Jump to content

Another Ping.exe problem I think


Recommended Posts

It started with the fake Antivirus 2012 I think. I cleaned that up, but still have browser crashing issues and Ping showing up in my process list. I updated my Flash, Java, and FIrefox. Ran Malwarebytes and TrendMico yesterday they both found stuff and cleaned it up but I'm still having issues this morning.

I ran DDS and here's what I got.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30

Run by sigma_lf at 9:38:01 on 2011-12-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1229 [GMT -5:00]

.

AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {FB12AA39-B46B-463E-BC99-D3EDB06FF1E9}

FW: Trend Micro Personal Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\HP Web Jetadmin\hpwebjetd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Common Files\Materialise\LicenseFiles\LicSrv50.exe

C:\Program Files\Common Files\Materialise\LicenseFiles\LicSrv52.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP Web Jetadmin\hpwebjetd.exe

C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe

C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe

C:\WINDOWS\Dell\PanelMgr\SSMMgr.exe

C:\WINDOWS\TWAIN_32\Dell\Dell2335\Scan2Pc.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\System32\ping.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.dell.com

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [CnwiDeviceAgent] c:\program files\canon\garostatusmonitor\cnwida.exe

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow

mRun: [OE] c:\program files\trend micro\client server security agent\tmas_oe\TMAS_OEMon.exe

mRun: [solidWorks_CheckForUpdates] "c:\program files\common files\solidworks installation manager\scheduler\sldIMScheduler.exe" /scheduler

mRun: [Dell PanelMgr] c:\windows\dell\panelmgr\SSMMgr.exe /autorun

mRun: [2335dn Scan2PC] "c:\windows\twain_32\dell\dell2335\Scan2Pc.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe

dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\garost~1.lnk - c:\program files\canon\garostatusmonitor\cnwism.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\solidw~1.lnk - c:\program files\solidworks2005\swscheduler\swBOEngine.exe

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: RedEyeQuote - hxxps://www.redeyerpm.com/RedEyeQuote.cab

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://server:4343/officescan/console/ClientInstall/WinNTChk.cab

DPF: {03290DF3-5034-11D0-BC8C-524153480000} - hxxps://www.dpt-fast.com/stlview/astlview2005.dpt

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://server:4343/officescan/console/ClientInstall/setup.cab

DPF: {13EC470D-6583-42A3-B07D-648F70BC5CA0} - hxxp://extranet.protomold.net/ProtoView/current/setup.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1C36B926-2E36-4979-8949-ACE9081ED560} - hxxp://www.imshome.com/MDrivePartsBuilder/MDrivePartSelect.CAB

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab

DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} - hxxp://www.catalogds.com/dtd/pvcadview.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/201254bd666aa2a1bb16/netzip/RdxIE601.cab

DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://71.250.234.187:85/ActiveView.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {9BBB3919-F518-4D06-8209-299FC243FC2A} - hxxps://server:4343/SMB/console/html/root/AtxEnc.cab

DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/pages/services/subscription/downloads/sldimdownload.cab

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxps://quickquotes.quickparts.com/References/XUpload.ocx

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

TCP: Interfaces\{24C690BC-EBA4-47F3-A674-A76E9617C2CA} : NameServer = 10.34.0.155,10.34.0.156,75.250.0.12

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: OGPDFLoader.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sigma_lf.sigmadesign\application data\mozilla\firefox\profiles\r21hoqbd.default\

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll

FF - plugin: c:\program files\protomold\protoview\npProtoView.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2003-2-10 114688]

R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [2002-12-18 36064]

R2 bh560eth;Blackhawk 560 Ethernet JTAG Emulator Driver;c:\windows\system32\drivers\bh560eth.sys [2011-8-5 97776]

R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [2011-8-5 234140]

R2 HPWebJetadmin;HP Web Jetadmin;c:\program files\hp web jetadmin\hpwebjetd.exe [2004-5-20 20480]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-4 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-6 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-6 47640]

R2 MatLocalLicenceServer50;Materialise Local License Server 5.0;c:\program files\common files\materialise\licensefiles\LicSrv50.exe [2010-3-16 36864]

R2 MatLocalLicenceServer52;Materialise Local License Server 5.2;c:\program files\common files\materialise\licensefiles\LicSrv52.exe [2010-3-16 475136]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-10 227184]

R2 sdiont;sdiont;c:\windows\system32\drivers\sdiont.sys [2011-8-5 4576]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2008-11-26 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2008-11-26 36624]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-8 24652]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-12-1 44416]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-7-21 334352]

R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2008-11-5 492888]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2008-11-5 677128]

S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-6 50192]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks (2)\swscheduler\DTSCoordinatorService.exe [2010-6-15 87336]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2011-12-15 42752]

S3 XDS560;Texas Instruments XDS560 Device Driver;c:\windows\system32\drivers\xds560.sys [2011-8-5 31472]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2011-12-15 14:44:51 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys

2011-12-15 14:44:51 15616 ----a-w- c:\windows\system32\mot_ci.dll

2011-12-09 18:19:46 -------- d--h--w- c:\windows\PIF

2011-12-09 14:37:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-01 14:33:49 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-12-01 14:33:18 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2011-12-01 14:32:58 44416 ----a-w- c:\windows\system32\drivers\dc3d.sys

2011-12-01 14:32:58 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2011-12-01 14:32:28 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2011-12-01 14:32:00 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-12-01 14:32:00 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2011-12-01 14:31:56 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-12-01 14:31:56 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

.

==================== Find3M ====================

.

2011-12-21 16:39:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-19 14:00:50 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-12-19 14:00:50 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-12-19 14:00:48 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-12-19 14:00:48 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-10 13:03:16 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-10-10 13:03:11 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 9:39:38.24 ===============

attach.txt

Link to post
Share on other sites

It ran successfully. Here is the Log.

12:50:19.0187 5376 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27

12:50:19.0562 5376 ============================================================

12:50:19.0562 5376 Current date / time: 2011/12/22 12:50:19.0562

12:50:19.0562 5376 SystemInfo:

12:50:19.0562 5376

12:50:19.0562 5376 OS Version: 5.1.2600 ServicePack: 3.0

12:50:19.0562 5376 Product type: Workstation

12:50:19.0562 5376 ComputerName: SIGMA-LF

12:50:19.0562 5376 UserName: sigma_lf

12:50:19.0562 5376 Windows directory: C:\WINDOWS

12:50:19.0562 5376 System windows directory: C:\WINDOWS

12:50:19.0562 5376 Processor architecture: Intel x86

12:50:19.0562 5376 Number of processors: 2

12:50:19.0562 5376 Page size: 0x1000

12:50:19.0562 5376 Boot type: Normal boot

12:50:19.0562 5376 ============================================================

12:50:20.0734 5376 Initialize success

12:50:27.0515 4024 ============================================================

12:50:27.0515 4024 Scan started

12:50:27.0515 4024 Mode: Manual; SigCheck; TDLFS;

12:50:27.0515 4024 ============================================================

12:50:29.0406 4024 Abiosdsk - ok

12:50:29.0593 4024 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

12:50:31.0140 4024 abp480n5 - ok

12:50:31.0249 4024 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:50:31.0531 4024 ACPI - ok

12:50:31.0656 4024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:50:31.0890 4024 ACPIEC - ok

12:50:32.0015 4024 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

12:50:32.0296 4024 adpu160m - ok

12:50:32.0406 4024 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

12:50:32.0499 4024 aeaudio - ok

12:50:32.0609 4024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:50:32.0890 4024 aec - ok

12:50:32.0999 4024 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

12:50:33.0109 4024 AFD - ok

12:50:33.0218 4024 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys

12:50:33.0499 4024 agp440 - ok

12:50:33.0609 4024 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

12:50:33.0874 4024 agpCPQ - ok

12:50:33.0999 4024 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

12:50:34.0140 4024 Aha154x - ok

12:50:34.0249 4024 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

12:50:34.0499 4024 aic78u2 - ok

12:50:34.0624 4024 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

12:50:34.0890 4024 aic78xx - ok

12:50:35.0015 4024 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

12:50:35.0265 4024 AliIde - ok

12:50:35.0390 4024 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

12:50:35.0640 4024 alim1541 - ok

12:50:35.0781 4024 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

12:50:36.0046 4024 amdagp - ok

12:50:36.0171 4024 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

12:50:36.0312 4024 amsint - ok

12:50:36.0437 4024 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

12:50:36.0687 4024 asc - ok

12:50:36.0812 4024 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

12:50:36.0953 4024 asc3350p - ok

12:50:37.0078 4024 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

12:50:37.0328 4024 asc3550 - ok

12:50:37.0453 4024 AsfAlrt (e301dd2b6cced65e0537ceaee8f954b6) C:\WINDOWS\System32\drivers\AsfAlrt.sys

12:50:37.0515 4024 AsfAlrt ( UnsignedFile.Multi.Generic ) - warning

12:50:37.0515 4024 AsfAlrt - detected UnsignedFile.Multi.Generic (1)

12:50:37.0640 4024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:50:37.0906 4024 AsyncMac - ok

12:50:38.0031 4024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:50:38.0249 4024 atapi - ok

12:50:38.0343 4024 Atdisk - ok

12:50:38.0421 4024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:50:38.0687 4024 Atmarpc - ok

12:50:38.0796 4024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:50:39.0046 4024 audstub - ok

12:50:39.0171 4024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:50:39.0421 4024 Beep - ok

12:50:39.0515 4024 bh560eth (5a24d15648abf9036b8a4480b4f30cae) C:\WINDOWS\system32\Drivers\bh560eth.sys

12:50:40.0140 4024 bh560eth - ok

12:50:40.0265 4024 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

12:50:40.0515 4024 cbidf - ok

12:50:40.0624 4024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:50:40.0843 4024 cbidf2k - ok

12:50:40.0953 4024 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

12:50:41.0093 4024 cd20xrnt - ok

12:50:41.0218 4024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:50:41.0453 4024 Cdaudio - ok

12:50:41.0562 4024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:50:41.0828 4024 Cdfs - ok

12:50:41.0937 4024 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

12:50:42.0015 4024 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning

12:50:42.0015 4024 Cdr4_xp - detected UnsignedFile.Multi.Generic (1)

12:50:42.0124 4024 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys

12:50:42.0203 4024 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning

12:50:42.0203 4024 Cdralw2k - detected UnsignedFile.Multi.Generic (1)

12:50:42.0312 4024 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:50:42.0562 4024 Cdrom - ok

12:50:42.0890 4024 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys

12:50:43.0281 4024 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning

12:50:43.0281 4024 cdudf_xp - detected UnsignedFile.Multi.Generic (1)

12:50:43.0374 4024 Changer - ok

12:50:43.0468 4024 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

12:50:43.0703 4024 CmdIde - ok

12:50:43.0843 4024 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

12:50:44.0093 4024 Cpqarray - ok

12:50:44.0218 4024 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

12:50:44.0499 4024 dac2w2k - ok

12:50:44.0624 4024 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

12:50:44.0890 4024 dac960nt - ok

12:50:44.0984 4024 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\WINDOWS\system32\DRIVERS\dc3d.sys

12:50:45.0031 4024 dc3d - ok

12:50:45.0125 4024 DgiVecp - ok

12:50:45.0218 4024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:50:45.0453 4024 Disk - ok

12:50:45.0578 4024 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:50:45.0937 4024 dmboot - ok

12:50:46.0046 4024 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:50:46.0296 4024 dmio - ok

12:50:46.0406 4024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:50:46.0656 4024 dmload - ok

12:50:46.0875 4024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:50:47.0125 4024 DMusic - ok

12:50:47.0234 4024 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

12:50:47.0484 4024 dpti2o - ok

12:50:47.0609 4024 DriverX (d27a3a309da2f9122b64b556a9a2cc71) C:\WINDOWS\System32\Drivers\driverx.sys

12:50:47.0671 4024 DriverX ( UnsignedFile.Multi.Generic ) - warning

12:50:47.0671 4024 DriverX - detected UnsignedFile.Multi.Generic (1)

12:50:47.0781 4024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:50:48.0015 4024 drmkaud - ok

12:50:48.0125 4024 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys

12:50:48.0203 4024 dvd_2K ( UnsignedFile.Multi.Generic ) - warning

12:50:48.0203 4024 dvd_2K - detected UnsignedFile.Multi.Generic (1)

12:50:48.0312 4024 E1000 (a97b4360acc61d9d3cae50cd155ef02c) C:\WINDOWS\system32\DRIVERS\e1000325.sys

12:50:48.0421 4024 E1000 - ok

12:50:48.0531 4024 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

12:50:48.0781 4024 EL90XBC - ok

12:50:48.0921 4024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:50:49.0171 4024 Fastfat - ok

12:50:49.0296 4024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

12:50:49.0531 4024 Fdc - ok

12:50:49.0656 4024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:50:49.0906 4024 Fips - ok

12:50:50.0015 4024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

12:50:50.0250 4024 Flpydisk - ok

12:50:50.0359 4024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:50:50.0609 4024 FltMgr - ok

12:50:50.0765 4024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:50:51.0000 4024 Fs_Rec - ok

12:50:51.0109 4024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:50:51.0375 4024 Ftdisk - ok

12:50:51.0484 4024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:50:51.0734 4024 Gpc - ok

12:50:51.0843 4024 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:50:52.0093 4024 HidUsb - ok

12:50:52.0218 4024 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

12:50:52.0453 4024 hpn - ok

12:50:52.0578 4024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:50:52.0640 4024 HTTP - ok

12:50:52.0781 4024 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

12:50:53.0015 4024 i2omgmt - ok

12:50:53.0140 4024 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

12:50:53.0375 4024 i2omp - ok

12:50:53.0484 4024 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:50:53.0734 4024 i8042prt - ok

12:50:53.0843 4024 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

12:50:54.0140 4024 i81x - ok

12:50:54.0265 4024 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

12:50:54.0484 4024 iAimFP0 - ok

12:50:54.0593 4024 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

12:50:54.0812 4024 iAimFP1 - ok

12:50:54.0922 4024 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

12:50:55.0140 4024 iAimFP2 - ok

12:50:55.0281 4024 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

12:50:55.0484 4024 iAimFP3 - ok

12:50:55.0609 4024 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

12:50:55.0843 4024 iAimFP4 - ok

12:50:55.0937 4024 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

12:50:56.0187 4024 iAimTV0 - ok

12:50:56.0297 4024 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

12:50:56.0531 4024 iAimTV1 - ok

12:50:56.0609 4024 iAimTV2 - ok

12:50:56.0703 4024 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

12:50:56.0922 4024 iAimTV3 - ok

12:50:57.0031 4024 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

12:50:57.0265 4024 iAimTV4 - ok

12:50:57.0390 4024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:50:57.0640 4024 Imapi - ok

12:50:57.0781 4024 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

12:50:58.0031 4024 ini910u - ok

12:50:58.0140 4024 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

12:50:58.0390 4024 IntelIde - ok

12:50:58.0500 4024 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:50:58.0750 4024 intelppm - ok

12:50:58.0859 4024 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:50:59.0109 4024 ip6fw - ok

12:50:59.0250 4024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:50:59.0500 4024 IpFilterDriver - ok

12:50:59.0609 4024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:50:59.0859 4024 IpInIp - ok

12:50:59.0968 4024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:51:00.0234 4024 IpNat - ok

12:51:00.0328 4024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:51:00.0593 4024 IPSec - ok

12:51:00.0718 4024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:51:00.0968 4024 IRENUM - ok

12:51:01.0093 4024 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:51:01.0375 4024 isapnp - ok

12:51:01.0500 4024 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:51:01.0750 4024 Kbdclass - ok

12:51:01.0859 4024 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:51:02.0078 4024 kbdhid - ok

12:51:02.0187 4024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:51:02.0422 4024 kmixer - ok

12:51:02.0547 4024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:51:02.0625 4024 KSecDD - ok

12:51:02.0718 4024 lbrtfdc - ok

12:51:02.0843 4024 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

12:51:02.0875 4024 LMIInfo - ok

12:51:02.0984 4024 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys

12:51:03.0015 4024 LMImirr - ok

12:51:03.0109 4024 LMIRfsClientNP - ok

12:51:03.0187 4024 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

12:51:03.0218 4024 LMIRfsDriver - ok

12:51:03.0328 4024 MBAMSwissArmy - ok

12:51:03.0375 4024 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys

12:51:03.0437 4024 mmc_2K ( UnsignedFile.Multi.Generic ) - warning

12:51:03.0437 4024 mmc_2K - detected UnsignedFile.Multi.Generic (1)

12:51:03.0547 4024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:51:03.0781 4024 mnmdd - ok

12:51:03.0890 4024 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:51:04.0140 4024 Modem - ok

12:51:04.0250 4024 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys

12:51:04.0390 4024 MotDev - ok

12:51:04.0484 4024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:51:04.0734 4024 Mouclass - ok

12:51:04.0828 4024 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:51:05.0062 4024 mouhid - ok

12:51:05.0172 4024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:51:05.0422 4024 MountMgr - ok

12:51:05.0547 4024 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

12:51:05.0781 4024 mraid35x - ok

12:51:05.0890 4024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:51:06.0140 4024 MRxDAV - ok

12:51:06.0265 4024 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:51:06.0453 4024 MRxSmb - ok

12:51:06.0562 4024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:51:06.0812 4024 Msfs - ok

12:51:06.0922 4024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:51:07.0172 4024 MSKSSRV - ok

12:51:07.0281 4024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:51:07.0531 4024 MSPCLOCK - ok

12:51:07.0656 4024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:51:07.0906 4024 MSPQM - ok

12:51:08.0000 4024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:51:08.0250 4024 mssmbios - ok

12:51:08.0359 4024 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

12:51:08.0453 4024 Mup - ok

12:51:08.0578 4024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:51:08.0844 4024 NDIS - ok

12:51:08.0969 4024 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:51:09.0031 4024 NdisTapi - ok

12:51:09.0125 4024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:51:09.0375 4024 Ndisuio - ok

12:51:09.0484 4024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:51:09.0750 4024 NdisWan - ok

12:51:09.0844 4024 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:51:09.0906 4024 NDProxy - ok

12:51:10.0015 4024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:51:10.0265 4024 NetBIOS - ok

12:51:10.0390 4024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:51:10.0656 4024 NetBT - ok

12:51:10.0797 4024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:51:11.0047 4024 Npfs - ok

12:51:11.0172 4024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:51:11.0484 4024 Ntfs - ok

12:51:11.0609 4024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:51:11.0844 4024 Null - ok

12:51:12.0078 4024 nv (b19c2aae0922072ff4a467f2a37620ad) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:51:12.0469 4024 nv - ok

12:51:12.0609 4024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:51:12.0859 4024 NwlnkFlt - ok

12:51:12.0984 4024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:51:13.0250 4024 NwlnkFwd - ok

12:51:13.0375 4024 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

12:51:13.0406 4024 omci ( UnsignedFile.Multi.Generic ) - warning

12:51:13.0406 4024 omci - detected UnsignedFile.Multi.Generic (1)

12:51:13.0531 4024 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

12:51:13.0781 4024 P3 - ok

12:51:13.0890 4024 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:51:14.0140 4024 Parport - ok

12:51:14.0266 4024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:51:14.0500 4024 PartMgr - ok

12:51:14.0625 4024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:51:14.0844 4024 ParVdm - ok

12:51:14.0953 4024 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:51:15.0203 4024 PCI - ok

12:51:15.0297 4024 PCIDump - ok

12:51:15.0391 4024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:51:15.0609 4024 PCIIde - ok

12:51:15.0719 4024 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:51:15.0984 4024 Pcmcia - ok

12:51:16.0062 4024 PDCOMP - ok

12:51:16.0109 4024 PDFRAME - ok

12:51:16.0125 4024 PDRELI - ok

12:51:16.0156 4024 PDRFRAME - ok

12:51:16.0219 4024 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

12:51:16.0469 4024 perc2 - ok

12:51:16.0594 4024 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

12:51:16.0828 4024 perc2hib - ok

12:51:16.0953 4024 Point32 (420336f91eb745811cf130c80ede0653) C:\WINDOWS\system32\DRIVERS\point32.sys

12:51:17.0000 4024 Point32 - ok

12:51:17.0125 4024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:51:17.0375 4024 PptpMiniport - ok

12:51:17.0469 4024 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

12:51:17.0734 4024 Processor - ok

12:51:17.0844 4024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:51:18.0078 4024 PSched - ok

12:51:18.0219 4024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:51:18.0453 4024 Ptilink - ok

12:51:18.0578 4024 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys

12:51:18.0641 4024 pwd_2k ( UnsignedFile.Multi.Generic ) - warning

12:51:18.0641 4024 pwd_2k - detected UnsignedFile.Multi.Generic (1)

12:51:18.0766 4024 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

12:51:19.0000 4024 ql1080 - ok

12:51:19.0125 4024 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

12:51:19.0375 4024 Ql10wnt - ok

12:51:19.0500 4024 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

12:51:19.0734 4024 ql12160 - ok

12:51:19.0844 4024 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

12:51:20.0094 4024 ql1240 - ok

12:51:20.0219 4024 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

12:51:20.0453 4024 ql1280 - ok

12:51:20.0562 4024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:51:20.0781 4024 RasAcd - ok

12:51:20.0891 4024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:51:21.0141 4024 Rasl2tp - ok

12:51:21.0266 4024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:51:21.0500 4024 RasPppoe - ok

12:51:21.0625 4024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:51:21.0891 4024 Raspti - ok

12:51:22.0016 4024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:51:22.0281 4024 Rdbss - ok

12:51:22.0406 4024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:51:22.0625 4024 RDPCDD - ok

12:51:22.0766 4024 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:51:23.0031 4024 rdpdr - ok

12:51:23.0172 4024 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

12:51:23.0234 4024 RDPWD - ok

12:51:23.0344 4024 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:51:23.0609 4024 redbook - ok

12:51:23.0797 4024 sdiont (545b28fffcd55eac34635626504ad21c) C:\WINDOWS\system32\drivers\sdiont.sys

12:51:23.0844 4024 sdiont ( UnsignedFile.Multi.Generic ) - warning

12:51:23.0844 4024 sdiont - detected UnsignedFile.Multi.Generic (1)

12:51:23.0953 4024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:51:24.0203 4024 Secdrv - ok

12:51:24.0313 4024 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:51:24.0563 4024 serenum - ok

12:51:24.0672 4024 Serial (d49fc92d8db3663b477fb907cbbe84e5) C:\WINDOWS\system32\DRIVERS\serial.sys

12:51:24.0703 4024 Serial ( Rootkit.Win32.ZAccess.k ) - infected

12:51:24.0703 4024 Serial - detected Rootkit.Win32.ZAccess.k (0)

12:51:24.0813 4024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:51:25.0063 4024 Sfloppy - ok

12:51:25.0172 4024 Simbad - ok

12:51:25.0250 4024 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

12:51:25.0500 4024 sisagp - ok

12:51:25.0641 4024 smwdm (3a11abb30c6a64173f99c8c42e76827c) C:\WINDOWS\system32\drivers\smwdm.sys

12:51:25.0797 4024 smwdm - ok

12:51:25.0922 4024 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

12:51:26.0063 4024 Sparrow - ok

12:51:26.0172 4024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:51:26.0422 4024 splitter - ok

12:51:26.0531 4024 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:51:26.0781 4024 sr - ok

12:51:26.0906 4024 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

12:51:27.0078 4024 Srv - ok

12:51:27.0172 4024 SSPORT - ok

12:51:27.0234 4024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:51:27.0469 4024 swenum - ok

12:51:27.0578 4024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:51:27.0828 4024 swmidi - ok

12:51:27.0938 4024 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

12:51:28.0188 4024 symc810 - ok

12:51:28.0328 4024 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

12:51:28.0578 4024 symc8xx - ok

12:51:28.0703 4024 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

12:51:28.0953 4024 sym_hi - ok

12:51:29.0078 4024 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

12:51:29.0313 4024 sym_u3 - ok

12:51:29.0422 4024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:51:29.0672 4024 sysaudio - ok

12:51:29.0797 4024 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:51:29.0953 4024 Tcpip - ok

12:51:30.0063 4024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:51:30.0297 4024 TDPIPE - ok

12:51:30.0422 4024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:51:30.0656 4024 TDTCP - ok

12:51:30.0766 4024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:51:31.0016 4024 TermDD - ok

12:51:31.0141 4024 tmactmon (23a92ffa6a4938683dcbc9c66bda1248) C:\WINDOWS\system32\drivers\tmactmon.sys

12:51:31.0188 4024 tmactmon - ok

12:51:31.0297 4024 tmcfw (c4c49610ce91cee983f756e5c36db538) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys

12:51:31.0422 4024 tmcfw - ok

12:51:31.0516 4024 tmcomm (8762cb58a489b385feef2aea7f7718f3) C:\WINDOWS\system32\drivers\tmcomm.sys

12:51:31.0578 4024 tmcomm - ok

12:51:31.0688 4024 tmevtmgr (ebab207a0779f3e50bde267faaad696f) C:\WINDOWS\system32\drivers\tmevtmgr.sys

12:51:31.0719 4024 tmevtmgr - ok

12:51:31.0813 4024 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys

12:51:31.0844 4024 TmFilter - ok

12:51:31.0938 4024 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys

12:51:31.0984 4024 TmPreFilter - ok

12:51:32.0094 4024 tmtdi (6c9f58dd778b05df58839f1376bf4687) C:\WINDOWS\system32\DRIVERS\tmtdi.sys

12:51:32.0125 4024 tmtdi - ok

12:51:32.0250 4024 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

12:51:32.0453 4024 TosIde - ok

12:51:32.0594 4024 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

12:51:32.0734 4024 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - warning

12:51:32.0734 4024 UdfReadr_xp - detected UnsignedFile.Multi.Generic (1)

12:51:32.0844 4024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:51:33.0094 4024 Udfs - ok

12:51:33.0219 4024 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

12:51:33.0375 4024 ultra - ok

12:51:33.0484 4024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:51:33.0797 4024 Update - ok

12:51:33.0906 4024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:51:34.0141 4024 usbccgp - ok

12:51:34.0250 4024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:51:34.0500 4024 usbehci - ok

12:51:34.0610 4024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:51:34.0860 4024 usbhub - ok

12:51:34.0969 4024 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:51:35.0203 4024 usbscan - ok

12:51:35.0328 4024 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

12:51:35.0578 4024 usbser - ok

12:51:35.0688 4024 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:51:35.0906 4024 USBSTOR - ok

12:51:36.0000 4024 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:51:36.0250 4024 usbuhci - ok

12:51:36.0375 4024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:51:36.0625 4024 VgaSave - ok

12:51:36.0735 4024 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

12:51:36.0985 4024 viaagp - ok

12:51:37.0094 4024 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

12:51:37.0344 4024 ViaIde - ok

12:51:37.0469 4024 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:51:37.0719 4024 VolSnap - ok

12:51:37.0828 4024 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys

12:51:37.0953 4024 VSApiNt - ok

12:51:38.0063 4024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:51:38.0328 4024 Wanarp - ok

12:51:38.0438 4024 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

12:51:38.0578 4024 Wdf01000 - ok

12:51:38.0672 4024 WDICA - ok

12:51:38.0750 4024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:51:39.0031 4024 wdmaud - ok

12:51:39.0188 4024 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:51:39.0281 4024 WudfPf - ok

12:51:39.0391 4024 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:51:39.0453 4024 WudfRd - ok

12:51:39.0578 4024 XDS560 (c8a4224c4002b34ccf4eef0ffe680efa) C:\WINDOWS\system32\DRIVERS\xds560.sys

12:51:39.0610 4024 XDS560 ( UnsignedFile.Multi.Generic ) - warning

12:51:39.0610 4024 XDS560 - detected UnsignedFile.Multi.Generic (1)

12:51:39.0641 4024 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:51:39.0875 4024 \Device\Harddisk0\DR0 - ok

12:51:39.0891 4024 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3

12:51:41.0485 4024 \Device\Harddisk1\DR3 - ok

12:51:41.0500 4024 Boot (0x1200) (f03fc56d74ef3769d34d93062efb5283) \Device\Harddisk0\DR0\Partition0

12:51:41.0500 4024 \Device\Harddisk0\DR0\Partition0 - ok

12:51:41.0516 4024 Boot (0x1200) (7ee98f07e97f627052e47d18a9c20879) \Device\Harddisk1\DR3\Partition0

12:51:41.0516 4024 \Device\Harddisk1\DR3\Partition0 - ok

12:51:41.0516 4024 ============================================================

12:51:41.0516 4024 Scan finished

12:51:41.0516 4024 ============================================================

12:51:41.0672 2916 Detected object count: 13

12:51:41.0672 2916 Actual detected object count: 13

12:53:35.0252 2916 AsfAlrt ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0252 2916 AsfAlrt ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0252 2916 Cdr4_xp ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0252 2916 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0252 2916 Cdralw2k ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0252 2916 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0252 2916 cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0252 2916 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0252 2916 DriverX ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0252 2916 DriverX ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0252 2916 dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0252 2916 dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0252 2916 mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0252 2916 mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0267 2916 omci ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0267 2916 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0267 2916 pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0267 2916 pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0267 2916 sdiont ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:35.0267 2916 sdiont ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:35.0361 2916 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys) error 1813

12:53:45.0939 2916 Backup copy found, using it..

12:53:45.0955 2916 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot

12:53:50.0611 2916 Serial ( Rootkit.Win32.ZAccess.k ) - User select action: Cure

12:53:50.0611 2916 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:50.0611 2916 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:50.0611 2916 XDS560 ( UnsignedFile.Multi.Generic ) - skipped by user

12:53:50.0611 2916 XDS560 ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:53:59.0596 4560 Deinitialize success

Link to post
Share on other sites

It didn't see the rootkit this time.

Good or bad?

Here's the log

15:58:20.0917 2104 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27

15:58:21.0182 2104 ============================================================

15:58:21.0182 2104 Current date / time: 2011/12/22 15:58:21.0182

15:58:21.0182 2104 SystemInfo:

15:58:21.0182 2104

15:58:21.0182 2104 OS Version: 5.1.2600 ServicePack: 3.0

15:58:21.0182 2104 Product type: Workstation

15:58:21.0182 2104 ComputerName: SIGMA-LF

15:58:21.0182 2104 UserName: sigma_lf

15:58:21.0182 2104 Windows directory: C:\WINDOWS

15:58:21.0182 2104 System windows directory: C:\WINDOWS

15:58:21.0182 2104 Processor architecture: Intel x86

15:58:21.0182 2104 Number of processors: 2

15:58:21.0182 2104 Page size: 0x1000

15:58:21.0182 2104 Boot type: Normal boot

15:58:21.0182 2104 ============================================================

15:58:22.0120 2104 Initialize success

16:09:52.0657 2352 ============================================================

16:09:52.0657 2352 Scan started

16:09:52.0657 2352 Mode: Manual; SigCheck; TDLFS;

16:09:52.0657 2352 ============================================================

16:09:53.0125 2352 Abiosdsk - ok

16:09:53.0188 2352 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

16:09:55.0062 2352 abp480n5 - ok

16:09:55.0172 2352 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:09:55.0391 2352 ACPI - ok

16:09:55.0469 2352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

16:09:55.0641 2352 ACPIEC - ok

16:09:55.0750 2352 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

16:09:55.0953 2352 adpu160m - ok

16:09:56.0062 2352 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

16:09:56.0125 2352 aeaudio - ok

16:09:56.0234 2352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:09:56.0422 2352 aec - ok

16:09:56.0515 2352 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:09:56.0609 2352 AFD - ok

16:09:56.0718 2352 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys

16:09:56.0859 2352 agp440 - ok

16:09:56.0968 2352 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

16:09:57.0140 2352 agpCPQ - ok

16:09:57.0234 2352 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

16:09:57.0375 2352 Aha154x - ok

16:09:57.0484 2352 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

16:09:57.0640 2352 aic78u2 - ok

16:09:57.0750 2352 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

16:09:57.0921 2352 aic78xx - ok

16:09:58.0031 2352 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

16:09:58.0203 2352 AliIde - ok

16:09:58.0359 2352 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

16:09:58.0531 2352 alim1541 - ok

16:09:58.0624 2352 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

16:09:58.0796 2352 amdagp - ok

16:09:58.0906 2352 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

16:09:58.0999 2352 amsint - ok

16:09:59.0109 2352 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

16:09:59.0281 2352 asc - ok

16:09:59.0390 2352 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

16:09:59.0484 2352 asc3350p - ok

16:09:59.0593 2352 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

16:09:59.0765 2352 asc3550 - ok

16:09:59.0874 2352 AsfAlrt (e301dd2b6cced65e0537ceaee8f954b6) C:\WINDOWS\System32\drivers\AsfAlrt.sys

16:09:59.0921 2352 AsfAlrt ( UnsignedFile.Multi.Generic ) - warning

16:09:59.0921 2352 AsfAlrt - detected UnsignedFile.Multi.Generic (1)

16:10:00.0031 2352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:10:00.0187 2352 AsyncMac - ok

16:10:00.0296 2352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:10:00.0437 2352 atapi - ok

16:10:00.0515 2352 Atdisk - ok

16:10:00.0609 2352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:10:00.0765 2352 Atmarpc - ok

16:10:00.0874 2352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:10:01.0030 2352 audstub - ok

16:10:01.0155 2352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:10:01.0312 2352 Beep - ok

16:10:01.0405 2352 bh560eth (5a24d15648abf9036b8a4480b4f30cae) C:\WINDOWS\system32\Drivers\bh560eth.sys

16:10:01.0468 2352 bh560eth - ok

16:10:01.0593 2352 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

16:10:01.0765 2352 cbidf - ok

16:10:01.0874 2352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:10:02.0015 2352 cbidf2k - ok

16:10:02.0124 2352 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

16:10:02.0218 2352 cd20xrnt - ok

16:10:02.0343 2352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:10:02.0499 2352 Cdaudio - ok

16:10:02.0608 2352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:10:02.0749 2352 Cdfs - ok

16:10:02.0874 2352 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

16:10:02.0936 2352 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning

16:10:02.0936 2352 Cdr4_xp - detected UnsignedFile.Multi.Generic (1)

16:10:03.0030 2352 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys

16:10:03.0077 2352 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning

16:10:03.0077 2352 Cdralw2k - detected UnsignedFile.Multi.Generic (1)

16:10:03.0186 2352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:10:03.0343 2352 Cdrom - ok

16:10:03.0452 2352 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys

16:10:03.0483 2352 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning

16:10:03.0483 2352 cdudf_xp - detected UnsignedFile.Multi.Generic (1)

16:10:03.0561 2352 Changer - ok

16:10:03.0655 2352 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

16:10:03.0889 2352 CmdIde - ok

16:10:04.0030 2352 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

16:10:04.0280 2352 Cpqarray - ok

16:10:04.0405 2352 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

16:10:04.0717 2352 dac2w2k - ok

16:10:04.0827 2352 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

16:10:04.0999 2352 dac960nt - ok

16:10:05.0092 2352 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\WINDOWS\system32\DRIVERS\dc3d.sys

16:10:05.0124 2352 dc3d - ok

16:10:05.0170 2352 DgiVecp - ok

16:10:05.0233 2352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:10:05.0358 2352 Disk - ok

16:10:05.0483 2352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

16:10:05.0764 2352 dmboot - ok

16:10:05.0858 2352 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

16:10:05.0998 2352 dmio - ok

16:10:06.0092 2352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:10:06.0233 2352 dmload - ok

16:10:06.0358 2352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:10:06.0530 2352 DMusic - ok

16:10:06.0639 2352 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

16:10:06.0795 2352 dpti2o - ok

16:10:06.0905 2352 DriverX (d27a3a309da2f9122b64b556a9a2cc71) C:\WINDOWS\System32\Drivers\driverx.sys

16:10:06.0951 2352 DriverX ( UnsignedFile.Multi.Generic ) - warning

16:10:06.0951 2352 DriverX - detected UnsignedFile.Multi.Generic (1)

16:10:07.0061 2352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:10:07.0201 2352 drmkaud - ok

16:10:07.0311 2352 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys

16:10:07.0373 2352 dvd_2K ( UnsignedFile.Multi.Generic ) - warning

16:10:07.0373 2352 dvd_2K - detected UnsignedFile.Multi.Generic (1)

16:10:07.0483 2352 E1000 (a97b4360acc61d9d3cae50cd155ef02c) C:\WINDOWS\system32\DRIVERS\e1000325.sys

16:10:07.0576 2352 E1000 - ok

16:10:07.0686 2352 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

16:10:07.0842 2352 EL90XBC - ok

16:10:07.0951 2352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:10:08.0092 2352 Fastfat - ok

16:10:08.0201 2352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

16:10:08.0389 2352 Fdc - ok

16:10:08.0483 2352 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

16:10:08.0639 2352 Fips - ok

16:10:08.0764 2352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

16:10:08.0920 2352 Flpydisk - ok

16:10:09.0029 2352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:10:09.0170 2352 FltMgr - ok

16:10:09.0295 2352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:10:09.0451 2352 Fs_Rec - ok

16:10:09.0561 2352 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:10:09.0701 2352 Ftdisk - ok

16:10:09.0810 2352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:10:09.0982 2352 Gpc - ok

16:10:10.0076 2352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:10:10.0232 2352 HidUsb - ok

16:10:10.0342 2352 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

16:10:10.0498 2352 hpn - ok

16:10:10.0592 2352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:10:10.0638 2352 HTTP - ok

16:10:10.0748 2352 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

16:10:10.0904 2352 i2omgmt - ok

16:10:10.0998 2352 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

16:10:11.0170 2352 i2omp - ok

16:10:11.0263 2352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:10:11.0435 2352 i8042prt - ok

16:10:11.0545 2352 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

16:10:11.0732 2352 i81x - ok

16:10:11.0826 2352 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

16:10:11.0966 2352 iAimFP0 - ok

16:10:12.0060 2352 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

16:10:12.0216 2352 iAimFP1 - ok

16:10:12.0357 2352 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

16:10:12.0498 2352 iAimFP2 - ok

16:10:12.0623 2352 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

16:10:12.0748 2352 iAimFP3 - ok

16:10:12.0888 2352 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

16:10:13.0029 2352 iAimFP4 - ok

16:10:13.0138 2352 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

16:10:13.0294 2352 iAimTV0 - ok

16:10:13.0372 2352 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

16:10:13.0529 2352 iAimTV1 - ok

16:10:13.0607 2352 iAimTV2 - ok

16:10:13.0685 2352 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

16:10:13.0841 2352 iAimTV3 - ok

16:10:13.0935 2352 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

16:10:14.0076 2352 iAimTV4 - ok

16:10:14.0185 2352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:10:14.0341 2352 Imapi - ok

16:10:14.0466 2352 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

16:10:14.0622 2352 ini910u - ok

16:10:14.0732 2352 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

16:10:14.0888 2352 IntelIde - ok

16:10:14.0997 2352 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:10:15.0138 2352 intelppm - ok

16:10:15.0247 2352 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:10:15.0419 2352 ip6fw - ok

16:10:15.0528 2352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:10:15.0700 2352 IpFilterDriver - ok

16:10:15.0794 2352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:10:15.0966 2352 IpInIp - ok

16:10:16.0060 2352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:10:16.0231 2352 IpNat - ok

16:10:16.0325 2352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:10:16.0481 2352 IPSec - ok

16:10:16.0591 2352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:10:16.0747 2352 IRENUM - ok

16:10:16.0856 2352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:10:16.0997 2352 isapnp - ok

16:10:17.0106 2352 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:10:17.0263 2352 Kbdclass - ok

16:10:17.0356 2352 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:10:17.0497 2352 kbdhid - ok

16:10:17.0591 2352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:10:17.0747 2352 kmixer - ok

16:10:17.0841 2352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:10:17.0934 2352 KSecDD - ok

16:10:18.0028 2352 lbrtfdc - ok

16:10:18.0122 2352 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

16:10:18.0153 2352 LMIInfo - ok

16:10:18.0247 2352 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys

16:10:18.0262 2352 LMImirr - ok

16:10:18.0309 2352 LMIRfsClientNP - ok

16:10:18.0372 2352 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

16:10:18.0387 2352 LMIRfsDriver - ok

16:10:18.0466 2352 MBAMSwissArmy - ok

16:10:18.0528 2352 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys

16:10:18.0559 2352 mmc_2K ( UnsignedFile.Multi.Generic ) - warning

16:10:18.0559 2352 mmc_2K - detected UnsignedFile.Multi.Generic (1)

16:10:18.0653 2352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:10:18.0809 2352 mnmdd - ok

16:10:18.0919 2352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

16:10:19.0075 2352 Modem - ok

16:10:19.0184 2352 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys

16:10:19.0294 2352 MotDev - ok

16:10:19.0387 2352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:10:19.0544 2352 Mouclass - ok

16:10:19.0637 2352 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:10:19.0794 2352 mouhid - ok

16:10:19.0887 2352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:10:20.0028 2352 MountMgr - ok

16:10:20.0137 2352 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

16:10:20.0309 2352 mraid35x - ok

16:10:20.0418 2352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:10:20.0559 2352 MRxDAV - ok

16:10:20.0668 2352 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:10:20.0762 2352 MRxSmb - ok

16:10:20.0871 2352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:10:21.0012 2352 Msfs - ok

16:10:21.0106 2352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:10:21.0262 2352 MSKSSRV - ok

16:10:21.0387 2352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:10:21.0543 2352 MSPCLOCK - ok

16:10:21.0653 2352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:10:21.0809 2352 MSPQM - ok

16:10:21.0903 2352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:10:22.0043 2352 mssmbios - ok

16:10:22.0168 2352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:10:22.0199 2352 Mup - ok

16:10:22.0340 2352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:10:22.0481 2352 NDIS - ok

16:10:22.0590 2352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:10:22.0637 2352 NdisTapi - ok

16:10:22.0731 2352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:10:22.0871 2352 Ndisuio - ok

16:10:22.0981 2352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:10:23.0137 2352 NdisWan - ok

16:10:23.0246 2352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:10:23.0309 2352 NDProxy - ok

16:10:23.0434 2352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:10:23.0574 2352 NetBIOS - ok

16:10:23.0668 2352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:10:23.0824 2352 NetBT - ok

16:10:23.0965 2352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:10:24.0090 2352 Npfs - ok

16:10:24.0215 2352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:10:24.0387 2352 Ntfs - ok

16:10:24.0496 2352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:10:24.0652 2352 Null - ok

16:10:24.0871 2352 nv (b19c2aae0922072ff4a467f2a37620ad) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

16:10:25.0230 2352 nv - ok

16:10:25.0355 2352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:10:25.0527 2352 NwlnkFlt - ok

16:10:25.0636 2352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:10:25.0808 2352 NwlnkFwd - ok

16:10:25.0918 2352 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

16:10:25.0933 2352 omci ( UnsignedFile.Multi.Generic ) - warning

16:10:25.0933 2352 omci - detected UnsignedFile.Multi.Generic (1)

16:10:26.0043 2352 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

16:10:26.0215 2352 P3 - ok

16:10:26.0308 2352 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

16:10:26.0464 2352 Parport - ok

16:10:26.0558 2352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:10:26.0699 2352 PartMgr - ok

16:10:26.0808 2352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

16:10:26.0964 2352 ParVdm - ok

16:10:27.0058 2352 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

16:10:27.0199 2352 PCI - ok

16:10:27.0277 2352 PCIDump - ok

16:10:27.0355 2352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:10:27.0496 2352 PCIIde - ok

16:10:27.0589 2352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

16:10:27.0761 2352 Pcmcia - ok

16:10:27.0839 2352 PDCOMP - ok

16:10:27.0902 2352 PDFRAME - ok

16:10:27.0996 2352 PDRELI - ok

16:10:28.0058 2352 PDRFRAME - ok

16:10:28.0183 2352 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

16:10:28.0355 2352 perc2 - ok

16:10:28.0449 2352 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

16:10:28.0605 2352 perc2hib - ok

16:10:28.0714 2352 Point32 (420336f91eb745811cf130c80ede0653) C:\WINDOWS\system32\DRIVERS\point32.sys

16:10:28.0745 2352 Point32 - ok

16:10:28.0839 2352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:10:29.0011 2352 PptpMiniport - ok

16:10:29.0105 2352 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

16:10:29.0261 2352 Processor - ok

16:10:29.0370 2352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:10:29.0542 2352 PSched - ok

16:10:29.0652 2352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:10:29.0792 2352 Ptilink - ok

16:10:29.0917 2352 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys

16:10:29.0964 2352 pwd_2k ( UnsignedFile.Multi.Generic ) - warning

16:10:29.0964 2352 pwd_2k - detected UnsignedFile.Multi.Generic (1)

16:10:30.0058 2352 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

16:10:30.0214 2352 ql1080 - ok

16:10:30.0339 2352 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

16:10:30.0511 2352 Ql10wnt - ok

16:10:30.0605 2352 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

16:10:30.0761 2352 ql12160 - ok

16:10:30.0870 2352 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

16:10:31.0026 2352 ql1240 - ok

16:10:31.0136 2352 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

16:10:31.0292 2352 ql1280 - ok

16:10:31.0401 2352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:10:31.0542 2352 RasAcd - ok

16:10:31.0651 2352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:10:31.0792 2352 Rasl2tp - ok

16:10:31.0901 2352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:10:32.0057 2352 RasPppoe - ok

16:10:32.0167 2352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:10:32.0323 2352 Raspti - ok

16:10:32.0417 2352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:10:32.0542 2352 Rdbss - ok

16:10:32.0667 2352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:10:32.0854 2352 RDPCDD - ok

16:10:32.0948 2352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:10:33.0120 2352 rdpdr - ok

16:10:33.0245 2352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

16:10:33.0307 2352 RDPWD - ok

16:10:33.0401 2352 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:10:33.0573 2352 redbook - ok

16:10:33.0698 2352 sdiont (545b28fffcd55eac34635626504ad21c) C:\WINDOWS\system32\drivers\sdiont.sys

16:10:33.0729 2352 sdiont ( UnsignedFile.Multi.Generic ) - warning

16:10:33.0729 2352 sdiont - detected UnsignedFile.Multi.Generic (1)

16:10:33.0823 2352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:10:33.0979 2352 Secdrv - ok

16:10:34.0088 2352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

16:10:34.0245 2352 serenum - ok

16:10:34.0354 2352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

16:10:34.0510 2352 Serial - ok

16:10:34.0620 2352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:10:34.0776 2352 Sfloppy - ok

16:10:34.0870 2352 Simbad - ok

16:10:34.0948 2352 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

16:10:35.0104 2352 sisagp - ok

16:10:35.0229 2352 smwdm (3a11abb30c6a64173f99c8c42e76827c) C:\WINDOWS\system32\drivers\smwdm.sys

16:10:35.0370 2352 smwdm - ok

16:10:35.0479 2352 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

16:10:35.0573 2352 Sparrow - ok

16:10:35.0682 2352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:10:35.0823 2352 splitter - ok

16:10:35.0948 2352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

16:10:36.0088 2352 sr - ok

16:10:36.0198 2352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:10:36.0260 2352 Srv - ok

16:10:36.0338 2352 SSPORT - ok

16:10:36.0385 2352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:10:36.0557 2352 swenum - ok

16:10:36.0651 2352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:10:36.0807 2352 swmidi - ok

16:10:36.0916 2352 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

16:10:37.0088 2352 symc810 - ok

16:10:37.0182 2352 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

16:10:37.0354 2352 symc8xx - ok

16:10:37.0463 2352 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

16:10:37.0619 2352 sym_hi - ok

16:10:37.0729 2352 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

16:10:37.0869 2352 sym_u3 - ok

16:10:37.0979 2352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:10:38.0135 2352 sysaudio - ok

16:10:38.0260 2352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:10:38.0400 2352 Tcpip - ok

16:10:38.0510 2352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:10:38.0666 2352 TDPIPE - ok

16:10:38.0775 2352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:10:38.0932 2352 TDTCP - ok

16:10:39.0025 2352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:10:39.0182 2352 TermDD - ok

16:10:39.0291 2352 tmactmon (23a92ffa6a4938683dcbc9c66bda1248) C:\WINDOWS\system32\drivers\tmactmon.sys

16:10:39.0322 2352 tmactmon - ok

16:10:39.0447 2352 tmcfw (c4c49610ce91cee983f756e5c36db538) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys

16:10:39.0510 2352 tmcfw - ok

16:10:39.0619 2352 tmcomm (8762cb58a489b385feef2aea7f7718f3) C:\WINDOWS\system32\drivers\tmcomm.sys

16:10:39.0650 2352 tmcomm - ok

16:10:39.0744 2352 tmevtmgr (ebab207a0779f3e50bde267faaad696f) C:\WINDOWS\system32\drivers\tmevtmgr.sys

16:10:39.0775 2352 tmevtmgr - ok

16:10:39.0869 2352 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys

16:10:39.0885 2352 TmFilter - ok

16:10:39.0900 2352 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys

16:10:39.0916 2352 TmPreFilter - ok

16:10:40.0010 2352 tmtdi (6c9f58dd778b05df58839f1376bf4687) C:\WINDOWS\system32\DRIVERS\tmtdi.sys

16:10:40.0025 2352 tmtdi - ok

16:10:40.0135 2352 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

16:10:40.0291 2352 TosIde - ok

16:10:40.0400 2352 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

16:10:40.0416 2352 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - warning

16:10:40.0416 2352 UdfReadr_xp - detected UnsignedFile.Multi.Generic (1)

16:10:40.0509 2352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:10:40.0681 2352 Udfs - ok

16:10:40.0775 2352 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

16:10:40.0869 2352 ultra - ok

16:10:40.0978 2352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:10:41.0181 2352 Update - ok

16:10:41.0275 2352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:10:41.0447 2352 usbccgp - ok

16:10:41.0541 2352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:10:41.0697 2352 usbehci - ok

16:10:41.0791 2352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:10:41.0947 2352 usbhub - ok

16:10:42.0056 2352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:10:42.0212 2352 usbscan - ok

16:10:42.0337 2352 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

16:10:42.0494 2352 usbser - ok

16:10:42.0587 2352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:10:42.0728 2352 USBSTOR - ok

16:10:42.0837 2352 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:10:42.0994 2352 usbuhci - ok

16:10:43.0087 2352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:10:43.0243 2352 VgaSave - ok

16:10:43.0353 2352 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

16:10:43.0525 2352 viaagp - ok

16:10:43.0634 2352 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

16:10:43.0790 2352 ViaIde - ok

16:10:43.0884 2352 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

16:10:44.0025 2352 VolSnap - ok

16:10:44.0134 2352 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys

16:10:44.0212 2352 VSApiNt - ok

16:10:44.0321 2352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:10:44.0478 2352 Wanarp - ok

16:10:44.0603 2352 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

16:10:44.0665 2352 Wdf01000 - ok

16:10:44.0743 2352 WDICA - ok

16:10:44.0790 2352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:10:44.0962 2352 wdmaud - ok

16:10:45.0087 2352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:10:45.0165 2352 WudfPf - ok

16:10:45.0274 2352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:10:45.0337 2352 WudfRd - ok

16:10:45.0446 2352 XDS560 (c8a4224c4002b34ccf4eef0ffe680efa) C:\WINDOWS\system32\DRIVERS\xds560.sys

16:10:45.0478 2352 XDS560 ( UnsignedFile.Multi.Generic ) - warning

16:10:45.0478 2352 XDS560 - detected UnsignedFile.Multi.Generic (1)

16:10:45.0493 2352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

16:10:45.0712 2352 \Device\Harddisk0\DR0 - ok

16:10:45.0712 2352 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3

16:10:46.0634 2352 \Device\Harddisk1\DR3 - ok

16:10:46.0649 2352 Boot (0x1200) (f03fc56d74ef3769d34d93062efb5283) \Device\Harddisk0\DR0\Partition0

16:10:46.0649 2352 \Device\Harddisk0\DR0\Partition0 - ok

16:10:46.0649 2352 Boot (0x1200) (7ee98f07e97f627052e47d18a9c20879) \Device\Harddisk1\DR3\Partition0

16:10:46.0649 2352 \Device\Harddisk1\DR3\Partition0 - ok

16:10:46.0649 2352 ============================================================

16:10:46.0649 2352 Scan finished

16:10:46.0649 2352 ============================================================

16:10:46.0759 3904 Detected object count: 12

16:10:46.0759 3904 Actual detected object count: 12

16:11:13.0396 3904 AsfAlrt ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0396 3904 AsfAlrt ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0396 3904 Cdr4_xp ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0396 3904 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0396 3904 Cdralw2k ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0396 3904 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0396 3904 cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0396 3904 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0411 3904 DriverX ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0411 3904 DriverX ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0411 3904 dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0411 3904 dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0411 3904 mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0411 3904 mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0427 3904 omci ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0427 3904 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0427 3904 pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0427 3904 pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0427 3904 sdiont ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0427 3904 sdiont ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0427 3904 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0427 3904 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:13.0427 3904 XDS560 ( UnsignedFile.Multi.Generic ) - skipped by user

16:11:13.0427 3904 XDS560 ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:11:20.0895 0464 Deinitialize success

Link to post
Share on other sites

OK, done.

I did not see a "include all files" box, but I did check off all the boxes.

Here's what I got.

Farbar Service Scanner

Ran by sigma_lf (administrator) on 22-12-2011 at 16:28:17

Microsoft Windows XP Professional Service Pack 3 (X86)

********************************************************

Internet Services:

=================

Connection Status:

=================

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

================

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is set to Disabled. The default start type is Auto.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

========================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

==============

System Restore Disabled Policy:

==============================

File Check:

==========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****

Link to post
Share on other sites

OK...Looks Good.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

OK, got it.

there was a problem around test 5 or so that I had to click OK on for it to finish running. Like a dummy I didn't write down exactly what the error was. :rolleyes:

Here's the log.

ComboFix 11-12-22.04 - sigma_lf 12/22/2011 17:18:12.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1521 [GMT -5:00]

Running from: c:\documents and settings\sigma_lf.SIGMADESIGN\Desktop\New Folder\ComboFix.exe

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Outdated* {FB12AA39-B46B-463E-BC99-D3EDB06FF1E9}

FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt

c:\program files\Shared

c:\program files\Shared\ 4451339.DLL

c:\windows\$NtUninstallKB42323$

c:\windows\$NtUninstallKB42323$\2281975127\@

c:\windows\$NtUninstallKB42323$\2281975127\bckfg.tmp

c:\windows\$NtUninstallKB42323$\2281975127\cfg.ini

c:\windows\$NtUninstallKB42323$\2281975127\Desktop.ini

c:\windows\$NtUninstallKB42323$\2281975127\keywords

c:\windows\$NtUninstallKB42323$\2281975127\kwrd.dll

c:\windows\$NtUninstallKB42323$\2281975127\L\rnmncxam

c:\windows\$NtUninstallKB42323$\2281975127\lsflt7.ver

c:\windows\$NtUninstallKB42323$\2281975127\U\00000001.@

c:\windows\$NtUninstallKB42323$\2281975127\U\00000002.@

c:\windows\$NtUninstallKB42323$\2281975127\U\00000004.@

c:\windows\$NtUninstallKB42323$\2281975127\U\80000000.@

c:\windows\$NtUninstallKB42323$\2281975127\U\80000004.@

c:\windows\$NtUninstallKB42323$\2281975127\U\80000032.@

c:\windows\$NtUninstallKB42323$\2559446504

c:\windows\Downloaded Program Files\RdxIE.dll

c:\windows\system32\comrepl.exe

c:\windows\system32\oobe\isperror

c:\windows\system32\oobe\isperror\ISPCNERR.HTM

c:\windows\system32\oobe\isperror\ISPDTONE.HTM

c:\windows\system32\oobe\isperror\ISPHDSHK.HTM

c:\windows\system32\oobe\isperror\ISPINS.HTM

c:\windows\system32\oobe\isperror\ISPNOANW.HTM

c:\windows\system32\oobe\isperror\ISPPBERR.HTM

c:\windows\system32\oobe\isperror\ISPPHBSY.HTM

c:\windows\system32\oobe\isperror\ISPSBUSY.HTM

c:\windows\system32\SETF8.tmp

c:\windows\system32\SETFD.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))

.

.

2011-12-19 15:41 . 2011-12-19 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-12-15 14:44 . 2009-12-21 19:42 15616 ----a-w- c:\windows\system32\mot_ci.dll

2011-12-15 14:44 . 2009-05-08 16:56 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys

2011-12-09 18:19 . 2011-12-09 18:19 -------- d--h--w- c:\windows\PIF

2011-12-09 15:40 . 2011-12-09 15:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-12-09 14:37 . 2011-12-12 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-08 23:55 . 2011-12-08 23:55 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-12-01 14:33 . 2011-12-01 14:34 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-12-01 14:33 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2011-12-01 14:32 . 2010-12-14 23:09 44416 ----a-w- c:\windows\system32\drivers\dc3d.sys

2011-12-01 14:32 . 2010-11-17 03:54 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2011-12-01 14:32 . 2011-12-01 14:32 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2011-12-01 14:32 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-12-01 14:32 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2011-12-01 14:31 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-12-01 14:31 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-22 17:52 . 2002-08-29 10:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-12-21 16:39 . 2011-05-20 12:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-19 14:00 . 2007-06-06 10:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-12-19 14:00 . 2005-09-15 20:04 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-12-19 14:00 . 2005-12-07 11:55 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-12-19 14:00 . 2005-09-15 20:04 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-11-10 10:54 . 2011-02-16 14:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 08:27 . 2007-05-15 11:04 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-10-10 14:22 . 2002-08-29 10:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-10 13:03 . 2007-06-06 10:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-10-10 13:03 . 2005-09-15 20:04 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-09-28 07:06 . 2004-05-11 04:15 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2002-08-29 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2002-08-29 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-12-22 17:52 . 2011-12-21 14:28 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-20 155648]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-20 155648]

"CnwiDeviceAgent"="c:\program files\Canon\GAROStatusMonitor\cnwida.exe" [2006-07-27 65536]

"nwiz"="nwiz.exe" [2006-07-12 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]

"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2008-11-18 882048]

"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-01-31 7300392]

"Dell PanelMgr"="c:\windows\Dell\PanelMgr\SSMMgr.exe" [2009-05-08 541936]

"2335dn Scan2PC"="c:\windows\TWAIN_32\Dell\Dell2335\Scan2Pc.exe" [2008-09-26 495616]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-29 180269]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-01-07 1778552]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

GARO Status Monitor.lnk - c:\program files\Canon\GAROStatusMonitor\cnwism.exe [2007-1-8 348160]

SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks2005\swScheduler\swBOEngine.exe [N/A]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-12-19 14:00 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2001-07-03 14:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Canon\\GARO Device Setup Utility\\cnwids.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"28918:TCP"= 28918:TCP:Trend Micro Client/Server Security Agent Listener

.

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2/10/2003 4:52 AM 114688]

R2 AsfAlrt;AsfAlrt;c:\windows\SYSTEM32\DRIVERS\Asfalrt.sys [12/18/2002 4:31 AM 36064]

R2 bh560eth;Blackhawk 560 Ethernet JTAG Emulator Driver;c:\windows\SYSTEM32\DRIVERS\bh560eth.sys [8/5/2011 8:34 AM 97776]

R2 DriverX;DriverX;c:\windows\SYSTEM32\DRIVERS\DRIVERX.SYS [8/5/2011 8:36 AM 234140]

R2 HPWebJetadmin;HP Web Jetadmin;c:\program files\HP Web Jetadmin\hpwebjetd.exe [5/20/2004 8:01 AM 20480]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/4/2010 7:52 AM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/6/2007 5:44 AM 12856]

R2 MatLocalLicenceServer50;Materialise Local License Server 5.0;c:\program files\Common Files\Materialise\LicenseFiles\LicSrv50.exe [3/16/2010 9:22 AM 36864]

R2 MatLocalLicenceServer52;Materialise Local License Server 5.2;c:\program files\Common Files\Materialise\LicenseFiles\LicSrv52.exe [3/16/2010 9:22 AM 475136]

R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 2:35 PM 227184]

R2 sdiont;sdiont;c:\windows\SYSTEM32\DRIVERS\sdiont.sys [8/5/2011 8:34 AM 4576]

R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [11/26/2008 5:42 PM 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [11/26/2008 5:42 PM 36624]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/8/2008 4:17 PM 24652]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\SYSTEM32\DRIVERS\dc3d.sys [12/1/2011 9:32 AM 44416]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\SYSTEM32\DRIVERS\TM_CFW.sys [7/21/2008 6:50 PM 334352]

R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [11/5/2008 2:58 PM 492888]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [11/5/2008 2:58 PM 677128]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S2 tmevtmgr;tmevtmgr;c:\windows\SYSTEM32\DRIVERS\tmevtmgr.sys [3/6/2009 3:50 PM 50192]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [6/15/2010 8:14 AM 87336]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [12/15/2011 9:44 AM 42752]

S3 XDS560;Texas Instruments XDS560 Device Driver;c:\windows\SYSTEM32\DRIVERS\xds560.sys [8/5/2011 8:33 AM 31472]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-01-07 23:11]

.

2011-12-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2011-01-07 23:18]

.

2011-12-15 c:\windows\Tasks\MotoHelper MUM.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]

.

2011-12-22 c:\windows\Tasks\MotoHelper Routing.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]

.

2011-12-15 c:\windows\Tasks\MotoHelper Update.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]

.

2011-12-22 c:\windows\Tasks\PCoff.job

- c:\windows\SYSTEM32\shutdown.exe [2002-08-29 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

TCP: Interfaces\{24C690BC-EBA4-47F3-A674-A76E9617C2CA}: NameServer = 10.34.0.155,10.34.0.156,75.250.0.12

DPF: RedEyeQuote - hxxps://www.redeyerpm.com/RedEyeQuote.cab

DPF: {03290DF3-5034-11D0-BC8C-524153480000} - hxxps://www.dpt-fast.com/stlview/astlview2005.dpt

DPF: {13EC470D-6583-42A3-B07D-648F70BC5CA0} - hxxp://extranet.protomold.net/ProtoView/current/setup.exe

DPF: {1C36B926-2E36-4979-8949-ACE9081ED560} - hxxp://www.imshome.com/MDrivePartsBuilder/MDrivePartSelect.CAB

DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} - hxxp://www.catalogds.com/dtd/pvcadview.cab

DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://71.250.234.187:85/ActiveView.cab

DPF: {9BBB3919-F518-4D06-8209-299FC243FC2A} - hxxps://server:4343/SMB/console/html/root/AtxEnc.cab

DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/pages/services/subscription/downloads/sldimdownload.cab

FF - ProfilePath - c:\documents and settings\sigma_lf.SIGMADESIGN\Application Data\Mozilla\Firefox\Profiles\r21hoqbd.default\

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe

HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

Notify-NavLogon - (no file)

SafeBoot-32910734.sys

AddRemove-AZTEC - f:\programs\melcor\Remove.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-22 17:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,2a,4a,47,d1,8e,38,48,b3,f3,94,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,2a,4a,47,d1,8e,38,48,b3,f3,94,\

.

[HKEY_USERS\S-1-5-21-1057600790-2480710899-3901460984-1136\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1072)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(3828)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe

c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

.

**************************************************************************

.

Completion time: 2011-12-22 17:49:41 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-22 22:49

.

Pre-Run: 25,724,329,984 bytes free

Post-Run: 27,198,951,424 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 9F5C7BF12DAF53FC986AFF2D3908C505

Link to post
Share on other sites

OK, It seems OK.

Here's the Log.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122308

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/23/2011 3:52:28 PM

mbam-log-2011-12-23 (15-52-28).txt

Scan type: Quick scan

Objects scanned: 233152

Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Link to post
Share on other sites

Good :)

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Have a Good Holiday and New Year!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.