668 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:01:45.0147 4668 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:04:25.0116 5532 ============================================================
19:04:25.0116 5532 Scan started
19:04:25.0116 5532 Mode: Manual;
19:04:25.0116 5532 ============================================================
19:04:25.0835 5532 Abiosdsk - ok
19:04:25.0913 5532 abp480n5 - ok
19:04:26.0085 5532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\drivers\tskA.tmp
19:04:26.0085 5532 ACPI - ok
19:04:26.0194 5532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:04:26.0194 5532 ACPIEC - ok
19:04:26.0288 5532 adpu160m - ok
19:04:26.0366 5532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:04:26.0366 5532 aec - ok
19:04:26.0491 5532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:04:26.0491 5532 AFD - ok
19:04:26.0632 5532 Aha154x - ok
19:04:26.0725 5532 aic78u2 - ok
19:04:26.0803 5532 aic78xx - ok
19:04:26.0897 5532 AliIde - ok
19:04:27.0007 5532 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
19:04:27.0007 5532 AmdK7 - ok
19:04:27.0100 5532 amsint - ok
19:04:27.0194 5532 asc - ok
19:04:27.0272 5532 asc3350p - ok
19:04:27.0366 5532 asc3550 - ok
19:04:27.0569 5532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:04:27.0569 5532 AsyncMac - ok
19:04:27.0678 5532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:04:27.0694 5532 atapi - ok
19:04:27.0772 5532 Atdisk - ok
19:04:27.0850 5532 ATI Remote Wonder II (c7535e59be72f148f3c5efecadb2c54a) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
19:04:27.0866 5532 ATI Remote Wonder II - ok
19:04:27.0991 5532 ati2mtag (b9aa7785f472a658436676cdaafc94da) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:04:27.0991 5532 ati2mtag - ok
19:04:28.0100 5532 ATIAVAIW (de216801d656910d1880af7274ac915e) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
19:04:28.0100 5532 ATIAVAIW - ok
19:04:28.0225 5532 atinevxx (ca870dca79fb389657fc6777cc122653) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
19:04:28.0257 5532 atinevxx - ok
19:04:28.0413 5532 atinrvxx (2a7fbeac77dba84cdac88409e3ed6afd) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
19:04:28.0413 5532 atinrvxx - ok
19:04:28.0491 5532 atitray - ok
19:04:28.0647 5532 ATITUNEP (8c985ee304545b8613569a0a30be911d) C:\WINDOWS\system32\DRIVERS\atintuxx.sys
19:04:28.0647 5532 ATITUNEP - ok
19:04:28.0835 5532 ativraxx (2da08440551aaca2866326eb9f4d2647) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
19:04:28.0835 5532 ativraxx - ok
19:04:29.0007 5532 ATIXSAudio (dc396a0d278527b9bb1e9bb340a79dae) C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
19:04:29.0022 5532 ATIXSAudio - ok
19:04:29.0163 5532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:04:29.0163 5532 Atmarpc - ok
19:04:29.0288 5532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:04:29.0303 5532 audstub - ok
19:04:29.0413 5532 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
19:04:29.0428 5532 BANTExt - ok
19:04:29.0600 5532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:04:29.0600 5532 Beep - ok
19:04:29.0741 5532 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
19:04:29.0741 5532 BVRPMPR5 - ok
19:04:29.0835 5532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:04:29.0835 5532 cbidf2k - ok
19:04:29.0960 5532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:04:29.0960 5532 CCDECODE - ok
19:04:30.0053 5532 cd20xrnt - ok
19:04:30.0163 5532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:04:30.0163 5532 Cdaudio - ok
19:04:30.0288 5532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:04:30.0288 5532 Cdfs - ok
19:04:30.0413 5532 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:04:30.0413 5532 Cdrom - ok
19:04:30.0491 5532 Changer - ok
19:04:30.0600 5532 cmdGuard (a2c97b4f0db351930d58f467948dc51d) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:04:30.0616 5532 cmdGuard - ok
19:04:30.0741 5532 cmdHlp (a736f2263310fee1799de88cb50c1023) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:04:30.0741 5532 cmdHlp - ok
19:04:30.0850 5532 CmdIde - ok
19:04:30.0944 5532 CoolerXPDriver (ab6c82114ee1c9c0fe712f1e5e55c495) C:\Program Files\MSI\PC Alert 4\NTCooler.sys
19:04:30.0944 5532 CoolerXPDriver - ok
19:04:31.0038 5532 Cpqarray - ok
19:04:31.0147 5532 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
19:04:31.0147 5532 cpuz132 - ok
19:04:31.0303 5532 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
19:04:31.0303 5532 ctsfm2k - ok
19:04:31.0413 5532 dac2w2k - ok
19:04:31.0460 5532 dac960nt - ok
19:04:31.0569 5532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:04:31.0569 5532 Disk - ok
19:04:31.0710 5532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:04:31.0710 5532 dmboot - ok
19:04:31.0835 5532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:04:31.0835 5532 dmio - ok
19:04:31.0928 5532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:04:31.0928 5532 dmload - ok
19:04:32.0053 5532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:04:32.0053 5532 DMusic - ok
19:04:32.0147 5532 dpti2o - ok
19:04:32.0210 5532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:04:32.0210 5532 drmkaud - ok
19:04:32.0303 5532 dsNcAdpt - ok
19:04:32.0413 5532 E1000 (c42009e37e377ae55968768e521e05c3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
19:04:32.0413 5532 E1000 - ok
19:04:32.0616 5532 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:04:32.0616 5532 E100B - ok
19:04:32.0757 5532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:04:32.0757 5532 Fastfat - ok
19:04:32.0866 5532 fasttx2k (8958fc7f2df3c4f0a363a8644583485c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
19:04:32.0866 5532 fasttx2k - ok
19:04:32.0975 5532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:04:32.0975 5532 Fdc - ok
19:04:33.0335 5532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:04:33.0335 5532 Fips - ok
19:04:33.0413 5532 FLASHSYS - ok
19:04:33.0585 5532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:04:33.0585 5532 Flpydisk - ok
19:04:33.0710 5532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:04:33.0710 5532 FltMgr - ok
19:04:33.0835 5532 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
19:04:33.0835 5532 FlyUsb - ok
19:04:33.0975 5532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:04:33.0975 5532 Fs_Rec - ok
19:04:34.0069 5532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:04:34.0069 5532 Ftdisk - ok
19:04:34.0194 5532 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:04:34.0194 5532 gameenum - ok
19:04:34.0319 5532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:04:34.0319 5532 GEARAspiWDM - ok
19:04:34.0428 5532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:04:34.0428 5532 Gpc - ok
19:04:34.0616 5532 hcmon (aa90c2ece098a108a9178ac2c04a7649) C:\WINDOWS\system32\drivers\hcmon.sys
19:04:34.0616 5532 hcmon - ok
19:04:34.0741 5532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:04:34.0741 5532 HidUsb - ok
19:04:34.0819 5532 hpn - ok
19:04:34.0944 5532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:04:34.0960 5532 HTTP - ok
19:04:35.0053 5532 i2omgmt - ok
19:04:35.0147 5532 i2omp - ok
19:04:35.0241 5532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:04:35.0241 5532 i8042prt - ok
19:04:35.0366 5532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:04:35.0366 5532 Imapi - ok
19:04:35.0491 5532 ini910u - ok
19:04:35.0632 5532 Inspect (456003490faa4a2361ceacbfb6409172) C:\WINDOWS\system32\DRIVERS\inspect.sys
19:04:35.0632 5532 Inspect - ok
19:04:35.0725 5532 IntelIde - ok
19:04:35.0835 5532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:04:35.0835 5532 Ip6Fw - ok
19:04:35.0960 5532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:04:35.0960 5532 IpFilterDriver - ok
19:04:36.0069 5532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:04:36.0069 5532 IpInIp - ok
19:04:36.0194 5532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:04:36.0194 5532 IpNat - ok
19:04:36.0335 5532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:04:36.0335 5532 IPSec - ok
19:04:36.0507 5532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:04:36.0507 5532 IRENUM - ok
19:04:36.0663 5532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:04:36.0663 5532 isapnp - ok
19:04:36.0788 5532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:04:36.0788 5532 Kbdclass - ok
19:04:36.0913 5532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:04:36.0913 5532 kmixer - ok
19:04:37.0022 5532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:04:37.0022 5532 KSecDD - ok
19:04:37.0116 5532 lbrtfdc - ok
19:04:37.0163 5532 mferkdk - ok
19:04:37.0288 5532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:04:37.0288 5532 mnmdd - ok
19:04:37.0413 5532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:04:37.0413 5532 Modem - ok
19:04:37.0569 5532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:04:37.0585 5532 Mouclass - ok
19:04:37.0694 5532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:04:37.0694 5532 MountMgr - ok
19:04:37.0803 5532 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:04:37.0803 5532 MPE - ok
19:04:37.0897 5532 mraid35x - ok
19:04:38.0022 5532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:04:38.0022 5532 MRxDAV - ok
19:04:38.0163 5532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:04:38.0163 5532 MRxSmb - ok
19:04:38.0303 5532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:04:38.0303 5532 Msfs - ok
19:04:38.0694 5532 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
19:04:38.0710 5532 MSI_MSIBIOS_010507 - ok
19:04:38.0819 5532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:04:38.0819 5532 MSKSSRV - ok
19:04:38.0928 5532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:04:38.0928 5532 MSPCLOCK - ok
19:04:39.0053 5532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:04:39.0053 5532 MSPQM - ok
19:04:39.0163 5532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:04:39.0163 5532 mssmbios - ok
19:04:39.0288 5532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:04:39.0288 5532 MSTEE - ok
19:04:39.0413 5532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:04:39.0413 5532 Mup - ok
19:04:39.0522 5532 MVDCODEC (a2e9454c71e8eb989c09ea73c3d30528) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
19:04:39.0522 5532 MVDCODEC - ok
19:04:39.0725 5532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:04:39.0725 5532 NABTSFEC - ok
19:04:39.0850 5532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:04:39.0850 5532 NDIS - ok
19:04:39.0975 5532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:04:39.0975 5532 NdisIP - ok
19:04:40.0100 5532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:04:40.0100 5532 NdisTapi - ok
19:04:40.0210 5532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:04:40.0210 5532 Ndisuio - ok
19:04:40.0335 5532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:04:40.0350 5532 NdisWan - ok
19:04:40.0522 5532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:04:40.0522 5532 NDProxy - ok
19:04:40.0632 5532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:04:40.0632 5532 NetBIOS - ok
19:04:40.0741 5532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:04:40.0741 5532 NetBT - ok
19:04:40.0897 5532 nipplpt2 (90261461c75c1ef5db8de89a809dd3fb) C:\WINDOWS\system32\drivers\nipplpt.sys
19:04:40.0897 5532 nipplpt2 - ok
19:04:41.0022 5532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:04:41.0022 5532 Npfs - ok
19:04:41.0163 5532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:04:41.0163 5532 Ntfs - ok
19:04:41.0272 5532 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
19:04:41.0272 5532 NTIOLib_1_0_4 - ok
19:04:41.0444 5532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:04:41.0444 5532 Null - ok
19:04:41.0600 5532 nvatabus (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
19:04:41.0600 5532 nvatabus - ok
19:04:41.0710 5532 NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys
19:04:41.0710 5532 NVENET - ok
19:04:41.0819 5532 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
19:04:41.0835 5532 nv_agp - ok
19:04:41.0944 5532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:04:41.0944 5532 NwlnkFlt - ok
19:04:42.0053 5532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:04:42.0053 5532 NwlnkFwd - ok
19:04:42.0163 5532 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:04:42.0163 5532 NwlnkIpx - ok
19:04:42.0303 5532 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:04:42.0303 5532 NwlnkNb - ok
19:04:42.0428 5532 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:04:42.0428 5532 NwlnkSpx - ok
19:04:42.0616 5532 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
19:04:42.0616 5532 ossrv - ok
19:04:42.0772 5532 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
19:04:42.0788 5532 P17 - ok
19:04:42.0913 5532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:04:42.0928 5532 Parport - ok
19:04:43.0038 5532 Partizan (e228b03a922d46e29b88c4056861ee78) C:\WINDOWS\system32\drivers\Partizan.sys
19:04:43.0038 5532 Partizan - ok
19:04:43.0147 5532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:04:43.0147 5532 PartMgr - ok
19:04:43.0257 5532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:04:43.0257 5532 ParVdm - ok
19:04:43.0382 5532 PCDCODEC (aa42a27232c45968f03b2fe9c0b6c111) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
19:04:43.0382 5532 PCDCODEC - ok
19:04:43.0538 5532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:04:43.0538 5532 PCI - ok
19:04:43.0882 5532 PCIDump - ok
19:04:43.0991 5532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:04:43.0991 5532 PCIIde - ok
19:04:44.0100 5532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:04:44.0116 5532 Pcmcia - ok
19:04:44.0225 5532 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
19:04:44.0225 5532 Pcouffin - ok
19:04:44.0350 5532 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
19:04:44.0350 5532 PCTBD - ok
19:04:44.0475 5532 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
19:04:44.0475 5532 PCTCore - ok
19:04:44.0616 5532 PCTDMDefrag (c37e918f22a8cd4ee999056d1d58ec01) C:\WINDOWS\system32\drivers\PCTDMDefrag.sys
19:04:44.0616 5532 PCTDMDefrag - ok
19:04:44.0725 5532 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
19:04:44.0741 5532 pctDS - ok
19:04:44.0850 5532 PCTDSMon (93e866c1cbcc80e7ba52941c39985e35) C:\WINDOWS\system32\drivers\PCTDSMon.sys
19:04:44.0850 5532 PCTDSMon - ok
19:04:44.0975 5532 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
19:04:44.0975 5532 pctEFA - ok
19:04:45.0100 5532 pctgntdi (44fd6a1042c766df69bc6ba55780019d) C:\WINDOWS\system32\drivers\pctgntdi.sys
19:04:45.0100 5532 pctgntdi - ok
19:04:45.0210 5532 pctplsg (b5d22f79943e156bf8fabf1e4888820c) C:\WINDOWS\system32\drivers\pctplsg.sys
19:04:45.0210 5532 pctplsg - ok
19:04:45.0335 5532 PCTSD (86b9af53e46d0618d230608aed82622f) C:\WINDOWS\system32\Drivers\PCTSD.sys
19:04:45.0335 5532 PCTSD - ok
19:04:45.0428 5532 PDCOMP - ok
19:04:45.0569 5532 PDFRAME - ok
19:04:45.0647 5532 PDRELI - ok
19:04:45.0725 5532 PDRFRAME - ok
19:04:45.0819 5532 perc2 - ok
19:04:45.0897 5532 perc2hib - ok
19:04:46.0038 5532 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
19:04:46.0038 5532 pnarp - ok
19:04:46.0163 5532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:04:46.0163 5532 PptpMiniport - ok
19:04:46.0288 5532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:04:46.0288 5532 PSched - ok
19:04:46.0460 5532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:04:46.0460 5532 Ptilink - ok
19:04:46.0569 5532 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
19:04:46.0569 5532 purendis - ok
19:04:46.0694 5532 PxHelp20 (fd9d44ec6d99edfa3782f870b7e00682) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:04:46.0694 5532 PxHelp20 - ok
19:04:46.0788 5532 ql1080 - ok
19:04:46.0866 5532 Ql10wnt - ok
19:04:46.0960 5532 ql12160 - ok
19:04:47.0038 5532 ql1240 - ok
19:04:47.0100 5532 ql1280 - ok
19:04:47.0210 5532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:04:47.0210 5532 RasAcd - ok
19:04:47.0335 5532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:04:47.0335 5532 Rasl2tp - ok
19:04:47.0460 5532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:04:47.0460 5532 RasPppoe - ok
19:04:47.0569 5532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:04:47.0569 5532 Raspti - ok
19:04:47.0694 5532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:04:47.0694 5532 Rdbss - ok
19:04:47.0819 5532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:04:47.0819 5532 RDPCDD - ok
19:04:47.0944 5532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:04:47.0944 5532 rdpdr - ok
19:04:48.0085 5532 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:04:48.0085 5532 RDPWD - ok
19:04:48.0210 5532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:04:48.0210 5532 redbook - ok
19:04:48.0366 5532 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
19:04:48.0366 5532 RRNetCap - ok
19:04:48.0382 5532 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
19:04:48.0382 5532 RRNetCapMP - ok
19:04:48.0507 5532 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:04:48.0507 5532 rspndr - ok
19:04:48.0741 5532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:04:48.0741 5532 Secdrv - ok
19:04:49.0116 5532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:04:49.0116 5532 serenum - ok
19:04:49.0225 5532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:04:49.0225 5532 Serial - ok
19:04:49.0350 5532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:04:49.0350 5532 Sfloppy - ok
19:04:49.0475 5532 Simbad - ok
19:04:49.0616 5532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:04:49.0616 5532 SLIP - ok
19:04:49.0741 5532 snapman (79555b34913cb5d1ea429d295c5a17ac) C:\WINDOWS\system32\DRIVERS\snapman.sys
19:04:49.0741 5532 snapman - ok
19:04:49.0835 5532 Sparrow - ok
19:04:49.0882 5532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:04:49.0897 5532 splitter - ok
19:04:50.0038 5532 sptd (090adc3d9b5730ac3b20bdd5a54e2d28) C:\WINDOWS\system32\Drivers\sptd.sys
19:04:50.0038 5532 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 090adc3d9b5730ac3b20bdd5a54e2d28
19:04:50.0038 5532 sptd ( LockedFile.Multi.Generic ) - warning
19:04:50.0038 5532 sptd - detected LockedFile.Multi.Generic (1)
19:04:50.0163 5532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:04:50.0163 5532 sr - ok
19:04:50.0319 5532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:04:50.0319 5532 Srv - ok
19:04:50.0507 5532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:04:50.0507 5532 streamip - ok
19:04:50.0647 5532 supersafer (28f0f7f8e4c9039289c80ca1385bc4b7) C:\WINDOWS\system32\drivers\supersafer.sys
19:04:50.0647 5532 supersafer - ok
19:04:50.0757 5532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:04:50.0757 5532 swenum - ok
19:04:50.0866 5532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:04:50.0866 5532 swmidi - ok
19:04:50.0960 5532 symc810 - ok
19:04:51.0007 5532 symc8xx - ok
19:04:51.0053 5532 sym_hi - ok
19:04:51.0100 5532 sym_u3 - ok
19:04:51.0178 5532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:04:51.0178 5532 sysaudio - ok
19:04:51.0303 5532 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
19:04:51.0303 5532 tbhsd - ok
19:04:51.0444 5532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:04:51.0444 5532 Tcpip - ok
19:04:51.0569 5532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:04:51.0569 5532 TDPIPE - ok
19:04:51.0678 5532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:04:51.0678 5532 TDTCP - ok
19:04:51.0788 5532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:04:51.0788 5532 TermDD - ok
19:04:51.0913 5532 tifsfilter (18f20c81f84599bf457ed640891aad99) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:04:51.0913 5532 tifsfilter - ok
19:04:52.0053 5532 timounter (7c31f485c2f8ce976280c86f3cb13d6c) C:\WINDOWS\system32\DRIVERS\timntr.sys
19:04:52.0053 5532 timounter - ok
19:04:52.0163 5532 TosIde - ok
19:04:52.0225 5532 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
19:04:52.0225 5532 TVICHW32 - ok
19:04:52.0350 5532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:04:52.0366 5532 Udfs - ok
19:04:52.0460 5532 ultra - ok
19:04:52.0569 5532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:04:52.0569 5532 Update - ok
19:04:52.0725 5532 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:04:52.0725 5532 USBAAPL - ok
19:04:52.0835 5532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:04:52.0835 5532 usbccgp - ok
19:04:52.0960 5532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:04:52.0960 5532 usbehci - ok
19:04:53.0053 5532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:04:53.0069 5532 usbhub - ok
19:04:53.0178 5532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:04:53.0178 5532 usbohci - ok
19:04:53.0288 5532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:04:53.0288 5532 usbprint - ok
19:04:53.0397 5532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:04:53.0397 5532 USBSTOR - ok
19:04:53.0522 5532 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
19:04:53.0522 5532 vaxscsi - ok
19:04:53.0632 5532 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
19:04:53.0632 5532 VClone - ok
19:04:53.0725 5532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:04:53.0725 5532 VgaSave - ok
19:04:53.0835 5532 ViaIde - ok
19:04:53.0944 5532 vmci (d02a1df2e6809fc9c2b1126fb264a3e3) C:\WINDOWS\system32\Drivers\vmci.sys
19:04:53.0944 5532 vmci - ok
19:04:54.0053 5532 vmkbd (097d71a222afae1fbe3e95a36aae32cc) C:\WINDOWS\system32\drivers\VMkbd.sys
19:04:54.0053 5532 vmkbd - ok
19:04:54.0428 5532 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
19:04:54.0428 5532 VMnetAdapter - ok
19:04:54.0538 5532 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
19:04:54.0538 5532 VMnetBridge - ok
19:04:54.0647 5532 VMnetuserif (fc7b0b68a2a4afbab81fbb8aeeda1d21) C:\WINDOWS\system32\drivers\vmnetuserif.sys
19:04:54.0647 5532 VMnetuserif - ok
19:04:54.0757 5532 VMparport (07853acc99421d5752a4205cd6298570) C:\WINDOWS\system32\Drivers\VMparport.sys
19:04:54.0757 5532 VMparport - ok
19:04:54.0866 5532 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
19:04:54.0866 5532 vmusb - ok
19:04:55.0022 5532 vmx86 (935582f833ba49b6265e66322c6fb382) C:\WINDOWS\system32\Drivers\vmx86.sys
19:04:55.0038 5532 vmx86 - ok
19:04:55.0147 5532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:04:55.0147 5532 VolSnap - ok
19:04:55.0225 5532 vstor2-ws60 (e511cfb4b43b72cf9d1497e7c5bd1534) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
19:04:55.0225 5532 vstor2-ws60 - ok
19:04:55.0366 5532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:04:55.0366 5532 Wanarp - ok
19:04:55.0460 5532 WDICA - ok
19:04:55.0522 5532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:04:55.0522 5532 wdmaud - ok
19:04:55.0710 5532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:04:55.0710 5532 WS2IFSL - ok
19:04:55.0835 5532 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
19:04:55.0835 5532 WsAudio_DeviceS(1) - ok
19:04:55.0975 5532 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
19:04:55.0975 5532 WsAudio_DeviceS(2) - ok
19:04:56.0100 5532 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
19:04:56.0100 5532 WsAudio_DeviceS(3) - ok
19:04:56.0225 5532 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
19:04:56.0225 5532 WsAudio_DeviceS(4) - ok
19:04:56.0366 5532 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
19:04:56.0366 5532 WsAudio_DeviceS(5) - ok
19:04:56.0507 5532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:04:56.0507 5532 WSTCODEC - ok
19:04:56.0569 5532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:04:56.0569 5532 \Device\Harddisk1\DR1 - ok
19:04:56.0585 5532 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
19:04:56.0725 5532 \Device\Harddisk0\DR0 - ok
19:04:56.0741 5532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
19:04:56.0741 5532 \Device\Harddisk2\DR4 - ok
19:04:56.0741 5532 Boot (0x1200) (6a49a88b5a194b4883f7c72364ba8fa2) \Device\Harddisk1\DR1\Partition0
19:04:56.0757 5532 \Device\Harddisk1\DR1\Partition0 - ok
19:04:56.0757 5532 Boot (0x1200) (2af75fd008e780901779de87fb211890) \Device\Harddisk0\DR0\Partition0
19:04:56.0757 5532 \Device\Harddisk0\DR0\Partition0 - ok
19:04:56.0772 5532 Boot (0x1200) (38cdca3378d7cd35e7d3f4cd363ff988) \Device\Harddisk2\DR4\Partition0
19:04:56.0772 5532 \Device\Harddisk2\DR4\Partition0 - ok
19:04:56.0772 5532 ============================================================
19:04:56.0772 5532 Scan finished
19:04:56.0772 5532 ============================================================
19:04:56.0803 3684 Detected object count: 1
19:04:56.0803 3684 Actual detected object count: 1
19:14:18.0319 3684 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:14:18.0319 3684 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:14:24.0210 2152 Deinitialize success

ken545
2012-01-19, 02:39
Thats fine, SPTD is your CD Rom driver, it could possibly be infected, lets check further


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Cal626
2012-01-19, 04:49
Here is the combofix.txt

ComboFix 12-01-18.04 - Admiral Turron 01/18/2012 19:54:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1264 [GMT -5:00]
Running from: c:\documents and settings\Admiral Turron\Desktop\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admiral Turron\Application Data\GoogleEarthWinProSetup.exe
c:\documents and settings\Admiral Turron\GoToAssistDownloadHelper.exe
c:\documents and settings\Admiral Turron\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\windows\kb913800.exe
c:\windows\system32\SET89.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SETA2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-17 18:51 . 2012-01-17 18:51 -------- d-----w- c:\documents and settings\Admiral Turron\Local Settings\Application Data\Temp
2012-01-17 17:43 . 2012-01-17 17:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-13 16:06 . 2012-01-13 16:06 -------- d-----w- c:\documents and settings\Admiral Turron\Application Data\Curiolab
2012-01-13 00:44 . 2012-01-13 00:44 98224 ----a-w- c:\windows\system32\drivers\36403866.sys
2012-01-13 00:44 . 2012-01-13 00:44 187776 ----a-w- c:\windows\system32\drivers\tskA.tmp
2012-01-13 00:39 . 2012-01-13 20:46 -------- d-----w- C:\TDSSKiller
2012-01-10 23:16 . 2012-01-10 23:16 -------- d-----w- c:\program files\ERUNT
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-12-24 00:55 . 2011-12-24 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\WePrint
2011-12-22 20:25 . 2012-01-09 01:56 -------- d-----w- c:\documents and settings\Administrator
2011-12-22 01:33 . 2011-12-22 00:01 1915791 ----a-w- C:\weprintwin23.exe
2011-12-22 01:31 . 2011-12-22 00:08 66048 ----a-w- c:\documents and settings\Admiral Turron\Application Data\WePrintCleanAfterBoot.exe
2011-12-22 00:08 . 2011-12-27 02:36 -------- d-----w- c:\program files\WePrint
2011-12-20 23:05 . 2011-12-20 23:05 -------- d-----w- c:\documents and settings\Admiral Turron\Application Data\PCTools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 18:59 . 2010-09-11 04:40 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2010-09-11 04:40 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2010-09-11 04:40 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2010-09-11 04:40 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-11-27 01:28 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2010-09-11 04:41 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-12 00:19 . 2011-12-10 04:33 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-12-07 01:02 . 2011-07-27 01:47 119767706 ----a-w- c:\documents and settings\Admiral Turron\Application Data\hkey_local_machine.reg
2011-12-02 00:11 . 2011-10-14 02:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-27 03:38 . 2011-11-27 03:38 3511776 ----a-w- C:\ccsetup312.exe
2011-11-23 13:25 . 2007-02-03 17:11 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 00:43 . 2011-12-10 04:33 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 00:42 . 2011-12-10 04:33 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-23 00:41 . 2011-12-11 23:14 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-11-23 00:38 . 2011-12-10 04:33 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-14 21:07 . 2011-12-11 23:15 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-14 21:07 . 2011-12-11 23:15 2246608 ----a-w- c:\windows\PCTBDCore.dll
2011-11-14 21:07 . 2011-12-11 23:15 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-14 21:06 . 2011-12-11 23:15 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-14 20:12 . 2011-12-10 04:33 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-14 20:12 . 2011-12-10 04:33 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-04 19:20 . 2007-02-03 17:11 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-04 03:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2007-02-03 16:53 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 05:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 23:47 . 2011-12-11 16:14 128120 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
2011-10-25 23:47 . 2011-12-11 16:14 108864 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
2011-10-25 23:46 . 2011-12-11 16:14 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-10-25 13:33 . 2007-02-03 16:52 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2006-10-30 03:27 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-09-19 84528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nForce Tray Options"="sstray.exe" [2003-12-17 73728]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-10-20 53248]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-10-20 57344]
"DynSite"="c:\program files\Noel Danjou\DynSite\DynSite.exe" [2007-05-24 1396080]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 335872]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-02-15 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\Admiral Turron\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2011-12-21 2401280]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2010-05-21 00:11 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 21:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 20:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-13 11:16 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"McAfeeEngineService"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hummingbird\\Connectivity\\10.00\\Exceed\\exceed.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\SSH Communications Security\\SSH Secure Shell\\SshClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Acronis\\TrueImageConsole\\TrueImageRemoteConsole.exe"=
"c:\\Program Files\\MSI\\Live Update 5\\LU5.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Admiral Turron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/9/2011 11:33 PM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/9/2011 11:33 PM 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/9/2011 11:33 PM 660992]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/17/2008 2:54 PM 611064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 494816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/10/2010 11:40 PM 31704]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [12/2/2010 10:40 AM 34592]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/9/2011 11:33 PM 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [12/9/2011 11:33 PM 185560]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12/11/2011 6:15 PM 546768]
R2 MSSQL$RECOVERYMANAGER;MSSQL$RECOVERYMANAGER;c:\program files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlservr.exe -sRECOVERYMANAGER --> c:\program files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlservr.exe -sRECOVERYMANAGER [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/11/2011 11:14 AM 793056]
R2 RMFilestore;Recovery Manager Data Store;c:\program files\Winternals\Recovery Manager\FileStore.exe [4/11/2006 11:22 PM 854528]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [7/26/2011 8:37 PM 354176]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/18/2008 11:12 PM 54960]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/16/2009 10:17 PM 47360]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [12/11/2011 6:15 PM 56840]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [12/21/2009 2:34 PM 31848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/11/2011 10:13 PM 136176]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [12/11/2011 11:14 AM 1038304]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [12/11/2011 11:14 AM 1030112]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/8/2011 1:50 PM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/11/2011 10:13 PM 136176]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [7/9/2011 8:59 PM 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [7/9/2011 8:59 PM 7680]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2/11/2009 12:52 PM 34760]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [12/11/2011 11:14 AM 108864]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [12/11/2011 11:14 AM 128120]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/9/2011 11:33 PM 70536]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [12/21/2009 2:34 PM 31848]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/9/2011 11:33 PM 402336]
S3 SQLAgent$RECOVERYMANAGER;SQLAgent$RECOVERYMANAGER;c:\program files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlagent.EXE -i RECOVERYMANAGER --> c:\program files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlagent.EXE -i RECOVERYMANAGER [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [8/17/2008 3:08 PM 223128]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [4/11/2010 4:14 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [4/11/2010 4:15 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [4/11/2010 4:16 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [4/11/2010 4:17 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [4/11/2010 4:18 PM 25704]
S4 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10369355
*NewlyCreated* - ASWMBR
*Deregistered* - 10369355
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-12 03:13]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-12 03:13]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-839522115-1003Core.job
- c:\documents and settings\Admiral Turron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-06 22:28]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-839522115-1003UA.job
- c:\documents and settings\Admiral Turron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-06 22:28]
.
2011-06-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
2012-01-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-764733703-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-764733703-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.smith.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: intuit.com\ttlc
Trusted Zone: msi.com\www
Trusted Zone: smith.edu\stod-kvm-a
Trusted Zone: spybot.info\forums
TCP: Interfaces\{446EA4A1-BEC5-47D1-A446-582624668906}: NameServer = 68.87.71.230,68.87.73.246
TCP: Interfaces\{EEB7000A-24A5-4EDC-9B71-8D35124DE109}: NameServer = 68.87.71.230,68.87.73.246
FF - ProfilePath - c:\documents and settings\Admiral Turron\Application Data\Mozilla\Firefox\Profiles\c8qz2hea.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.smith.edu
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Admiral Turron\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-78499283.sys
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-18 20:12
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\tskA.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'winlogon.exe'(2948)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1096)
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'csrss.exe'(1012)
c:\windows\system32\cmdcsr.dll
.
- - - - - - - > 'csrss.exe'(3456)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-01-18 20:21:30
ComboFix-quarantined-files.txt 2012-01-19 01:21
.
Pre-Run: 78,415,294,464 bytes free
Post-Run: 79,005,110,272 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - CAC533329BB0AF00517EB57957EFB350

ken545
2012-01-19, 11:11
Combofix logs take time to go over, in the meantime run this scanner please

Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Please Run this program only once
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

Cal626
2012-01-19, 12:55
Here is CKFiles.txt..

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\ssh communications security\ssh secure shell\ssh-keygen2.exe
c:\program files\winternals\recovery manager\authkeygen.exe
scanner sequence 3.LB.11.SUNASE
----- EOF -----

ken545
2012-01-19, 13:59
Looks like this program is illegal

c:\program files\winternals\recovery manager


It also looks like this is a company computer

Cal626
2012-01-19, 17:48
This is my personal PC at home. I use it sometimes to work from home via VPN. As for c:\program files\winternals\recovery manager, this was installed a long time ago, maybe years. I don't remember ever using it though. Why is it illegal?

ken545
2012-01-19, 19:24
Well, I could be wrong but it looks like its some sort of key generator.

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Cal626
2012-01-19, 21:58
Ok, here is the log. Re-booted system.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admiral Turron :: antec [administrator]

Protection: Enabled

1/19/2012 2:27:25 PM
mbam-log-2012-01-19 (14-27-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195142
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\drivers\acpi.sys (Virus.RLoader) -> Quarantined and deleted successfully.

(end)

ken545
2012-01-19, 23:20
How is your system running now, any better ? Any browser redirects ?


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Cal626
2012-01-20, 21:56
Yes, my computer is running faster. The results of the online scan...

C:\Documents and Settings\All Users\Application Data\rrexvahnjbxu\spoof.avi Win32/Agent.SWD trojan

ken545
2012-01-20, 22:33
Go ahead and delete this

C:\Documents and Settings\All Users\Application Data\rrexvahnjbxu

Give me an update as to how all is working ?

Cal626
2012-01-21, 01:17
All is working well and I have deleted the directory. Should I now delete all the things I downloaded to my desktop? I will also turn on my anti-virus software "PC Tools Spyware Doctor with AntiVirus" if it is okay.

ken545
2012-01-21, 02:18
:bigthumb:


Now to remove most of the tools that we have used in fixing your machine:
Make sure you have an Internet Connection.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
A list of tool components used in the cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.





Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Cal626
2012-01-21, 15:39
Hi,

I have removed all of the tools from my PC. But when I run a full scan with my anti-virus software it still finds a high risk threat called "Rootkit TDSS.v2".

Do you think it is a problem with my anti-virus software? My PC is running fine.

ken545
2012-01-21, 16:19
That appears to be a false positive from what I am reading,

Let me see a new DDS log and extra log it produces also

Download DDS from one of the links below to your desktop

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)


Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)

Cal626
2012-01-21, 17:56
Here is dds.txt, attached.txt is attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_16
Run by Admiral Turron at 10:43:54 on 2012-01-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.989 [GMT -5:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$RECOVERYMANAGER\Binn\sqlservr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
svchost.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Noel Danjou\DynSite\DynSite.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WePrint\WePrint Server.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smith.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - Updater For XFIN_PORTAL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nForce Tray Options] sstray.exe /r
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [DynSite] "c:\program files\noel danjou\dynsite\DynSite.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [ClocX] c:\program files\clocx\ClocX.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
StartupFolder: c:\docume~1\admira~1\startm~1\programs\startup\weprint server.lnk - c:\program files\weprint\WePrint Server.exe
uPolicies-explorer: NoInstrumentation = 1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: intuit.com\ttlc
Trusted Zone: msi.com\www
Trusted Zone: smith.edu\stod-kvm-a
Trusted Zone: spybot.info\forums
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218942204500
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218942194859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.smith.edu/dana-cached/setup/JuniperSetupSP1.cab
TCP: Interfaces\{446EA4A1-BEC5-47D1-A446-582624668906} : NameServer = 68.87.71.230,68.87.73.246
TCP: Interfaces\{97C302CB-1334-4BF2-8F91-80D138F03607} : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{EEB7000A-24A5-4EDC-9B71-8D35124DE109} : NameServer = 68.87.71.230,68.87.73.246
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AutorunsDisabled - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admiral turron\application data\mozilla\firefox\profiles\c8qz2hea.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.smith.edu
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\admiral turron\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-12-9 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-9 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-9 660992]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 494816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 31704]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2010-12-2 34592]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-12-9 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-12-9 185560]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-12-11 546768]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1960584]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-14 12672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-19 652872]
R2 MSSQL$RECOVERYMANAGER;MSSQL$RECOVERYMANAGER;c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlservr.exe -srecoverymanager --> c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlservr.exe -sRECOVERYMANAGER [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-12-11 793056]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-12-9 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-12-9 1117624]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2011-7-26 354176]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-18 54960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-19 20464]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-12-11 56840]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-12-9 70536]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 31848]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\pc tools\pc tools utilities\tools\defrag\DMDefragSrv.exe [2011-12-11 1038304]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\pc tools\pc tools utilities\tools\repair\DMRepairSrv.exe [2011-12-11 1030112]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\msi\live update 4\lu4\flashsys.sys --> c:\program files\msi\live update 4\lu4\FLASHSYS.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-1-8 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\msi\live update 5\msibios32_100507.sys [2011-7-9 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\live update 5\NTIOLib.sys [2011-7-9 7680]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-11 34760]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-12-11 108864]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-12-11 128120]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 31848]
S3 SQLAgent$RECOVERYMANAGER;SQLAgent$RECOVERYMANAGER;c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlagent.exe -i recoverymanager --> c:\program files\microsoft sql server\mssql$recoverymanager\binn\sqlagent.EXE -i RECOVERYMANAGER [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2008-8-17 223128]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-4-11 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-4-11 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-4-11 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-4-11 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-4-11 25704]
S4 atitray;atitray;\??\c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [?]
.
=============== Created Last 30 ================
.
2012-01-19 19:24:58 -------- d-----w- c:\documents and settings\admiral turron\application data\Malwarebytes
2012-01-19 19:24:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-19 19:24:31 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-19 19:24:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-19 00:51:26 -------- d-sha-r- C:\cmdcons
2012-01-17 18:51:58 -------- d-----w- c:\documents and settings\admiral turron\local settings\application data\Temp
2012-01-13 20:48:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-13 16:06:11 -------- d-----w- c:\documents and settings\admiral turron\application data\Curiolab
2012-01-13 00:44:04 98224 ----a-w- c:\windows\system32\drivers\36403866.sys
2012-01-13 00:44:04 187776 ----a-w- c:\windows\system32\drivers\tskA.tmp
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-12-24 00:55:53 -------- d-----w- c:\documents and settings\all users\application data\WePrint
.
==================== Find3M ====================
.
2011-12-22 00:08:15 66048 ----a-w- c:\documents and settings\admiral turron\application data\WePrintCleanAfterBoot.exe
2011-12-22 00:01:47 1915791 ----a-w- C:\weprintwin23.exe
2011-12-19 18:59:21 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59:20 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59:19 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58:56 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58:55 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-12 00:19:49 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-12-07 01:02:56 119767706 ----a-w- c:\documents and settings\admiral turron\application data\hkey_local_machine.reg
2011-12-02 00:11:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-27 03:38:20 3511776 ----a-w- C:\ccsetup312.exe
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 00:43:02 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 00:42:40 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-23 00:41:28 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-11-23 00:38:04 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-14 21:07:06 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-14 21:07:04 2246608 ----a-w- c:\windows\PCTBDCore.dll
2011-11-14 21:07:04 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-14 21:06:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-14 20:12:26 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-14 20:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 23:47:32 128120 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
2011-10-25 23:47:26 108864 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
2011-10-25 23:46:40 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 10:49:24.06 ===============

ken545
2012-01-21, 18:29
You need to update your Java, older versions leave holes for this garbage to sneak in.

Go to the Control Panel > Java > Update Tab and have it check for new updates, download and install them.



You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again

c:\windows\system32\drivers\36403866.sys
c:\windows\system32\drivers\tskA.tmp


If the site is busy you can try this one
http://virusscan.jotti.org/en

Cal626
2012-01-21, 20:40
Okay, Updated Java nad removed old versions. n the Virustotal scan, the web page show the results but there is no send option. I used File > send > page via email, to get the output emailed to me, then copied to this post.
Is there a better way to do this?

The first file....


SHA256: 88e157221bcbc2c78d3a893149e75775c5b86a8dfb79f22911fe6a482a43730f
SHA1: c0183b03e434770e519c437ec84f0e866b22c1b4
MD5: 21617ffff50abf580174ae9dac968d9f
File size: 95.9 KB ( 98224 bytes )
File type: Win32 EXE
Tags: SIGNED
Detection ratio: 0 / 43
Analysis date: 2012-01-21 18:19:19 UTC ( 7 minutes ago )
Antivirus Result Update
nProtect - 20120121
CAT-QuickHeal - 20120121
McAfee - 20120121
TheHacker - 20120120
K7AntiVirus - 20120120
VirusBuster - 20120120
NOD32 - 20120121
F-Prot - 20120120
Symantec - 20120121
Norman - 20120121
ByteHero - 20120111
TrendMicro-HouseCall - 20120121
Avast - 20120121
eSafe - 20120120
ClamAV - 20120121
Kaspersky - 20120121
BitDefender - 20120121
SUPERAntiSpyware - 20120121
Sophos - 20120121
Comodo - 20120121
F-Secure - 20120121
DrWeb - 20120121
VIPRE - 20120121
AntiVir - 20120120
TrendMicro - 20120121
McAfee-GW-Edition - 20120120
Emsisoft - 20120121
eTrust-Vet - 20120121
Jiangmin - 20120121
Antiy-AVL - 20120120
Microsoft - 20120121
ViRobot - 20120121
Prevx - 20120121
GData - 20120121
Commtouch - 20120120
AhnLab-V3 - 20120121
VBA32 - 20120120
PCTools - 20120121
Rising - 20120118
Ikarus - 20120121
Fortinet - 20120121
AVG - 20120121
Panda - 20120121
• Comments
• Additional information
More comments
Leave your comment...
?
Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community

ssdeep file piecewise hash
768:dmo/syv4DTmNMNVa/wVTqmNN8dKX4aWfu2c9Fe9GgLa1kDxPPtPZE7vshkd3iKm9:ZMnxEwpYZmALamDxPFPZEohkddmA0ao7
TrID file type information
Win32 Executable Generic (51.1%)
Win16/32 Executable Delphi generic (12.4%)
Clipper DOS Executable (12.1%)
Generic Win/DOS Executable (12.0%)
DOS Executable Generic (12.0%)
ExifTool file metadata
UninitializedDataSize....: 0
InitializedDataSize......: 19712
ImageVersion.............: 6.0
ProductName..............: Kaspersky Lab Mini Driver
FileVersionNumber........: 2.7.0.0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
FileDescription..........: Kaspersky Lab Mini Driver
CharacterSet.............: Unicode
LinkerVersion............: 8.0
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Native
FileVersion..............: 2.7.0.0 built by: WinDDK
TimeStamp................: 2012:01:10 06:12:08+01:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: klmd.sys
ProductVersion...........: 2.7.0.0
SubsystemVersion.........: 5.0
OSVersion................: 6.0
OriginalFilename.........: klmd.sys
LegalCopyright...........: Copyright (c) Kaspersky Lab, GERT
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Kaspersky Lab, GERT
CodeSize.................: 68736
FileSubtype..............: 7
ProductVersionNumber.....: 2.7.0.0
EntryPoint...............: 0x13a61
ObjectFileType...........: Driver
Sigcheck digital signature information
publisher................: Kaspersky Lab, GERT
product..................: Kaspersky Lab Mini Driver
internal name............: klmd.sys
copyright................: Copyright (c) Kaspersky Lab, GERT
original name............: klmd.sys
signing date.............: 6:12 AM 1/10/2012
signers..................: Kaspersky Lab
VeriSign Class 3 Code Signing 2010 CA
VeriSign Class 3 Public Primary Certification Authority - G5
file version.............: 2.7.0.0 built by: WinDDK
description..............: Kaspersky Lab Mini Driver
Portable Executable structural information
Compilation timedatestamp.....: 2012-01-10 05:12:08
Target machine................: 332
Entry point address...........: 0x00013A61

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 1280 42170 42240 6.43 5dbe02ec7106b1d1d01911c38d406363
.rdata 43520 11388 11392 6.24 0cbe51e835c2efcac49f46fd771e8f02
.data 54912 2760 2816 0.23 65fbb818c446028198ad3f6073802dbe
PAGECODE 57728 21550 21632 6.34 0ce1672eefba16c80ec9adf8ab26ca5c
PAGE 79360 930 1024 5.64 6c6ce0738dfde90945c576a92e24fcc6
INIT 80384 3728 3840 5.53 fea26a3f383ea265fca760ebeaac4e93
.rsrc 84224 920 1024 3.07 efef67658b51325c2f07840c05aacd3b
.reloc 85248 4356 4480 5.92 4c785d348961cbf93c483b4246c90143

PE Imports....................:

HAL.dll
KfAcquireSpinLock, KeGetCurrentIrql, KeRaiseIrqlToDpcLevel, KfLowerIrql, KfRaiseIrql, KeQueryPerformanceCounter, KfReleaseSpinLock

ntoskrnl.exe
IoAllocateWorkItem, IoDriverObjectType, ObfDereferenceObject, IoGetDeviceObjectPointer, ZwClose, ZwSetValueKey, ZwOpenKey, MmIsAddressValid, memcpy, memset, ProbeForRead, RtlInitUnicodeString, ProbeForWrite, KeGetCurrentThread, IoDeleteDevice, IoUnregisterShutdownNotification, IoDeleteSymbolicLink, PsGetCurrentThreadId, PsGetCurrentProcessId, IoRegisterDriverReinitialization, IoRegisterBootDriverReinitialization, IoRegisterLastChanceShutdownNotification, IoCreateSymbolicLink, IoCreateDevice, DbgPrint, KeTickCount, KeBugCheckEx, RtlUnwind, RtlAnsiCharToUnicodeChar, ExAcquireResourceExclusiveLite, KeLeaveCriticalRegion, KeEnterCriticalRegion, ExReleaseResourceLite, RtlRandom, ExDeleteResourceLite, ExInitializeResourceLite, ZwCreateKey, ZwDeleteValueKey, ZwEnumerateValueKey, RtlCompareMemory, ZwReadFile, ZwMapViewOfSection, RtlAppendUnicodeToString, IoCreateFile, KeUnstackDetachProcess, ZwSetInformationFile, ZwQueryValueKey, ZwUnmapViewOfSection, RtlPrefixUnicodeString, PsInitialSystemProcess, RtlCopyUnicodeString, ZwCreateSection, ZwQueryInformationFile, ZwWriteFile, ZwDeleteKey, KeStackAttachProcess, ZwEnumerateKey, RtlCompareUnicodeString, IoGetRelatedDeviceObject, ExAllocatePoolWithTag, ObReferenceObjectByHandle, ZwSetSecurityObject, ObOpenObjectByPointer, IoFreeMdl, MmProbeAndLockPages, MmUnlockPages, IoAllocateMdl, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ZwQuerySystemInformation, RtlFreeUnicodeString, ExAcquireResourceSharedLite, KeClearEvent, memmove, IoRegisterPlugPlayNotification, KeSetEvent, KeInitializeEvent, KeDelayExecutionThread, KefAcquireSpinLockAtDpcLevel, IoUnregisterPlugPlayNotification, KeWaitForSingleObject, IoFreeIrp, IoAllocateIrp, IoGetDeviceInterfaces, ObfReferenceObject, KefReleaseSpinLockFromDpcLevel, ExInterlockedPopEntrySList, IofCallDriver, RtlEqualUnicodeString, RtlGetElementGenericTable, RtlDeleteElementGenericTable, RtlLookupElementGenericTable, RtlIsGenericTableEmpty, RtlInitializeGenericTable, RtlInsertElementGenericTable, RtlAppendUnicodeStringToString, NtBuildNumber, ObQueryNameString, MmMapLockedPagesSpecifyCache, ZwOpenFile, KeSetImportanceDpc, KeSetTargetProcessorDpc, KeInitializeDpc, KeInsertQueueDpc, KeNumberProcessors, IoBuildSynchronousFsdRequest, RtlUnicodeStringToInteger, IoBuildDeviceIoControlRequest, RtlUpcaseUnicodeString, FsRtlIsNameInExpression, ZwOpenDirectoryObject, _purecall, toupper, towupper, IoQueueWorkItem, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, IofCompleteRequest, IoFreeWorkItem, ExFreePoolWithTag, IoFileObjectType, MmGetSystemRoutineAddress, _allmul
First seen by VirusTotal
2012-01-10 12:13:13 UTC ( 1 week, 4 days ago )
Last seen by VirusTotal
2012-01-21 18:19:19 UTC ( 7 minutes ago )
File names (max. 25)
1. C:\WINDOWS\system32\drivers\36403866.sys
2. C:\WINDOWS\system32\drivers\36403866.sys
3. AF56E78EB00A8A597F0301527789A90035A0B4DB.sys
4. D:\sav\BestiaMadre\queues\webroot\tmp_zip2\DPYRAEELRT-743.pms.sys.SVD


For the second file I used cut/paste as it looked like the additional stuff was not needed....

SHA256: 594f8e0c3695400b0c09a797af6bdfac6f750ecd67d0ee803914c572b1dcc43c
SHA1: faf1ae66cc016dd7281a1fca53be841b6b611106
MD5: 8fd99680a539792a30e97944fdaecf17
File size: 183.4 KB ( 187776 bytes )
File type: Win32 EXE
Detection ratio: 0 / 43
Analysis date: 2012-01-21 18:34:47 UTC ( 1 minute ago )

10
Antivirus Result Update
AhnLab-V3 - 20120121
AntiVir - 20120120
Antiy-AVL - 20120120
Avast - 20120121
AVG - 20120121
BitDefender - 20120121
ByteHero - 20120111
CAT-QuickHeal - 20120121
ClamAV - 20120121
Commtouch - 20120120
Comodo - 20120121
DrWeb - 20120121
Emsisoft - 20120121
eSafe - 20120120
eTrust-Vet - 20120121
F-Prot - 20120120
F-Secure - 20120121
Fortinet - 20120121
GData - 20120121
Ikarus - 20120121
Jiangmin - 20120121
K7AntiVirus - 20120120
Kaspersky - 20120121
McAfee - 20120121
McAfee-GW-Edition - 20120120
Microsoft - 20120121
NOD32 - 20120121
Norman - 20120121
nProtect - 20120121
Panda - 20120121
PCTools - 20120121
Prevx - 20120121
Rising - 20120118
Sophos - 20120121
SUPERAntiSpyware - 20120121
Symantec - 20120121
TheHacker - 20120120
TrendMicro - 20120121
TrendMicro-HouseCall - 20120121
VBA32 - 20120120
VIPRE - 20120121
ViRobot - 20120121
VirusBuster - 20120120

ken545
2012-01-21, 21:55
Been using VT and Jotti for many years but have never had to use it personally, your correct, there is no option to save a report, there used to be, the site may have changed.

Both of those files appear to be ok

Cal626
2012-01-21, 22:07
Ok, thanks you for your help. I will contact the PC Tools folk and ask them about the false positive. They took my money for the software, lets see how much help I get. Again, thank you.

ken545
2012-01-21, 22:11
You can give this a read

http://www.pctools.com/forum/showthread.php?69437-Rootkit.TDSS.v3