Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus (Rootkit) TDSS killer wont run


  • Please log in to reply
8 replies to this topic

#1 OsmanS

OsmanS

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 18 August 2012 - 02:12 PM

So I have the redirect virus rootkit

http://puu.sh/Wyr4


Removing it via AVG didnt work. TDSS Killer wont launch, not even in safemode. Malware bytes does not detect any issues, neither does FSBL

Any help would be greatly appreciated. Thank You.

I am on Windows xp pro sp3

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:25 AM

Posted 18 August 2012 - 02:21 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot ,click on REPAIR


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here


Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

#3 OsmanS

OsmanS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 18 August 2012 - 02:41 PM

Thanks, FixTDSS didnt launch, even after I renamed it. Doing the rest now

#4 OsmanS

OsmanS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 18 August 2012 - 02:47 PM

aswMBR also would not run


ListParts Log


ListParts by Farbar Version: 10-08-2012
Ran by Osman (administrator) on 18-08-2012 at 15:46:55
Windows XP (X86)
Running From: C:\Documents and Settings\Osman\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 47%
Total physical RAM: 3070.07 MB
Available physical RAM: 1620.14 MB
Total Pagefile: 5056.34 MB
Available Pagefile: 3446.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.28 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:298.08 GB) (Free:104.54 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 32 KB
Partition 2 Unknown 10 MB 298 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 298 GB Healthy Boot
======================================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.
======================================================================================================

****** End Of Log ******

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:25 AM

Posted 18 August 2012 - 02:59 PM

.

Edited by narenxp, 18 August 2012 - 03:12 PM.


#6 OsmanS

OsmanS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 18 August 2012 - 03:11 PM

Thank You ! It worked. The rootkit seems to have gone. My computer is much faster and Ive tried 10 google searches without having a redirect. I cant find the logs but I can look for them and post them if you want me to. Thanks so much

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:25 AM

Posted 18 August 2012 - 03:13 PM

Grt :thumbsup:


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#8 OsmanS

OsmanS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 18 August 2012 - 03:15 PM

16:04:48.0640 3724 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
16:04:48.0906 3724 ============================================================
16:04:48.0906 3724 Current date / time: 2012/08/18 16:04:48.0906
16:04:48.0906 3724 SystemInfo:
16:04:48.0906 3724
16:04:48.0906 3724 OS Version: 5.1.2600 ServicePack: 3.0
16:04:48.0906 3724 Product type: Workstation
16:04:48.0906 3724 ComputerName: N-F65537EEA5CC4
16:04:48.0906 3724 UserName: Osman
16:04:48.0906 3724 Windows directory: C:\WINDOWS
16:04:48.0906 3724 System windows directory: C:\WINDOWS
16:04:48.0906 3724 Processor architecture: Intel x86
16:04:48.0906 3724 Number of processors: 1
16:04:48.0906 3724 Page size: 0x1000
16:04:48.0906 3724 Boot type: Normal boot
16:04:48.0906 3724 ============================================================
16:04:51.0390 3724 BG loaded
16:04:52.0125 3724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A4
16:04:52.0156 3724 ============================================================
16:04:52.0156 3724 \Device\Harddisk0\DR0:
16:04:52.0156 3724 MBR partitions:
16:04:52.0156 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
16:04:52.0156 3724 ============================================================
16:04:52.0250 3724 C: <-> \Device\Harddisk0\DR0\Partition1
16:04:52.0250 3724 ============================================================
16:04:52.0250 3724 Initialize success
16:04:52.0250 3724 ============================================================
16:04:56.0578 3872 ============================================================
16:04:56.0578 3872 Scan started
16:04:56.0578 3872 Mode: Manual;
16:04:56.0578 3872 ============================================================
16:04:57.0828 3872 ================ Scan services =============================
16:04:57.0921 3872 Abiosdsk - ok
16:04:57.0937 3872 abp480n5 - ok
16:04:58.0015 3872 [ 66dc3740111238c91b875d8a0021834d ] acedrv11 C:\WINDOWS\system32\drivers\acedrv11.sys
16:04:58.0015 3872 acedrv11 - ok
16:04:58.0078 3872 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:04:58.0093 3872 ACPI - ok
16:04:58.0140 3872 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:04:58.0140 3872 ACPIEC - ok
16:04:58.0203 3872 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:04:58.0218 3872 AdobeFlashPlayerUpdateSvc - ok
16:04:58.0218 3872 adpu160m - ok
16:04:58.0250 3872 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:04:58.0250 3872 aec - ok
16:04:58.0281 3872 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:04:58.0281 3872 AFD - ok
16:04:58.0281 3872 Aha154x - ok
16:04:58.0296 3872 aic78u2 - ok
16:04:58.0312 3872 aic78xx - ok
16:04:58.0343 3872 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:04:58.0343 3872 Alerter - ok
16:04:58.0359 3872 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
16:04:58.0359 3872 ALG - ok
16:04:58.0375 3872 AliIde - ok
16:04:58.0375 3872 amsint - ok
16:04:58.0484 3872 [ 20f6f19fe9e753f2780dc2fa083ad597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:04:58.0484 3872 Apple Mobile Device - ok
16:04:58.0531 3872 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:04:58.0531 3872 AppMgmt - ok
16:04:58.0531 3872 asc - ok
16:04:58.0546 3872 asc3350p - ok
16:04:58.0546 3872 asc3550 - ok
16:04:58.0656 3872 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:04:58.0671 3872 aspnet_state - ok
16:04:58.0687 3872 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:04:58.0687 3872 AsyncMac - ok
16:04:58.0734 3872 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:04:58.0750 3872 atapi - ok
16:04:58.0750 3872 Atdisk - ok
16:04:58.0796 3872 [ 471087b5e1e01cc82604e81ea14781d8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:04:58.0812 3872 Ati HotKey Poller - ok
16:04:58.0843 3872 [ b979ba0120b6db757196a8e2e873fe3c ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
16:04:58.0859 3872 ATI Smart - ok
16:04:58.0937 3872 [ c0b86ecb324e50f6bbd529f9d5c6b24b ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:04:58.0953 3872 ati2mtag - ok
16:04:58.0984 3872 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:04:58.0984 3872 Atmarpc - ok
16:04:59.0015 3872 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:04:59.0015 3872 AudioSrv - ok
16:04:59.0046 3872 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:04:59.0046 3872 audstub - ok
16:04:59.0140 3872 [ 1992c2a1867d95aa3a0802539358d162 ] Autodesk Content Service C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
16:04:59.0140 3872 Autodesk Content Service - ok
16:04:59.0203 3872 [ d63d83659eedf60b3a3e620281a888e5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:04:59.0218 3872 AVGIDSHX - ok
16:04:59.0250 3872 [ dda6a2a18841e4c9172bb85958b8d948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:04:59.0250 3872 Avgldx86 - ok
16:04:59.0265 3872 [ ccdd61545aaea265977e4b1efdc74e8c ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:04:59.0265 3872 Avgmfx86 - ok
16:04:59.0296 3872 [ 1fd90b28d2c3100bf4500199c8ad6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:04:59.0312 3872 Avgrkx86 - ok
16:04:59.0421 3872 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:04:59.0421 3872 avgwd - ok
16:04:59.0468 3872 [ 2acf06176b9d011567d7f25b83ddd066 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:04:59.0468 3872 b57w2k - ok
16:04:59.0484 3872 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:04:59.0484 3872 Beep - ok
16:04:59.0734 3872 [ e685ba3267c5a4ec4ce9e2b4a1481725 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
16:04:59.0734 3872 BHDrvx86 - ok
16:04:59.0890 3872 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:05:00.0078 3872 BITS - ok
16:05:00.0125 3872 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll
16:05:00.0140 3872 Browser - ok
16:05:00.0296 3872 catchme - ok
16:05:00.0328 3872 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:05:00.0375 3872 cbidf2k - ok
16:05:00.0390 3872 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:05:00.0437 3872 CCDECODE - ok
16:05:00.0578 3872 [ 599e7f6259a127c174c49938d2aa6a60 ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1307000.009\ccSetx86.sys
16:05:00.0578 3872 ccSet_NIS - ok
16:05:00.0593 3872 cd20xrnt - ok
16:05:00.0625 3872 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:05:00.0625 3872 Cdaudio - ok
16:05:00.0656 3872 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:05:00.0671 3872 Cdfs - ok
16:05:00.0703 3872 [ 4b0a100eaf5c49ef3cca8c641431eacc ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:05:00.0703 3872 Cdrom - ok
16:05:00.0718 3872 Changer - ok
16:05:00.0765 3872 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:05:00.0765 3872 CiSvc - ok
16:05:00.0796 3872 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:05:00.0812 3872 ClipSrv - ok
16:05:01.0000 3872 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:01.0234 3872 clr_optimization_v2.0.50727_32 - ok
16:05:01.0265 3872 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:01.0343 3872 clr_optimization_v4.0.30319_32 - ok
16:05:01.0359 3872 CmdIde - ok
16:05:01.0359 3872 COMSysApp - ok
16:05:01.0375 3872 Cpqarray - ok
16:05:01.0421 3872 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:05:01.0421 3872 CryptSvc - ok
16:05:01.0437 3872 dac2w2k - ok
16:05:01.0437 3872 dac960nt - ok
16:05:01.0484 3872 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:05:01.0484 3872 DcomLaunch - ok
16:05:01.0562 3872 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:05:01.0562 3872 Dhcp - ok
16:05:01.0593 3872 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:05:01.0640 3872 Disk - ok
16:05:01.0640 3872 dmadmin - ok
16:05:01.0890 3872 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:05:02.0203 3872 dmboot - ok
16:05:02.0343 3872 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:05:02.0390 3872 dmio - ok
16:05:02.0421 3872 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:05:02.0421 3872 dmload - ok
16:05:02.0468 3872 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:05:02.0468 3872 dmserver - ok
16:05:02.0515 3872 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:05:02.0515 3872 DMusic - ok
16:05:02.0562 3872 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:05:02.0562 3872 Dnscache - ok
16:05:02.0625 3872 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:05:02.0671 3872 Dot3svc - ok
16:05:02.0671 3872 dpti2o - ok
16:05:02.0734 3872 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:05:02.0734 3872 drmkaud - ok
16:05:02.0781 3872 [ 324c45e9539d60284afc8a0d927fb8f7 ] e2eVAWdm C:\WINDOWS\system32\DRIVERS\VAud_WDM.sys
16:05:02.0875 3872 e2eVAWdm - ok
16:05:02.0890 3872 EagleXNt - ok
16:05:02.0968 3872 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:05:03.0031 3872 EapHost - ok
16:05:03.0234 3872 [ 579a6b6135d32b857faf0e3a974535d8 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:05:03.0250 3872 eeCtrl - ok
16:05:03.0296 3872 [ 028d50f059bd0d2ccb209e9011b9a9a4 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:05:03.0296 3872 EraserUtilRebootDrv - ok
16:05:03.0359 3872 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:05:03.0359 3872 ERSvc - ok
16:05:03.0437 3872 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:05:03.0437 3872 Eventlog - ok
16:05:03.0562 3872 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
16:05:03.0593 3872 EventSystem - ok
16:05:03.0703 3872 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:05:03.0781 3872 Fastfat - ok
16:05:03.0828 3872 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:05:03.0828 3872 FastUserSwitchingCompatibility - ok
16:05:03.0843 3872 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:05:03.0843 3872 Fdc - ok
16:05:03.0906 3872 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:05:03.0906 3872 Fips - ok
16:05:04.0156 3872 [ 73081cf28f0ae20a52ca4f67cee6e6b0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:05:04.0328 3872 FLEXnet Licensing Service - ok
16:05:04.0343 3872 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:05:04.0359 3872 Flpydisk - ok
16:05:04.0437 3872 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:05:04.0468 3872 FltMgr - ok
16:05:04.0531 3872 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:05:04.0562 3872 FontCache3.0.0.0 - ok
16:05:04.0609 3872 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:05:04.0609 3872 Fs_Rec - ok
16:05:04.0671 3872 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:05:04.0734 3872 Ftdisk - ok
16:05:04.0781 3872 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:05:04.0796 3872 GEARAspiWDM - ok
16:05:04.0812 3872 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:05:04.0812 3872 Gpc - ok
16:05:04.0890 3872 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:05:04.0890 3872 gupdate - ok
16:05:04.0890 3872 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:05:04.0890 3872 gupdatem - ok
16:05:04.0984 3872 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:05:05.0031 3872 gusvc - ok
16:05:05.0062 3872 [ 833051c6c6c42117191935f734cfbd97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
16:05:05.0062 3872 hamachi - ok
16:05:05.0281 3872 [ f31d7f8a7699575dbb3b3a3ab4aa6216 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
16:05:05.0484 3872 Hamachi2Svc - ok
16:05:05.0578 3872 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:05:05.0578 3872 helpsvc - ok
16:05:05.0656 3872 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:05:05.0656 3872 HidServ - ok
16:05:05.0687 3872 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:05:05.0687 3872 hidusb - ok
16:05:05.0734 3872 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:05:05.0734 3872 hkmsvc - ok
16:05:05.0750 3872 hpn - ok
16:05:05.0828 3872 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:05:05.0828 3872 HTTP - ok
16:05:05.0843 3872 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:05:05.0843 3872 HTTPFilter - ok
16:05:05.0859 3872 i2omgmt - ok
16:05:05.0859 3872 i2omp - ok
16:05:05.0875 3872 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
16:05:05.0875 3872 i8042prt - ok
16:05:05.0968 3872 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:05:06.0015 3872 IDriverT - ok
16:05:06.0140 3872 [ 69191bd7fcb01a7dcbe65cb684a962f7 ] IDriveService C:\Program Files\IDriveWindows\idwservice_501.exe
16:05:06.0140 3872 IDriveService - ok
16:05:06.0421 3872 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:05:06.0531 3872 idsvc - ok
16:05:06.0703 3872 [ cfbc1ce72e5353d428704659199147b1 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120211.002\IDSxpx86.sys
16:05:06.0765 3872 IDSxpx86 - ok
16:05:06.0875 3872 [ c135bff15563592b8ea070ea109967f7 ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
16:05:06.0890 3872 IHA_MessageCenter - ok
16:05:06.0906 3872 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:05:06.0906 3872 Imapi - ok
16:05:06.0953 3872 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:05:06.0953 3872 ImapiService - ok
16:05:06.0968 3872 ini910u - ok
16:05:07.0000 3872 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:05:07.0015 3872 IntelIde - ok
16:05:07.0078 3872 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:05:07.0078 3872 intelppm - ok
16:05:07.0109 3872 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:05:07.0125 3872 Ip6Fw - ok
16:05:07.0140 3872 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:05:07.0156 3872 IpFilterDriver - ok
16:05:07.0187 3872 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:05:07.0187 3872 IpInIp - ok
16:05:07.0218 3872 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:05:07.0218 3872 IpNat - ok
16:05:07.0250 3872 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:05:07.0250 3872 IPSec - ok
16:05:07.0296 3872 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:05:07.0296 3872 IRENUM - ok
16:05:07.0328 3872 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:05:07.0359 3872 isapnp - ok
16:05:07.0531 3872 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:05:07.0546 3872 JavaQuickStarterService - ok
16:05:07.0562 3872 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:05:07.0562 3872 Kbdclass - ok
16:05:07.0593 3872 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:05:07.0593 3872 kbdhid - ok
16:05:07.0687 3872 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:05:07.0718 3872 kmixer - ok
16:05:07.0781 3872 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:05:07.0781 3872 KSecDD - ok
16:05:07.0843 3872 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:05:07.0843 3872 lanmanserver - ok
16:05:07.0890 3872 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:05:07.0890 3872 lanmanworkstation - ok
16:05:07.0906 3872 lbrtfdc - ok
16:05:07.0937 3872 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:05:07.0937 3872 LmHosts - ok
16:05:08.0031 3872 [ a3e700d78eec390f1208098cdca5c6b6 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
16:05:08.0046 3872 MarvinBus - ok
16:05:08.0046 3872 MAUSBMICRO - ok
16:05:08.0140 3872 [ f453d1e6d881e8f8717e20ccd4199e85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
16:05:08.0156 3872 McComponentHostService - ok
16:05:08.0203 3872 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:05:08.0218 3872 Messenger - ok
16:05:08.0593 3872 Microsoft SharePoint Workspace Audit Service - ok
16:05:08.0625 3872 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:05:08.0625 3872 mnmdd - ok
16:05:08.0671 3872 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:05:08.0671 3872 mnmsrvc - ok
16:05:08.0718 3872 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:05:08.0734 3872 Modem - ok
16:05:08.0750 3872 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:05:08.0750 3872 Mouclass - ok
16:05:08.0796 3872 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:05:08.0796 3872 mouhid - ok
16:05:08.0890 3872 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:05:08.0921 3872 MountMgr - ok
16:05:08.0968 3872 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:05:08.0984 3872 MozillaMaintenance - ok
16:05:09.0000 3872 mraid35x - ok
16:05:09.0031 3872 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:05:09.0031 3872 MRxDAV - ok
16:05:09.0125 3872 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:05:09.0140 3872 MRxSmb - ok
16:05:09.0218 3872 [ b03e3f64b70f8031e65eb26da23de91a ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
16:05:09.0250 3872 MSCamSvc - ok
16:05:09.0296 3872 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:05:09.0312 3872 MSDTC - ok
16:05:09.0328 3872 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:05:09.0328 3872 Msfs - ok
16:05:09.0359 3872 [ 7a0f9cbdbdb135113b9a3c138e20c85d ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
16:05:09.0359 3872 MSHUSBVideo - ok
16:05:09.0375 3872 MSIServer - ok
16:05:09.0406 3872 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:05:09.0406 3872 MSKSSRV - ok
16:05:09.0453 3872 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:05:09.0500 3872 MSPCLOCK - ok
16:05:09.0515 3872 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:05:09.0531 3872 MSPQM - ok
16:05:09.0578 3872 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:05:09.0578 3872 mssmbios - ok
16:05:09.0593 3872 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:05:09.0609 3872 MSTEE - ok
16:05:09.0656 3872 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:05:09.0656 3872 Mup - ok
16:05:09.0703 3872 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:05:09.0734 3872 NABTSFEC - ok
16:05:09.0875 3872 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:05:09.0890 3872 napagent - ok
16:05:10.0125 3872 [ 862f55824ac81295837b0ab63f91071f ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120213.002\NAVENG.SYS
16:05:10.0140 3872 NAVENG - ok
16:05:10.0500 3872 [ 529d571b551cb9da44237389b936f1ae ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120213.002\NAVEX15.SYS
16:05:10.0625 3872 NAVEX15 - ok
16:05:10.0656 3872 [ fef36e73e1476fde8435144111125f3e ] NCHSSVAD C:\WINDOWS\system32\drivers\nchssvad.sys
16:05:10.0671 3872 NCHSSVAD - ok
16:05:10.0750 3872 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:05:10.0781 3872 NDIS - ok
16:05:10.0812 3872 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:05:10.0828 3872 NdisIP - ok
16:05:10.0843 3872 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:05:10.0859 3872 NdisTapi - ok
16:05:10.0890 3872 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:05:10.0890 3872 Ndisuio - ok
16:05:10.0921 3872 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:05:10.0921 3872 NdisWan - ok
16:05:10.0953 3872 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:05:10.0953 3872 NDProxy - ok
16:05:11.0000 3872 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:05:11.0000 3872 NetBIOS - ok
16:05:11.0046 3872 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:05:11.0046 3872 NetBT - ok
16:05:11.0093 3872 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
16:05:11.0093 3872 NetDDE - ok
16:05:11.0109 3872 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:05:11.0109 3872 NetDDEdsdm - ok
16:05:11.0140 3872 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:05:11.0140 3872 Netlogon - ok
16:05:11.0218 3872 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
16:05:11.0218 3872 Netman - ok
16:05:11.0281 3872 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:05:11.0343 3872 NetTcpPortSharing - ok
16:05:11.0421 3872 [ c6948f034d7edabcfa2234d399fc78bc ] NIS C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
16:05:11.0421 3872 NIS - ok
16:05:11.0484 3872 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:05:11.0484 3872 Nla - ok
16:05:11.0531 3872 [ b5efddcd8a686c4999afd1d7ec29fa12 ] nlsX86cc C:\WINDOWS\system32\NlsSrv32.exe
16:05:11.0531 3872 nlsX86cc - ok
16:05:11.0593 3872 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:05:11.0593 3872 Npfs - ok
16:05:11.0812 3872 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:05:11.0875 3872 Ntfs - ok
16:05:11.0953 3872 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:05:11.0968 3872 NtLmSsp - ok
16:05:12.0093 3872 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:05:12.0156 3872 NtmsSvc - ok
16:05:12.0171 3872 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
16:05:12.0171 3872 Null - ok
16:05:12.0234 3872 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:05:12.0265 3872 NwlnkFlt - ok
16:05:12.0265 3872 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:05:12.0281 3872 NwlnkFwd - ok
16:05:12.0390 3872 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:05:12.0421 3872 ose - ok
16:05:12.0859 3872 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:05:13.0062 3872 osppsvc - ok
16:05:13.0125 3872 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:05:13.0125 3872 Parport - ok
16:05:13.0171 3872 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:05:13.0203 3872 PartMgr - ok
16:05:13.0234 3872 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:05:13.0234 3872 ParVdm - ok
16:05:13.0312 3872 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:05:13.0343 3872 PCI - ok
16:05:13.0359 3872 PCIDump - ok
16:05:13.0375 3872 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:05:13.0375 3872 PCIIde - ok
16:05:13.0406 3872 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:05:13.0437 3872 Pcmcia - ok
16:05:13.0437 3872 PDCOMP - ok
16:05:13.0453 3872 PDFRAME - ok
16:05:13.0453 3872 PDRELI - ok
16:05:13.0468 3872 PDRFRAME - ok
16:05:13.0468 3872 perc2 - ok
16:05:13.0484 3872 perc2hib - ok
16:05:13.0531 3872 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:05:13.0562 3872 PlugPlay - ok
16:05:13.0593 3872 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:05:13.0593 3872 PolicyAgent - ok
16:05:13.0640 3872 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:05:13.0640 3872 PptpMiniport - ok
16:05:13.0640 3872 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:05:13.0640 3872 ProtectedStorage - ok
16:05:13.0687 3872 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:05:13.0703 3872 PSched - ok
16:05:13.0734 3872 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:05:13.0734 3872 Ptilink - ok
16:05:13.0750 3872 ql1080 - ok
16:05:13.0750 3872 Ql10wnt - ok
16:05:13.0765 3872 ql12160 - ok
16:05:13.0765 3872 ql1240 - ok
16:05:13.0781 3872 ql1280 - ok
16:05:13.0812 3872 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:05:13.0812 3872 RasAcd - ok
16:05:13.0843 3872 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:05:13.0843 3872 RasAuto - ok
16:05:13.0859 3872 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:05:13.0859 3872 Rasl2tp - ok
16:05:13.0906 3872 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:05:13.0906 3872 RasMan - ok
16:05:13.0921 3872 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:05:13.0921 3872 RasPppoe - ok
16:05:13.0953 3872 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:05:13.0953 3872 Raspti - ok
16:05:14.0031 3872 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:05:14.0031 3872 Rdbss - ok
16:05:14.0046 3872 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:05:14.0046 3872 RDPCDD - ok
16:05:14.0093 3872 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:05:14.0093 3872 rdpdr - ok
16:05:14.0156 3872 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:05:14.0156 3872 RDPWD - ok
16:05:14.0203 3872 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:05:14.0218 3872 RDSessMgr - ok
16:05:14.0234 3872 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:05:14.0234 3872 redbook - ok
16:05:14.0265 3872 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:05:14.0281 3872 RemoteAccess - ok
16:05:14.0296 3872 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:05:14.0296 3872 RemoteRegistry - ok
16:05:14.0453 3872 [ f17713d108aca124a139fde877eef68a ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
16:05:14.0453 3872 RimUsb - ok
16:05:14.0484 3872 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
16:05:14.0484 3872 RpcLocator - ok
16:05:14.0562 3872 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:05:14.0578 3872 RpcSs - ok
16:05:14.0609 3872 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:05:14.0609 3872 RSVP - ok
16:05:14.0625 3872 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:05:14.0625 3872 SamSs - ok
16:05:14.0656 3872 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:05:14.0687 3872 SCardSvr - ok
16:05:14.0718 3872 [ 9feb2026a460916d1a1198b460632630 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
16:05:14.0718 3872 SCDEmu - ok
16:05:14.0781 3872 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:05:14.0781 3872 Schedule - ok
16:05:14.0812 3872 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:05:14.0812 3872 Secdrv - ok
16:05:14.0828 3872 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:05:14.0828 3872 seclogon - ok
16:05:14.0953 3872 [ b9c7617c1e8ab6fdff75d3c8dafcb4c8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
16:05:14.0953 3872 senfilt - ok
16:05:14.0968 3872 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
16:05:14.0968 3872 SENS - ok
16:05:15.0000 3872 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:05:15.0000 3872 serenum - ok
16:05:15.0015 3872 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:05:15.0015 3872 Serial - ok
16:05:15.0093 3872 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:05:15.0093 3872 Sfloppy - ok
16:05:15.0156 3872 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:05:15.0156 3872 SharedAccess - ok
16:05:15.0187 3872 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:05:15.0187 3872 ShellHWDetection - ok
16:05:15.0187 3872 Simbad - ok
16:05:15.0656 3872 [ 0f97e7a47a52f4a36969f0fc319654c2 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:05:15.0671 3872 Skype C2C Service - ok
16:05:15.0781 3872 [ ddaa5f4a6b958fc313ebd02dd925752f ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:05:15.0781 3872 SkypeUpdate - ok
16:05:15.0796 3872 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:05:15.0828 3872 SLIP - ok
16:05:15.0875 3872 [ 0066ff77aeb4ae70066f7e94d5a6d866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:05:15.0875 3872 smwdm - ok
16:05:15.0890 3872 Sparrow - ok
16:05:15.0906 3872 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:05:15.0921 3872 splitter - ok
16:05:15.0953 3872 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:05:15.0953 3872 Spooler - ok
16:05:16.0015 3872 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:05:16.0015 3872 sr - ok
16:05:16.0093 3872 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:05:16.0093 3872 srservice - ok
16:05:16.0218 3872 [ c16d048faf2978d2121f9f40594a6bdc ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1306020.00A\SRTSP.SYS
16:05:16.0234 3872 SRTSP - ok
16:05:16.0281 3872 [ 0cc3a10f363436c7b478419eb73f8d91 ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1307000.009\SRTSPX.SYS
16:05:16.0281 3872 SRTSPX - ok
16:05:16.0343 3872 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:05:16.0343 3872 Srv - ok
16:05:16.0406 3872 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:05:16.0406 3872 SSDPSRV - ok
16:05:16.0484 3872 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:05:16.0500 3872 stisvc - ok
16:05:16.0515 3872 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:05:16.0531 3872 streamip - ok
16:05:16.0625 3872 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:05:16.0625 3872 swenum - ok
16:05:16.0718 3872 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:05:16.0781 3872 SwitchBoard - ok
16:05:16.0796 3872 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:05:16.0828 3872 swmidi - ok
16:05:16.0843 3872 SwPrv - ok
16:05:16.0859 3872 symc810 - ok
16:05:16.0859 3872 symc8xx - ok
16:05:17.0031 3872 [ 690fa0e61b90084c4d9a721bd4f3d779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMDS.SYS
16:05:17.0062 3872 SymDS - ok
16:05:17.0093 3872 [ 4e55148a2e044d02245cbcdbb266b98c ] SymEFA C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMEFA.SYS
16:05:17.0125 3872 SymEFA - ok
16:05:17.0187 3872 [ 555fb450fe6908600310e990738b41d6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:05:17.0187 3872 SymEvent - ok
16:05:17.0218 3872 [ 2c356cca706505cf63cbe39d532b9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1307000.009\Ironx86.SYS
16:05:17.0234 3872 SymIRON - ok
16:05:17.0312 3872 [ 508bd882040f9cb12319e3a4fc78edb9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1306020.00A\SYMTDI.SYS
16:05:17.0328 3872 SYMTDI - ok
16:05:17.0328 3872 sym_hi - ok
16:05:17.0328 3872 sym_u3 - ok
16:05:17.0359 3872 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:05:17.0359 3872 sysaudio - ok
16:05:17.0406 3872 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:05:17.0406 3872 SysmonLog - ok
16:05:17.0484 3872 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:05:17.0484 3872 TapiSrv - ok
16:05:17.0562 3872 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:05:17.0562 3872 Tcpip - ok
16:05:17.0593 3872 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:05:17.0593 3872 TDPIPE - ok
16:05:17.0609 3872 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:05:17.0625 3872 TDTCP - ok
16:05:17.0640 3872 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:05:17.0640 3872 TermDD - ok
16:05:17.0671 3872 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
16:05:17.0703 3872 TermService - ok
16:05:17.0718 3872 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
16:05:17.0734 3872 Themes - ok
16:05:17.0765 3872 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:05:17.0781 3872 TlntSvr - ok
16:05:17.0781 3872 TosIde - ok
16:05:17.0843 3872 [ 409a577fd5781c717e55a28717514c58 ] TPkd C:\WINDOWS\system32\drivers\TPkd.sys
16:05:17.0843 3872 TPkd - ok
16:05:17.0906 3872 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:05:17.0906 3872 TrkWks - ok
16:05:17.0937 3872 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:05:17.0953 3872 Udfs - ok
16:05:17.0968 3872 ultra - ok
16:05:18.0000 3872 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:05:18.0000 3872 Update - ok
16:05:18.0046 3872 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:05:18.0093 3872 upnphost - ok
16:05:18.0125 3872 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
16:05:18.0125 3872 UPS - ok
16:05:18.0156 3872 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:05:18.0156 3872 usbaudio - ok
16:05:18.0203 3872 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:05:18.0203 3872 usbccgp - ok
16:05:18.0234 3872 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:05:18.0234 3872 usbehci - ok
16:05:18.0265 3872 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:05:18.0265 3872 usbhub - ok
16:05:18.0296 3872 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:05:18.0296 3872 usbprint - ok
16:05:18.0328 3872 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:05:18.0328 3872 usbscan - ok
16:05:18.0343 3872 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:05:18.0343 3872 usbstor - ok
16:05:18.0359 3872 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:05:18.0359 3872 usbuhci - ok
16:05:18.0406 3872 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
16:05:18.0406 3872 usbvideo - ok
16:05:18.0562 3872 [ f123635574be90c614bbf19115242e6f ] VASDeviceDrm C:\WINDOWS\system32\drivers\vasdDev.sys
16:05:18.0593 3872 VASDeviceDrm - ok
16:05:18.0656 3872 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:05:18.0656 3872 VgaSave - ok
16:05:18.0656 3872 ViaIde - ok
16:05:18.0734 3872 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:05:18.0734 3872 VolSnap - ok
16:05:18.0796 3872 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
16:05:18.0812 3872 VSS - ok
16:05:18.0828 3872 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
16:05:18.0828 3872 W32Time - ok
16:05:18.0859 3872 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:05:18.0859 3872 Wanarp - ok
16:05:18.0859 3872 WDICA - ok
16:05:18.0890 3872 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:05:18.0890 3872 wdmaud - ok
16:05:18.0921 3872 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:05:18.0921 3872 WebClient - ok
16:05:19.0031 3872 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:05:19.0031 3872 winmgmt - ok
16:05:19.0078 3872 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:05:19.0093 3872 WmdmPmSN - ok
16:05:19.0140 3872 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:05:19.0140 3872 Wmi - ok
16:05:19.0171 3872 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:05:19.0187 3872 WmiApSrv - ok
16:05:19.0234 3872 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:05:19.0234 3872 WpdUsb - ok
16:05:19.0343 3872 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:05:19.0343 3872 WPFFontCache_v0400 - ok
16:05:19.0375 3872 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:05:19.0375 3872 WS2IFSL - ok
16:05:19.0437 3872 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:05:19.0437 3872 wscsvc - ok
16:05:19.0468 3872 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:05:19.0468 3872 WSTCODEC - ok
16:05:19.0500 3872 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:05:19.0515 3872 wuauserv - ok
16:05:19.0562 3872 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:05:19.0562 3872 WudfPf - ok
16:05:19.0609 3872 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:05:19.0609 3872 WudfRd - ok
16:05:19.0640 3872 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:05:19.0640 3872 WudfSvc - ok
16:05:19.0703 3872 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:05:19.0734 3872 WZCSVC - ok
16:05:19.0765 3872 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:05:19.0812 3872 xmlprov - ok
16:05:19.0828 3872 ================ Scan global ===============================
16:05:19.0875 3872 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
16:05:19.0921 3872 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
16:05:19.0937 3872 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
16:05:19.0984 3872 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:05:19.0984 3872 [Global] - ok
16:05:19.0984 3872 ================ Scan MBR ==================================
16:05:20.0046 3872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:05:24.0062 3872 Suspicious mbr (NoAccess): \Device\Harddisk0\DR0
16:05:25.0500 3872 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
16:05:25.0500 3872 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
16:05:25.0515 3872 ================ Scan VBR ==================================
16:05:25.0515 3872 Boot (0x1200) (a6df9e3a162105ac8c71a6ec86eb167f) \Device\Harddisk0\DR0\Partition1
16:05:25.0515 3872 \Device\Harddisk0\DR0\Partition1 - ok
16:05:25.0515 3872 ============================================================
16:05:25.0515 3872 Scan finished
16:05:25.0515 3872 ============================================================
16:05:25.0531 3864 Detected object count: 1
16:05:25.0531 3864 Actual detected object count: 1
16:05:44.0843 3864 \Device\Harddisk0\DR0\# - copied to quarantine
16:05:44.0843 3864 \Device\Harddisk0\DR0 - copied to quarantine
16:05:48.0937 3864 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
16:05:48.0953 3864 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
16:05:48.0953 3864 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
16:05:48.0953 3864 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
16:05:48.0953 3864 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
16:05:48.0953 3864 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
16:05:48.0953 3864 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
16:05:49.0015 3864 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
16:05:49.0015 3864 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
16:05:49.0015 3864 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:05:49.0015 3864 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:05:49.0046 3864 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:05:49.0062 3864 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:05:49.0062 3864 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
16:05:49.0062 3864 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
16:05:49.0062 3864 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
16:05:49.0062 3864 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
16:05:49.0078 3864 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
16:05:49.0078 3864 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
16:05:49.0078 3864 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
16:05:49.0140 3864 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
16:05:49.0140 3864 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
16:05:49.0156 3864 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
16:05:49.0156 3864 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
16:05:49.0406 3864 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
16:05:49.0531 3864 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
16:05:49.0531 3864 \Device\Harddisk0\DR0 - ok
16:05:49.0531 3864 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
16:05:59.0515 3708 Deinitialize success

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:25 AM

Posted 18 August 2012 - 03:16 PM

Restart the PC and run other scans :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users