Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible TDSS Bot


  • This topic is locked This topic is locked
6 replies to this topic

#1 sausage

sausage

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado
  • Local time:08:06 AM

Posted 24 March 2013 - 05:47 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Administrator at 15:41:57 on 2013-03-24
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.996 [GMT -7:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070531
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070531
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0839F0A1-4D68-472A-BBB8-08FA530581CF} - hxxp://ac-cps1/centricityps/Install/MBCINSTaller80.dll
DPF: {1775C736-387B-427C-8BA2-301C387F072D} - hxxp://ac-cps1/centricityps/Install/Centricity06/Centricity06.cab
DPF: {2A381B60-9915-45D3-8DDD-54628BDBF720} - hxxp://ac-cps1/centricityps/Install/CentricityRTE06/CentricityRTE06.cab
DPF: {618A7CC9-B131-468E-99AE-2575D033497F} - hxxp://ac-cps1/centricityps/Install/CPS_2006_Client/CPS_2006_Client.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://gehciits.webex.com/client/T25L/training/ieatgpc.cab
DPF: {E2866480-BB37-4492-B313-CAA3E22128EA} - hxxp://ac-cps1/demo/Install/CPS_2006_Client/CPS_2006_Client.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{B6A2AEA5-F493-4EC6-B311-37E7D5AD37DE} : DHCPNameServer = 192.168.0.1 205.171.2.25
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2013-2-23 439632]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-22 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110810.003\naveng.sys [2011-8-22 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110810.003\navex15.sys [2011-8-22 1576312]
S3 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
.
=============== Created Last 30 ================
.
2013-03-24 02:31:01 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-13 17:09:46 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-13 17:09:46 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-02-23 17:54:57 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro
2013-02-23 17:44:49 -------- d-----w- c:\program files\WinPcap
2013-02-23 17:44:36 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M  ====================
.
2013-03-24 02:35:33 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-06 05:34:35 6009856 ------w- c:\windows\system32\SET2DD.tmp
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 15:42:47.79 ===============


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 AM

Posted 24 March 2013 - 06:01 PM


Hello sausage



These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sausage

sausage
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado
  • Local time:08:06 AM

Posted 27 March 2013 - 10:02 PM

Hello!

 

Sorry for the delay, as this is not my computer I have limited access to it and replies will take a bit longer.

 

I will be running AdwCleaner after I post this, but as it takes a while and I may not be able to use this computer for a little while, I figure you should have these logs to look over until I get a chance to get you the AdwCleaner log.

 

checkup.txt:

 

 

 Results of screen317's Security Check version 0.99.61  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 24  
 Java™ 6 Update 2  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Symantec AntiVirus DefWatch.exe   
 Symantec AntiVirus SavRoam.exe   
 Symantec AntiVirus Rtvscan.exe   
 Trend Micro RUBotted RUBotSrv.exe  
 Trend Micro RUBotted RUBottedGUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 10% 
````````````````````End of Log`````````````````````` 
 
RKReport[1]_D_03272013_02d1953.txt
 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 03/27/2013 19:53:20
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x89C6DA50)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x89AAB230)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x89C9EA78)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89C57C30)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x89CF2AC0)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89C30560)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x89C7DCD0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x89CD67A0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x89CC5C80)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x89CC5288)
SSDT[114] : NtOpenEvent @ 0x8060F0D6 -> HOOKED (Unknown @ 0x89CD66A0)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x89CB5570)
SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x8A72DCC0)
SSDT[177] : NtQueryValueKey @ 0x80622384 -> HOOKED (Unknown @ 0x89CB8AF0)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x89D31880)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x89C0FD80)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x89D56620)
SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x89C7E550)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x89CD7008)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x89C786D8)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89CC8F68)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x89C71968)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x89C6E2C0)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89CBF920)
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST3808110AS +++++
--- User ---
[MBR] 21a077493bb434797a4ffe95c779f879
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 76230 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[4]_D_03272013_02d1953.txt >>
RKreport[1]_S_03232013_02d1744.txt ; RKreport[2]_D_03232013_02d1745.txt ; RKreport[3]_S_03272013_02d1952.txt ; RKreport[4]_D_03272013_02d1953.txt
 
Also, I know I'm not supposed to run anything before you tell me, but I ran TDSSKiller to see if it would find anything, with no intention of deleting anything.  I left while it scanned and I guess my mother cured the threat it found:
 

17:48:01.0765 2716  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:48:02.0187 2716  ============================================================
17:48:02.0187 2716  Current date / time: 2013/03/23 17:48:02.0187
17:48:02.0187 2716  SystemInfo:
17:48:02.0187 2716  
17:48:02.0187 2716  OS Version: 5.1.2600 ServicePack: 3.0
17:48:02.0187 2716  Product type: Workstation
17:48:02.0187 2716  ComputerName: WK-08
17:48:02.0187 2716  UserName: Administrator
17:48:02.0187 2716  Windows directory: C:\WINDOWS
17:48:02.0187 2716  System windows directory: C:\WINDOWS
17:48:02.0187 2716  Processor architecture: Intel x86
17:48:02.0187 2716  Number of processors: 2
17:48:02.0187 2716  Page size: 0x1000
17:48:02.0187 2716  Boot type: Normal boot
17:48:02.0187 2716  ============================================================
17:48:02.0687 2716  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:48:02.0687 2716  ============================================================
17:48:02.0687 2716  \Device\Harddisk0\DR0:
17:48:02.0687 2716  MBR partitions:
17:48:02.0687 2716  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x94E3276
17:48:02.0687 2716  ============================================================
17:48:02.0718 2716  C: <-> \Device\Harddisk0\DR0\Partition1
17:48:02.0718 2716  ============================================================
17:48:02.0718 2716  Initialize success
17:48:02.0718 2716  ============================================================
17:48:03.0703 3264  ============================================================
17:48:03.0703 3264  Scan started
17:48:03.0703 3264  Mode: Manual; 
17:48:03.0703 3264  ============================================================
17:48:04.0234 3264  ================ Scan system memory ========================
17:48:05.0562 3264  System memory - ok
17:48:05.0562 3264  ================ Scan services =============================
17:48:05.0640 3264  Abiosdsk - ok
17:48:05.0656 3264  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:48:05.0656 3264  abp480n5 - ok
17:48:05.0703 3264  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:48:05.0703 3264  ACPI - ok
17:48:05.0734 3264  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:48:05.0734 3264  ACPIEC - ok
17:48:05.0734 3264  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:48:05.0734 3264  adpu160m - ok
17:48:05.0781 3264  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:48:05.0781 3264  aec - ok
17:48:05.0812 3264  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:48:05.0828 3264  AFD - ok
17:48:05.0859 3264  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
17:48:05.0859 3264  agp440 - ok
17:48:05.0890 3264  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:48:05.0890 3264  agpCPQ - ok
17:48:05.0906 3264  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:48:05.0906 3264  Aha154x - ok
17:48:05.0921 3264  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:48:05.0921 3264  aic78u2 - ok
17:48:05.0937 3264  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:48:05.0937 3264  aic78xx - ok
17:48:05.0968 3264  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:48:05.0968 3264  Alerter - ok
17:48:06.0000 3264  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
17:48:06.0015 3264  ALG - ok
17:48:06.0046 3264  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
17:48:06.0046 3264  AliIde - ok
17:48:06.0078 3264  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:48:06.0078 3264  alim1541 - ok
17:48:06.0078 3264  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:48:06.0078 3264  amdagp - ok
17:48:06.0078 3264  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
17:48:06.0093 3264  amsint - ok
17:48:06.0125 3264  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:48:06.0125 3264  AppMgmt - ok
17:48:06.0156 3264  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
17:48:06.0156 3264  asc - ok
17:48:06.0156 3264  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:48:06.0171 3264  asc3350p - ok
17:48:06.0171 3264  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:48:06.0171 3264  asc3550 - ok
17:48:06.0281 3264  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
17:48:06.0281 3264  aspnet_state - ok
17:48:06.0328 3264  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:48:06.0328 3264  AsyncMac - ok
17:48:06.0343 3264  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:48:06.0343 3264  atapi - ok
17:48:06.0343 3264  Atdisk - ok
17:48:06.0359 3264  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:48:06.0359 3264  Atmarpc - ok
17:48:06.0406 3264  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:48:06.0406 3264  AudioSrv - ok
17:48:06.0468 3264  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:48:06.0468 3264  audstub - ok
17:48:06.0484 3264  [ BB1A2A73F993B623F99E03ED2F9E014C ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:48:06.0484 3264  b57w2k - ok
17:48:06.0500 3264  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:48:06.0500 3264  Beep - ok
17:48:06.0562 3264  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:48:06.0593 3264  BITS - ok
17:48:06.0625 3264  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
17:48:06.0625 3264  Browser - ok
17:48:06.0656 3264  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:48:06.0656 3264  cbidf - ok
17:48:06.0656 3264  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:48:06.0656 3264  cbidf2k - ok
17:48:06.0734 3264  [ 04945313BC60488E0C14AD1167160659 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
17:48:06.0734 3264  ccEvtMgr - ok
17:48:06.0796 3264  [ 2203161EC24C210D51DB69C604F4A504 ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
17:48:06.0796 3264  ccSetMgr - ok
17:48:06.0828 3264  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:48:06.0828 3264  cd20xrnt - ok
17:48:06.0843 3264  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:48:06.0843 3264  Cdaudio - ok
17:48:06.0890 3264  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:48:06.0890 3264  Cdfs - ok
17:48:06.0906 3264  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:48:06.0906 3264  Cdrom - ok
17:48:06.0906 3264  Changer - ok
17:48:06.0937 3264  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:48:06.0937 3264  CiSvc - ok
17:48:06.0953 3264  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:48:06.0953 3264  ClipSrv - ok
17:48:06.0984 3264  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:48:06.0984 3264  CmdIde - ok
17:48:06.0984 3264  COMSysApp - ok
17:48:07.0015 3264  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:48:07.0015 3264  Cpqarray - ok
17:48:07.0046 3264  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:48:07.0062 3264  CryptSvc - ok
17:48:07.0093 3264  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:48:07.0093 3264  dac2w2k - ok
17:48:07.0109 3264  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:48:07.0109 3264  dac960nt - ok
17:48:07.0156 3264  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:48:07.0171 3264  DcomLaunch - ok
17:48:07.0234 3264  [ 9709D3D9E592D3217353F3FAFE29FAA3 ] DefWatch        C:\Program Files\Symantec AntiVirus\DefWatch.exe
17:48:07.0234 3264  DefWatch - ok
17:48:07.0265 3264  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:48:07.0265 3264  Dhcp - ok
17:48:07.0281 3264  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:48:07.0281 3264  Disk - ok
17:48:07.0281 3264  dkab_device - ok
17:48:07.0375 3264  [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:48:07.0375 3264  DLABOIOM - ok
17:48:07.0390 3264  [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:48:07.0390 3264  DLACDBHM - ok
17:48:07.0421 3264  [ 83545593E297F50A8E2524B4C071A153 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
17:48:07.0421 3264  DLADResN - ok
17:48:07.0421 3264  [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:48:07.0421 3264  DLAIFS_M - ok
17:48:07.0437 3264  [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:48:07.0437 3264  DLAOPIOM - ok
17:48:07.0437 3264  [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:48:07.0437 3264  DLAPoolM - ok
17:48:07.0437 3264  [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:48:07.0437 3264  DLARTL_N - ok
17:48:07.0453 3264  [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:48:07.0453 3264  DLAUDFAM - ok
17:48:07.0468 3264  [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:48:07.0468 3264  DLAUDF_M - ok
17:48:07.0468 3264  dmadmin - ok
17:48:07.0515 3264  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:48:07.0515 3264  dmboot - ok
17:48:07.0515 3264  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:48:07.0531 3264  dmio - ok
17:48:07.0531 3264  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:48:07.0531 3264  dmload - ok
17:48:07.0562 3264  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:48:07.0578 3264  dmserver - ok
17:48:07.0593 3264  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:48:07.0593 3264  DMusic - ok
17:48:07.0625 3264  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:48:07.0625 3264  Dnscache - ok
17:48:07.0671 3264  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:48:07.0671 3264  Dot3svc - ok
17:48:07.0687 3264  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:48:07.0687 3264  dpti2o - ok
17:48:07.0703 3264  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:48:07.0703 3264  drmkaud - ok
17:48:07.0703 3264  [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:48:07.0703 3264  DRVMCDB - ok
17:48:07.0703 3264  [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:48:07.0703 3264  DRVNDDM - ok
17:48:07.0718 3264  DSXUSB - ok
17:48:07.0734 3264  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:48:07.0734 3264  E100B - ok
17:48:07.0750 3264  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:48:07.0765 3264  EapHost - ok
17:48:07.0812 3264  [ 8F7DBC4BE48F5388A6FE1F285E7948EF ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:48:07.0812 3264  eeCtrl - ok
17:48:07.0828 3264  [ 3EE14D400E0FDD0D214275A4A20B7022 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:48:07.0828 3264  EraserUtilRebootDrv - ok
17:48:07.0875 3264  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:48:07.0875 3264  ERSvc - ok
17:48:07.0921 3264  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
17:48:07.0921 3264  Eventlog - ok
17:48:07.0968 3264  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
17:48:07.0984 3264  EventSystem - ok
17:48:08.0031 3264  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:48:08.0031 3264  Fastfat - ok
17:48:08.0078 3264  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:48:08.0078 3264  FastUserSwitchingCompatibility - ok
17:48:08.0140 3264  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
17:48:08.0140 3264  Fax - ok
17:48:08.0156 3264  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:48:08.0156 3264  Fdc - ok
17:48:08.0187 3264  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:48:08.0203 3264  Fips - ok
17:48:08.0218 3264  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:48:08.0218 3264  Flpydisk - ok
17:48:08.0250 3264  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:48:08.0250 3264  FltMgr - ok
17:48:08.0265 3264  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:48:08.0265 3264  Fs_Rec - ok
17:48:08.0296 3264  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:48:08.0296 3264  Ftdisk - ok
17:48:08.0328 3264  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:48:08.0328 3264  Gpc - ok
17:48:08.0406 3264  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:48:08.0406 3264  gupdate - ok
17:48:08.0406 3264  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:48:08.0406 3264  gupdatem - ok
17:48:08.0437 3264  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:48:08.0437 3264  HDAudBus - ok
17:48:08.0515 3264  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:48:08.0531 3264  helpsvc - ok
17:48:08.0531 3264  HidServ - ok
17:48:08.0546 3264  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:48:08.0546 3264  HidUsb - ok
17:48:08.0593 3264  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:48:08.0593 3264  hkmsvc - ok
17:48:08.0625 3264  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
17:48:08.0625 3264  hpn - ok
17:48:08.0671 3264  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:48:08.0671 3264  HTTP - ok
17:48:08.0687 3264  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:48:08.0703 3264  HTTPFilter - ok
17:48:08.0734 3264  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
17:48:08.0734 3264  i2omgmt - ok
17:48:08.0765 3264  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:48:08.0765 3264  i2omp - ok
17:48:08.0781 3264  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:48:08.0781 3264  i8042prt - ok
17:48:08.0859 3264  [ B122BE74E283A2BC7FEBC180BFD2EFD5 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:48:08.0859 3264  IAANTMON - ok
17:48:08.0875 3264  [ 019CF5F31C67030841233C545A0E217A ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
17:48:08.0875 3264  iaStor - ok
17:48:08.0968 3264  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:48:08.0968 3264  IDriverT - ok
17:48:09.0000 3264  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:48:09.0000 3264  Imapi - ok
17:48:09.0031 3264  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:48:09.0046 3264  ImapiService - ok
17:48:09.0078 3264  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:48:09.0078 3264  ini910u - ok
17:48:09.0093 3264  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
17:48:09.0093 3264  IntelIde - ok
17:48:09.0140 3264  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:48:09.0140 3264  intelppm - ok
17:48:09.0156 3264  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:48:09.0156 3264  Ip6Fw - ok
17:48:09.0187 3264  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:48:09.0187 3264  IpFilterDriver - ok
17:48:09.0203 3264  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:48:09.0203 3264  IpInIp - ok
17:48:09.0234 3264  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:48:09.0234 3264  IpNat - ok
17:48:09.0250 3264  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:48:09.0250 3264  IPSec - ok
17:48:09.0265 3264  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:48:09.0265 3264  IRENUM - ok
17:48:09.0281 3264  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:48:09.0281 3264  isapnp - ok
17:48:09.0406 3264  [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:48:09.0406 3264  JavaQuickStarterService - ok
17:48:09.0437 3264  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:48:09.0437 3264  Kbdclass - ok
17:48:09.0437 3264  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:48:09.0437 3264  kbdhid - ok
17:48:09.0453 3264  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:48:09.0468 3264  kmixer - ok
17:48:09.0484 3264  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:48:09.0484 3264  KSecDD - ok
17:48:09.0531 3264  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:48:09.0531 3264  lanmanserver - ok
17:48:09.0578 3264  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:48:09.0593 3264  lanmanworkstation - ok
17:48:09.0593 3264  lbrtfdc - ok
17:48:09.0703 3264  [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:48:09.0718 3264  LiveUpdate - ok
17:48:09.0765 3264  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:48:09.0765 3264  LmHosts - ok
17:48:09.0812 3264  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:48:09.0812 3264  MDM - ok
17:48:09.0843 3264  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:48:09.0843 3264  Messenger - ok
17:48:09.0890 3264  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:48:09.0890 3264  mnmdd - ok
17:48:09.0921 3264  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:48:09.0921 3264  mnmsrvc - ok
17:48:09.0937 3264  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:48:09.0937 3264  Modem - ok
17:48:09.0968 3264  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:48:09.0968 3264  Mouclass - ok
17:48:10.0000 3264  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:48:10.0000 3264  mouhid - ok
17:48:10.0015 3264  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:48:10.0015 3264  MountMgr - ok
17:48:10.0062 3264  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:48:10.0062 3264  mraid35x - ok
17:48:10.0062 3264  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:48:10.0062 3264  MRxDAV - ok
17:48:10.0109 3264  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:48:10.0125 3264  MRxSmb - ok
17:48:10.0156 3264  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:48:10.0156 3264  MSDTC - ok
17:48:10.0156 3264  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:48:10.0156 3264  Msfs - ok
17:48:10.0171 3264  MSIServer - ok
17:48:10.0187 3264  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:48:10.0187 3264  MSKSSRV - ok
17:48:10.0203 3264  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:48:10.0203 3264  MSPCLOCK - ok
17:48:10.0203 3264  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:48:10.0203 3264  MSPQM - ok
17:48:10.0234 3264  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:48:10.0234 3264  mssmbios - ok
17:48:10.0265 3264  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:48:10.0265 3264  Mup - ok
17:48:10.0296 3264  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:48:10.0328 3264  napagent - ok
17:48:10.0421 3264  [ 862F55824AC81295837B0AB63F91071F ] NAVENG          C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110810.003\naveng.sys
17:48:10.0421 3264  NAVENG - ok
17:48:10.0468 3264  [ 529D571B551CB9DA44237389B936F1AE ] NAVEX15         C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110810.003\navex15.sys
17:48:10.0484 3264  NAVEX15 - ok
17:48:10.0515 3264  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:48:10.0515 3264  NDIS - ok
17:48:10.0562 3264  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:48:10.0562 3264  NdisTapi - ok
17:48:10.0609 3264  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:48:10.0609 3264  Ndisuio - ok
17:48:10.0625 3264  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:48:10.0625 3264  NdisWan - ok
17:48:10.0656 3264  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:48:10.0656 3264  NDProxy - ok
17:48:10.0671 3264  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:48:10.0671 3264  NetBIOS - ok
17:48:10.0687 3264  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:48:10.0687 3264  NetBT - ok
17:48:10.0734 3264  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:48:10.0734 3264  NetDDE - ok
17:48:10.0734 3264  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:48:10.0734 3264  NetDDEdsdm - ok
17:48:10.0781 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:48:10.0781 3264  Netlogon - ok
17:48:10.0796 3264  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
17:48:10.0796 3264  Netman - ok
17:48:10.0843 3264  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:48:10.0859 3264  Nla - ok
17:48:10.0890 3264  [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\WINDOWS\system32\drivers\npf.sys
17:48:10.0890 3264  NPF - ok
17:48:10.0906 3264  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:48:10.0906 3264  Npfs - ok
17:48:10.0921 3264  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:48:10.0937 3264  Ntfs - ok
17:48:10.0937 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:48:10.0937 3264  NtLmSsp - ok
17:48:10.0968 3264  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:48:10.0984 3264  NtmsSvc - ok
17:48:11.0015 3264  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:48:11.0015 3264  Null - ok
17:48:11.0250 3264  [ 5A6469D861970151E687FB76E10BBB3A ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:48:11.0296 3264  nv - ok
17:48:11.0312 3264  [ E170979EBDD54B80695D4C994797CB0F ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
17:48:11.0328 3264  NVSvc - ok
17:48:11.0359 3264  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:48:11.0359 3264  NwlnkFlt - ok
17:48:11.0375 3264  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:48:11.0375 3264  NwlnkFwd - ok
17:48:11.0406 3264  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:48:11.0406 3264  ose - ok
17:48:11.0421 3264  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:48:11.0421 3264  Parport - ok
17:48:11.0453 3264  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:48:11.0453 3264  PartMgr - ok
17:48:11.0484 3264  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:48:11.0484 3264  ParVdm - ok
17:48:11.0484 3264  [ 4C771448E78C9026523FD468D58AFED4 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:48:11.0484 3264  Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: 4C771448E78C9026523FD468D58AFED4, Fake md5: 8086D9979234B603AD5BC2F5D890B234
17:48:11.0484 3264  PCI ( Rootkit.Win32.TDSS.tdl3 ) - infected
17:48:11.0484 3264  PCI - detected Rootkit.Win32.TDSS.tdl3 (0)
17:48:11.0500 3264  PCIDump - ok
17:48:11.0531 3264  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:48:11.0531 3264  PCIIde - ok
17:48:11.0546 3264  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:48:11.0546 3264  Pcmcia - ok
17:48:11.0546 3264  PDCOMP - ok
17:48:11.0562 3264  PDFRAME - ok
17:48:11.0562 3264  PDRELI - ok
17:48:11.0562 3264  PDRFRAME - ok
17:48:11.0578 3264  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
17:48:11.0578 3264  perc2 - ok
17:48:11.0593 3264  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:48:11.0593 3264  perc2hib - ok
17:48:11.0625 3264  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
17:48:11.0640 3264  PlugPlay - ok
17:48:11.0640 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:48:11.0640 3264  PolicyAgent - ok
17:48:11.0671 3264  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:48:11.0671 3264  PptpMiniport - ok
17:48:11.0687 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:48:11.0687 3264  ProtectedStorage - ok
17:48:11.0687 3264  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:48:11.0687 3264  PSched - ok
17:48:11.0703 3264  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:48:11.0703 3264  Ptilink - ok
17:48:11.0750 3264  [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:48:11.0750 3264  PxHelp20 - ok
17:48:11.0765 3264  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:48:11.0781 3264  ql1080 - ok
17:48:11.0781 3264  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:48:11.0781 3264  Ql10wnt - ok
17:48:11.0796 3264  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:48:11.0796 3264  ql12160 - ok
17:48:11.0812 3264  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:48:11.0812 3264  ql1240 - ok
17:48:11.0828 3264  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:48:11.0828 3264  ql1280 - ok
17:48:11.0843 3264  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:48:11.0843 3264  RasAcd - ok
17:48:11.0890 3264  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:48:11.0890 3264  RasAuto - ok
17:48:11.0937 3264  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:48:11.0937 3264  Rasl2tp - ok
17:48:11.0968 3264  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:48:11.0984 3264  RasMan - ok
17:48:12.0000 3264  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:48:12.0000 3264  RasPppoe - ok
17:48:12.0031 3264  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:48:12.0031 3264  Raspti - ok
17:48:12.0046 3264  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:48:12.0046 3264  Rdbss - ok
17:48:12.0046 3264  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:48:12.0046 3264  RDPCDD - ok
17:48:12.0062 3264  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:48:12.0062 3264  rdpdr - ok
17:48:12.0093 3264  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:48:12.0109 3264  RDPWD - ok
17:48:12.0140 3264  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:48:12.0140 3264  RDSessMgr - ok
17:48:12.0140 3264  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:48:12.0140 3264  redbook - ok
17:48:12.0171 3264  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:48:12.0187 3264  RemoteAccess - ok
17:48:12.0218 3264  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:48:12.0218 3264  RemoteRegistry - ok
17:48:12.0296 3264  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
17:48:12.0296 3264  rpcapd - ok
17:48:12.0328 3264  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:48:12.0328 3264  RpcLocator - ok
17:48:12.0359 3264  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:48:12.0375 3264  RpcSs - ok
17:48:12.0421 3264  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:48:12.0421 3264  RSVP - ok
17:48:12.0500 3264  [ A0EEA6F631349D0E0B7A6CAA7E099CB0 ] RUBotSrv        C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
17:48:12.0515 3264  RUBotSrv - ok
17:48:12.0546 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:48:12.0546 3264  SamSs - ok
17:48:12.0593 3264  [ 5387EAE86FB5F6B72052F5273BDD3E86 ] SavRoam         C:\Program Files\Symantec AntiVirus\SavRoam.exe
17:48:12.0593 3264  SavRoam - ok
17:48:12.0625 3264  [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT           C:\Program Files\Symantec AntiVirus\savrt.sys
17:48:12.0625 3264  SAVRT - ok
17:48:12.0625 3264  [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL        C:\Program Files\Symantec AntiVirus\Savrtpel.sys
17:48:12.0625 3264  SAVRTPEL - ok
17:48:12.0656 3264  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:48:12.0656 3264  SCardSvr - ok
17:48:12.0687 3264  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:48:12.0703 3264  Schedule - ok
17:48:12.0750 3264  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:48:12.0750 3264  Secdrv - ok
17:48:12.0781 3264  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:48:12.0781 3264  seclogon - ok
17:48:12.0828 3264  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
17:48:12.0828 3264  SENS - ok
17:48:12.0859 3264  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:48:12.0859 3264  serenum - ok
17:48:12.0875 3264  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:48:12.0875 3264  Serial - ok
17:48:12.0875 3264  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:48:12.0875 3264  Sfloppy - ok
17:48:12.0921 3264  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:48:12.0937 3264  SharedAccess - ok
17:48:12.0968 3264  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:48:12.0968 3264  ShellHWDetection - ok
17:48:12.0984 3264  Simbad - ok
17:48:13.0015 3264  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:48:13.0015 3264  sisagp - ok
17:48:13.0031 3264  [ A16722715D3206AB7E1A6463CE0B747E ] SNDSrvc         C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
17:48:13.0031 3264  SNDSrvc - ok
17:48:13.0062 3264  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:48:13.0062 3264  Sparrow - ok
17:48:13.0125 3264  [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:48:13.0125 3264  SPBBCDrv - ok
17:48:13.0171 3264  [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
17:48:13.0171 3264  SPBBCSvc - ok
17:48:13.0203 3264  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:48:13.0203 3264  splitter - ok
17:48:13.0250 3264  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:48:13.0265 3264  Spooler - ok
17:48:13.0296 3264  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:48:13.0296 3264  sr - ok
17:48:13.0343 3264  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:48:13.0343 3264  srservice - ok
17:48:13.0406 3264  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:48:13.0421 3264  Srv - ok
17:48:13.0437 3264  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:48:13.0453 3264  SSDPSRV - ok
17:48:13.0515 3264  [ 797FCC1D859B203958E915BB82528DA9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
17:48:13.0531 3264  STHDA - ok
17:48:13.0562 3264  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:48:13.0562 3264  stisvc - ok
17:48:13.0609 3264  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:48:13.0609 3264  swenum - ok
17:48:13.0625 3264  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:48:13.0625 3264  swmidi - ok
17:48:13.0625 3264  SwPrv - ok
17:48:13.0718 3264  [ 0023CC5610B9C48CF68571DEE4C686FC ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
17:48:13.0734 3264  Symantec AntiVirus - ok
17:48:13.0750 3264  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
17:48:13.0750 3264  symc810 - ok
17:48:13.0765 3264  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:48:13.0765 3264  symc8xx - ok
17:48:13.0796 3264  [ 49B20B430A4F219173F823536944474A ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:48:13.0796 3264  SymEvent - ok
17:48:13.0828 3264  [ 626F733BE7F951116C5C0804B068666C ] SYMREDRV        C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:48:13.0828 3264  SYMREDRV - ok
17:48:13.0843 3264  [ CB7CC4DDBE09E224D4CD876760BA982C ] SYMTDI          C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:48:13.0843 3264  SYMTDI - ok
17:48:13.0875 3264  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:48:13.0875 3264  sym_hi - ok
17:48:13.0875 3264  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:48:13.0875 3264  sym_u3 - ok
17:48:13.0906 3264  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:48:13.0906 3264  sysaudio - ok
17:48:13.0937 3264  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:48:13.0937 3264  SysmonLog - ok
17:48:13.0968 3264  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:48:13.0984 3264  TapiSrv - ok
17:48:14.0031 3264  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:48:14.0031 3264  Tcpip - ok
17:48:14.0062 3264  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:48:14.0062 3264  TDPIPE - ok
17:48:14.0093 3264  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:48:14.0093 3264  TDTCP - ok
17:48:14.0109 3264  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:48:14.0109 3264  TermDD - ok
17:48:14.0125 3264  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
17:48:14.0156 3264  TermService - ok
17:48:14.0171 3264  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:48:14.0171 3264  Themes - ok
17:48:14.0203 3264  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:48:14.0203 3264  TlntSvr - ok
17:48:14.0218 3264  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
17:48:14.0218 3264  TosIde - ok
17:48:14.0234 3264  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:48:14.0250 3264  TrkWks - ok
17:48:14.0281 3264  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:48:14.0281 3264  Udfs - ok
17:48:14.0281 3264  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
17:48:14.0296 3264  ultra - ok
17:48:14.0328 3264  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:48:14.0328 3264  Update - ok
17:48:14.0359 3264  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:48:14.0359 3264  upnphost - ok
17:48:14.0375 3264  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
17:48:14.0375 3264  UPS - ok
17:48:14.0390 3264  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
17:48:14.0390 3264  usbaudio - ok
17:48:14.0421 3264  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:48:14.0421 3264  usbccgp - ok
17:48:14.0437 3264  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:48:14.0437 3264  usbehci - ok
17:48:14.0453 3264  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:48:14.0453 3264  usbhub - ok
17:48:14.0468 3264  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:48:14.0468 3264  USBSTOR - ok
17:48:14.0500 3264  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:48:14.0500 3264  usbuhci - ok
17:48:14.0500 3264  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:48:14.0500 3264  VgaSave - ok
17:48:14.0515 3264  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:48:14.0515 3264  viaagp - ok
17:48:14.0546 3264  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
17:48:14.0562 3264  ViaIde - ok
17:48:14.0593 3264  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:48:14.0593 3264  VolSnap - ok
17:48:14.0625 3264  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
17:48:14.0625 3264  VSS - ok
17:48:14.0656 3264  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
17:48:14.0656 3264  w32time - ok
17:48:14.0703 3264  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:48:14.0703 3264  Wanarp - ok
17:48:14.0703 3264  WDICA - ok
17:48:14.0750 3264  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:48:14.0750 3264  wdmaud - ok
17:48:14.0765 3264  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:48:14.0781 3264  WebClient - ok
17:48:14.0843 3264  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:48:14.0859 3264  winmgmt - ok
17:48:14.0875 3264  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:48:14.0890 3264  WmdmPmSN - ok
17:48:14.0921 3264  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:48:14.0937 3264  Wmi - ok
17:48:14.0953 3264  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:48:14.0968 3264  WmiApSrv - ok
17:48:15.0031 3264  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
17:48:15.0031 3264  WMPNetworkSvc - ok
17:48:15.0046 3264  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:48:15.0078 3264  wscsvc - ok
17:48:15.0109 3264  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:48:15.0109 3264  wuauserv - ok
17:48:15.0140 3264  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:48:15.0140 3264  WudfPf - ok
17:48:15.0156 3264  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:48:15.0156 3264  WudfRd - ok
17:48:15.0187 3264  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:48:15.0187 3264  WudfSvc - ok
17:48:15.0234 3264  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:48:15.0250 3264  WZCSVC - ok
17:48:15.0265 3264  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:48:15.0265 3264  xmlprov - ok
17:48:15.0359 3264  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:48:15.0359 3264  YahooAUService - ok
17:48:15.0359 3264  ================ Scan global ===============================
17:48:15.0406 3264  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:48:15.0453 3264  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:48:15.0468 3264  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:48:15.0515 3264  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:48:15.0515 3264  [Global] - ok
17:48:15.0515 3264  ================ Scan MBR ==================================
17:48:15.0531 3264  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:48:15.0703 3264  \Device\Harddisk0\DR0 - ok
17:48:15.0703 3264  ================ Scan VBR ==================================
17:48:15.0703 3264  [ 0CF212CE3558E3C544BC2EE86BE24DD2 ] \Device\Harddisk0\DR0\Partition1
17:48:15.0703 3264  \Device\Harddisk0\DR0\Partition1 - ok
17:48:15.0703 3264  ============================================================
17:48:15.0703 3264  Scan finished
17:48:15.0703 3264  ============================================================
17:48:15.0718 3216  Detected object count: 1
17:48:15.0718 3216  Actual detected object count: 1
19:31:01.0781 3216  C:\WINDOWS\system32\DRIVERS\pci.sys - copied to quarantine
19:31:02.0031 3216  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
19:31:02.0046 3216  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
19:31:02.0046 3216  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:31:02.0046 3216  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:31:02.0093 3216  \Device\Harddisk0\DR0\TDLFS\clc.dll - copied to quarantine
19:31:02.0109 3216  \Device\Harddisk0\DR0\TDLFS\module.dll - copied to quarantine
19:31:03.0437 3216  Backup copy found, using it..
19:31:03.0468 3216  C:\WINDOWS\system32\DRIVERS\pci.sys - will be cured on reboot
19:31:03.0468 3216  PCI ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure 
19:34:54.0359 1376  Deinitialize success

17:48:01.0765 2716  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:48:02.0187 2716  ============================================================
17:48:02.0187 2716  Current date / time: 2013/03/23 17:48:02.0187
17:48:02.0187 2716  SystemInfo:
17:48:02.0187 2716  
17:48:02.0187 2716  OS Version: 5.1.2600 ServicePack: 3.0
17:48:02.0187 2716  Product type: Workstation
17:48:02.0187 2716  ComputerName: WK-08
17:48:02.0187 2716  UserName: Administrator
17:48:02.0187 2716  Windows directory: C:\WINDOWS
17:48:02.0187 2716  System windows directory: C:\WINDOWS
17:48:02.0187 2716  Processor architecture: Intel x86
17:48:02.0187 2716  Number of processors: 2
17:48:02.0187 2716  Page size: 0x1000
17:48:02.0187 2716  Boot type: Normal boot
17:48:02.0187 2716  ============================================================
17:48:02.0687 2716  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:48:02.0687 2716  ============================================================
17:48:02.0687 2716  \Device\Harddisk0\DR0:
17:48:02.0687 2716  MBR partitions:
17:48:02.0687 2716  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x94E3276
17:48:02.0687 2716  ============================================================
17:48:02.0718 2716  C: <-> \Device\Harddisk0\DR0\Partition1
17:48:02.0718 2716  ============================================================
17:48:02.0718 2716  Initialize success
17:48:02.0718 2716  ============================================================
17:48:03.0703 3264  ============================================================
17:48:03.0703 3264  Scan started
17:48:03.0703 3264  Mode: Manual; 
17:48:03.0703 3264  ============================================================
17:48:04.0234 3264  ================ Scan system memory ========================
17:48:05.0562 3264  System memory - ok
17:48:05.0562 3264  ================ Scan services =============================
17:48:05.0640 3264  Abiosdsk - ok
17:48:05.0656 3264  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:48:05.0656 3264  abp480n5 - ok
17:48:05.0703 3264  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:48:05.0703 3264  ACPI - ok
17:48:05.0734 3264  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:48:05.0734 3264  ACPIEC - ok
17:48:05.0734 3264  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:48:05.0734 3264  adpu160m - ok
17:48:05.0781 3264  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:48:05.0781 3264  aec - ok
17:48:05.0812 3264  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:48:05.0828 3264  AFD - ok
17:48:05.0859 3264  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
17:48:05.0859 3264  agp440 - ok
17:48:05.0890 3264  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:48:05.0890 3264  agpCPQ - ok
17:48:05.0906 3264  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:48:05.0906 3264  Aha154x - ok
17:48:05.0921 3264  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:48:05.0921 3264  aic78u2 - ok
17:48:05.0937 3264  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:48:05.0937 3264  aic78xx - ok
17:48:05.0968 3264  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:48:05.0968 3264  Alerter - ok
17:48:06.0000 3264  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
17:48:06.0015 3264  ALG - ok
17:48:06.0046 3264  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
17:48:06.0046 3264  AliIde - ok
17:48:06.0078 3264  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:48:06.0078 3264  alim1541 - ok
17:48:06.0078 3264  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:48:06.0078 3264  amdagp - ok
17:48:06.0078 3264  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
17:48:06.0093 3264  amsint - ok
17:48:06.0125 3264  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:48:06.0125 3264  AppMgmt - ok
17:48:06.0156 3264  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
17:48:06.0156 3264  asc - ok
17:48:06.0156 3264  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:48:06.0171 3264  asc3350p - ok
17:48:06.0171 3264  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:48:06.0171 3264  asc3550 - ok
17:48:06.0281 3264  [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
17:48:06.0281 3264  aspnet_state - ok
17:48:06.0328 3264  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:48:06.0328 3264  AsyncMac - ok
17:48:06.0343 3264  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:48:06.0343 3264  atapi - ok
17:48:06.0343 3264  Atdisk - ok
17:48:06.0359 3264  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:48:06.0359 3264  Atmarpc - ok
17:48:06.0406 3264  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:48:06.0406 3264  AudioSrv - ok
17:48:06.0468 3264  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:48:06.0468 3264  audstub - ok
17:48:06.0484 3264  [ BB1A2A73F993B623F99E03ED2F9E014C ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:48:06.0484 3264  b57w2k - ok
17:48:06.0500 3264  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:48:06.0500 3264  Beep - ok
17:48:06.0562 3264  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:48:06.0593 3264  BITS - ok
17:48:06.0625 3264  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
17:48:06.0625 3264  Browser - ok
17:48:06.0656 3264  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:48:06.0656 3264  cbidf - ok
17:48:06.0656 3264  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:48:06.0656 3264  cbidf2k - ok
17:48:06.0734 3264  [ 04945313BC60488E0C14AD1167160659 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
17:48:06.0734 3264  ccEvtMgr - ok
17:48:06.0796 3264  [ 2203161EC24C210D51DB69C604F4A504 ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
17:48:06.0796 3264  ccSetMgr - ok
17:48:06.0828 3264  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:48:06.0828 3264  cd20xrnt - ok
17:48:06.0843 3264  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:48:06.0843 3264  Cdaudio - ok
17:48:06.0890 3264  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:48:06.0890 3264  Cdfs - ok
17:48:06.0906 3264  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:48:06.0906 3264  Cdrom - ok
17:48:06.0906 3264  Changer - ok
17:48:06.0937 3264  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:48:06.0937 3264  CiSvc - ok
17:48:06.0953 3264  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:48:06.0953 3264  ClipSrv - ok
17:48:06.0984 3264  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:48:06.0984 3264  CmdIde - ok
17:48:06.0984 3264  COMSysApp - ok
17:48:07.0015 3264  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:48:07.0015 3264  Cpqarray - ok
17:48:07.0046 3264  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:48:07.0062 3264  CryptSvc - ok
17:48:07.0093 3264  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:48:07.0093 3264  dac2w2k - ok
17:48:07.0109 3264  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:48:07.0109 3264  dac960nt - ok
17:48:07.0156 3264  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:48:07.0171 3264  DcomLaunch - ok
17:48:07.0234 3264  [ 9709D3D9E592D3217353F3FAFE29FAA3 ] DefWatch        C:\Program Files\Symantec AntiVirus\DefWatch.exe
17:48:07.0234 3264  DefWatch - ok
17:48:07.0265 3264  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:48:07.0265 3264  Dhcp - ok
17:48:07.0281 3264  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:48:07.0281 3264  Disk - ok
17:48:07.0281 3264  dkab_device - ok
17:48:07.0375 3264  [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:48:07.0375 3264  DLABOIOM - ok
17:48:07.0390 3264  [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:48:07.0390 3264  DLACDBHM - ok
17:48:07.0421 3264  [ 83545593E297F50A8E2524B4C071A153 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
17:48:07.0421 3264  DLADResN - ok
17:48:07.0421 3264  [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:48:07.0421 3264  DLAIFS_M - ok
17:48:07.0437 3264  [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:48:07.0437 3264  DLAOPIOM - ok
17:48:07.0437 3264  [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:48:07.0437 3264  DLAPoolM - ok
17:48:07.0437 3264  [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:48:07.0437 3264  DLARTL_N - ok
17:48:07.0453 3264  [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:48:07.0453 3264  DLAUDFAM - ok
17:48:07.0468 3264  [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:48:07.0468 3264  DLAUDF_M - ok
17:48:07.0468 3264  dmadmin - ok
17:48:07.0515 3264  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:48:07.0515 3264  dmboot - ok
17:48:07.0515 3264  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:48:07.0531 3264  dmio - ok
17:48:07.0531 3264  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:48:07.0531 3264  dmload - ok
17:48:07.0562 3264  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:48:07.0578 3264  dmserver - ok
17:48:07.0593 3264  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:48:07.0593 3264  DMusic - ok
17:48:07.0625 3264  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:48:07.0625 3264  Dnscache - ok
17:48:07.0671 3264  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:48:07.0671 3264  Dot3svc - ok
17:48:07.0687 3264  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:48:07.0687 3264  dpti2o - ok
17:48:07.0703 3264  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:48:07.0703 3264  drmkaud - ok
17:48:07.0703 3264  [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:48:07.0703 3264  DRVMCDB - ok
17:48:07.0703 3264  [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:48:07.0703 3264  DRVNDDM - ok
17:48:07.0718 3264  DSXUSB - ok
17:48:07.0734 3264  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:48:07.0734 3264  E100B - ok
17:48:07.0750 3264  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:48:07.0765 3264  EapHost - ok
17:48:07.0812 3264  [ 8F7DBC4BE48F5388A6FE1F285E7948EF ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:48:07.0812 3264  eeCtrl - ok
17:48:07.0828 3264  [ 3EE14D400E0FDD0D214275A4A20B7022 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:48:07.0828 3264  EraserUtilRebootDrv - ok
17:48:07.0875 3264  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:48:07.0875 3264  ERSvc - ok
17:48:07.0921 3264  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
17:48:07.0921 3264  Eventlog - ok
17:48:07.0968 3264  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
17:48:07.0984 3264  EventSystem - ok
17:48:08.0031 3264  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:48:08.0031 3264  Fastfat - ok
17:48:08.0078 3264  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:48:08.0078 3264  FastUserSwitchingCompatibility - ok
17:48:08.0140 3264  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
17:48:08.0140 3264  Fax - ok
17:48:08.0156 3264  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:48:08.0156 3264  Fdc - ok
17:48:08.0187 3264  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:48:08.0203 3264  Fips - ok
17:48:08.0218 3264  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:48:08.0218 3264  Flpydisk - ok
17:48:08.0250 3264  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:48:08.0250 3264  FltMgr - ok
17:48:08.0265 3264  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:48:08.0265 3264  Fs_Rec - ok
17:48:08.0296 3264  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:48:08.0296 3264  Ftdisk - ok
17:48:08.0328 3264  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:48:08.0328 3264  Gpc - ok
17:48:08.0406 3264  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:48:08.0406 3264  gupdate - ok
17:48:08.0406 3264  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:48:08.0406 3264  gupdatem - ok
17:48:08.0437 3264  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:48:08.0437 3264  HDAudBus - ok
17:48:08.0515 3264  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:48:08.0531 3264  helpsvc - ok
17:48:08.0531 3264  HidServ - ok
17:48:08.0546 3264  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:48:08.0546 3264  HidUsb - ok
17:48:08.0593 3264  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:48:08.0593 3264  hkmsvc - ok
17:48:08.0625 3264  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
17:48:08.0625 3264  hpn - ok
17:48:08.0671 3264  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:48:08.0671 3264  HTTP - ok
17:48:08.0687 3264  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:48:08.0703 3264  HTTPFilter - ok
17:48:08.0734 3264  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
17:48:08.0734 3264  i2omgmt - ok
17:48:08.0765 3264  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:48:08.0765 3264  i2omp - ok
17:48:08.0781 3264  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:48:08.0781 3264  i8042prt - ok
17:48:08.0859 3264  [ B122BE74E283A2BC7FEBC180BFD2EFD5 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:48:08.0859 3264  IAANTMON - ok
17:48:08.0875 3264  [ 019CF5F31C67030841233C545A0E217A ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
17:48:08.0875 3264  iaStor - ok
17:48:08.0968 3264  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:48:08.0968 3264  IDriverT - ok
17:48:09.0000 3264  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:48:09.0000 3264  Imapi - ok
17:48:09.0031 3264  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:48:09.0046 3264  ImapiService - ok
17:48:09.0078 3264  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:48:09.0078 3264  ini910u - ok
17:48:09.0093 3264  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
17:48:09.0093 3264  IntelIde - ok
17:48:09.0140 3264  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:48:09.0140 3264  intelppm - ok
17:48:09.0156 3264  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:48:09.0156 3264  Ip6Fw - ok
17:48:09.0187 3264  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:48:09.0187 3264  IpFilterDriver - ok
17:48:09.0203 3264  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:48:09.0203 3264  IpInIp - ok
17:48:09.0234 3264  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:48:09.0234 3264  IpNat - ok
17:48:09.0250 3264  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:48:09.0250 3264  IPSec - ok
17:48:09.0265 3264  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:48:09.0265 3264  IRENUM - ok
17:48:09.0281 3264  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:48:09.0281 3264  isapnp - ok
17:48:09.0406 3264  [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:48:09.0406 3264  JavaQuickStarterService - ok
17:48:09.0437 3264  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:48:09.0437 3264  Kbdclass - ok
17:48:09.0437 3264  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:48:09.0437 3264  kbdhid - ok
17:48:09.0453 3264  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:48:09.0468 3264  kmixer - ok
17:48:09.0484 3264  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:48:09.0484 3264  KSecDD - ok
17:48:09.0531 3264  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:48:09.0531 3264  lanmanserver - ok
17:48:09.0578 3264  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:48:09.0593 3264  lanmanworkstation - ok
17:48:09.0593 3264  lbrtfdc - ok
17:48:09.0703 3264  [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:48:09.0718 3264  LiveUpdate - ok
17:48:09.0765 3264  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:48:09.0765 3264  LmHosts - ok
17:48:09.0812 3264  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:48:09.0812 3264  MDM - ok
17:48:09.0843 3264  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:48:09.0843 3264  Messenger - ok
17:48:09.0890 3264  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:48:09.0890 3264  mnmdd - ok
17:48:09.0921 3264  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:48:09.0921 3264  mnmsrvc - ok
17:48:09.0937 3264  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:48:09.0937 3264  Modem - ok
17:48:09.0968 3264  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:48:09.0968 3264  Mouclass - ok
17:48:10.0000 3264  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:48:10.0000 3264  mouhid - ok
17:48:10.0015 3264  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:48:10.0015 3264  MountMgr - ok
17:48:10.0062 3264  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:48:10.0062 3264  mraid35x - ok
17:48:10.0062 3264  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:48:10.0062 3264  MRxDAV - ok
17:48:10.0109 3264  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:48:10.0125 3264  MRxSmb - ok
17:48:10.0156 3264  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:48:10.0156 3264  MSDTC - ok
17:48:10.0156 3264  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:48:10.0156 3264  Msfs - ok
17:48:10.0171 3264  MSIServer - ok
17:48:10.0187 3264  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:48:10.0187 3264  MSKSSRV - ok
17:48:10.0203 3264  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:48:10.0203 3264  MSPCLOCK - ok
17:48:10.0203 3264  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:48:10.0203 3264  MSPQM - ok
17:48:10.0234 3264  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:48:10.0234 3264  mssmbios - ok
17:48:10.0265 3264  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:48:10.0265 3264  Mup - ok
17:48:10.0296 3264  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:48:10.0328 3264  napagent - ok
17:48:10.0421 3264  [ 862F55824AC81295837B0AB63F91071F ] NAVENG          C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110810.003\naveng.sys
17:48:10.0421 3264  NAVENG - ok
17:48:10.0468 3264  [ 529D571B551CB9DA44237389B936F1AE ] NAVEX15         C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110810.003\navex15.sys
17:48:10.0484 3264  NAVEX15 - ok
17:48:10.0515 3264  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:48:10.0515 3264  NDIS - ok
17:48:10.0562 3264  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:48:10.0562 3264  NdisTapi - ok
17:48:10.0609 3264  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:48:10.0609 3264  Ndisuio - ok
17:48:10.0625 3264  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:48:10.0625 3264  NdisWan - ok
17:48:10.0656 3264  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:48:10.0656 3264  NDProxy - ok
17:48:10.0671 3264  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:48:10.0671 3264  NetBIOS - ok
17:48:10.0687 3264  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:48:10.0687 3264  NetBT - ok
17:48:10.0734 3264  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:48:10.0734 3264  NetDDE - ok
17:48:10.0734 3264  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:48:10.0734 3264  NetDDEdsdm - ok
17:48:10.0781 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:48:10.0781 3264  Netlogon - ok
17:48:10.0796 3264  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
17:48:10.0796 3264  Netman - ok
17:48:10.0843 3264  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:48:10.0859 3264  Nla - ok
17:48:10.0890 3264  [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\WINDOWS\system32\drivers\npf.sys
17:48:10.0890 3264  NPF - ok
17:48:10.0906 3264  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:48:10.0906 3264  Npfs - ok
17:48:10.0921 3264  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:48:10.0937 3264  Ntfs - ok
17:48:10.0937 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:48:10.0937 3264  NtLmSsp - ok
17:48:10.0968 3264  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:48:10.0984 3264  NtmsSvc - ok
17:48:11.0015 3264  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:48:11.0015 3264  Null - ok
17:48:11.0250 3264  [ 5A6469D861970151E687FB76E10BBB3A ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:48:11.0296 3264  nv - ok
17:48:11.0312 3264  [ E170979EBDD54B80695D4C994797CB0F ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
17:48:11.0328 3264  NVSvc - ok
17:48:11.0359 3264  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:48:11.0359 3264  NwlnkFlt - ok
17:48:11.0375 3264  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:48:11.0375 3264  NwlnkFwd - ok
17:48:11.0406 3264  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:48:11.0406 3264  ose - ok
17:48:11.0421 3264  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:48:11.0421 3264  Parport - ok
17:48:11.0453 3264  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:48:11.0453 3264  PartMgr - ok
17:48:11.0484 3264  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:48:11.0484 3264  ParVdm - ok
17:48:11.0484 3264  [ 4C771448E78C9026523FD468D58AFED4 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:48:11.0484 3264  Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: 4C771448E78C9026523FD468D58AFED4, Fake md5: 8086D9979234B603AD5BC2F5D890B234
17:48:11.0484 3264  PCI ( Rootkit.Win32.TDSS.tdl3 ) - infected
17:48:11.0484 3264  PCI - detected Rootkit.Win32.TDSS.tdl3 (0)
17:48:11.0500 3264  PCIDump - ok
17:48:11.0531 3264  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:48:11.0531 3264  PCIIde - ok
17:48:11.0546 3264  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:48:11.0546 3264  Pcmcia - ok
17:48:11.0546 3264  PDCOMP - ok
17:48:11.0562 3264  PDFRAME - ok
17:48:11.0562 3264  PDRELI - ok
17:48:11.0562 3264  PDRFRAME - ok
17:48:11.0578 3264  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
17:48:11.0578 3264  perc2 - ok
17:48:11.0593 3264  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:48:11.0593 3264  perc2hib - ok
17:48:11.0625 3264  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
17:48:11.0640 3264  PlugPlay - ok
17:48:11.0640 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:48:11.0640 3264  PolicyAgent - ok
17:48:11.0671 3264  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:48:11.0671 3264  PptpMiniport - ok
17:48:11.0687 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:48:11.0687 3264  ProtectedStorage - ok
17:48:11.0687 3264  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:48:11.0687 3264  PSched - ok
17:48:11.0703 3264  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:48:11.0703 3264  Ptilink - ok
17:48:11.0750 3264  [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:48:11.0750 3264  PxHelp20 - ok
17:48:11.0765 3264  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:48:11.0781 3264  ql1080 - ok
17:48:11.0781 3264  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:48:11.0781 3264  Ql10wnt - ok
17:48:11.0796 3264  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:48:11.0796 3264  ql12160 - ok
17:48:11.0812 3264  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:48:11.0812 3264  ql1240 - ok
17:48:11.0828 3264  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:48:11.0828 3264  ql1280 - ok
17:48:11.0843 3264  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:48:11.0843 3264  RasAcd - ok
17:48:11.0890 3264  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:48:11.0890 3264  RasAuto - ok
17:48:11.0937 3264  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:48:11.0937 3264  Rasl2tp - ok
17:48:11.0968 3264  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:48:11.0984 3264  RasMan - ok
17:48:12.0000 3264  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:48:12.0000 3264  RasPppoe - ok
17:48:12.0031 3264  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:48:12.0031 3264  Raspti - ok
17:48:12.0046 3264  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:48:12.0046 3264  Rdbss - ok
17:48:12.0046 3264  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:48:12.0046 3264  RDPCDD - ok
17:48:12.0062 3264  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:48:12.0062 3264  rdpdr - ok
17:48:12.0093 3264  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:48:12.0109 3264  RDPWD - ok
17:48:12.0140 3264  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:48:12.0140 3264  RDSessMgr - ok
17:48:12.0140 3264  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:48:12.0140 3264  redbook - ok
17:48:12.0171 3264  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:48:12.0187 3264  RemoteAccess - ok
17:48:12.0218 3264  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:48:12.0218 3264  RemoteRegistry - ok
17:48:12.0296 3264  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
17:48:12.0296 3264  rpcapd - ok
17:48:12.0328 3264  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:48:12.0328 3264  RpcLocator - ok
17:48:12.0359 3264  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:48:12.0375 3264  RpcSs - ok
17:48:12.0421 3264  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:48:12.0421 3264  RSVP - ok
17:48:12.0500 3264  [ A0EEA6F631349D0E0B7A6CAA7E099CB0 ] RUBotSrv        C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
17:48:12.0515 3264  RUBotSrv - ok
17:48:12.0546 3264  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:48:12.0546 3264  SamSs - ok
17:48:12.0593 3264  [ 5387EAE86FB5F6B72052F5273BDD3E86 ] SavRoam         C:\Program Files\Symantec AntiVirus\SavRoam.exe
17:48:12.0593 3264  SavRoam - ok
17:48:12.0625 3264  [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT           C:\Program Files\Symantec AntiVirus\savrt.sys
17:48:12.0625 3264  SAVRT - ok
17:48:12.0625 3264  [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL        C:\Program Files\Symantec AntiVirus\Savrtpel.sys
17:48:12.0625 3264  SAVRTPEL - ok
17:48:12.0656 3264  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:48:12.0656 3264  SCardSvr - ok
17:48:12.0687 3264  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:48:12.0703 3264  Schedule - ok
17:48:12.0750 3264  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:48:12.0750 3264  Secdrv - ok
17:48:12.0781 3264  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:48:12.0781 3264  seclogon - ok
17:48:12.0828 3264  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
17:48:12.0828 3264  SENS - ok
17:48:12.0859 3264  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:48:12.0859 3264  serenum - ok
17:48:12.0875 3264  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:48:12.0875 3264  Serial - ok
17:48:12.0875 3264  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:48:12.0875 3264  Sfloppy - ok
17:48:12.0921 3264  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:48:12.0937 3264  SharedAccess - ok
17:48:12.0968 3264  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:48:12.0968 3264  ShellHWDetection - ok
17:48:12.0984 3264  Simbad - ok
17:48:13.0015 3264  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:48:13.0015 3264  sisagp - ok
17:48:13.0031 3264  [ A16722715D3206AB7E1A6463CE0B747E ] SNDSrvc         C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
17:48:13.0031 3264  SNDSrvc - ok
17:48:13.0062 3264  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:48:13.0062 3264  Sparrow - ok
17:48:13.0125 3264  [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:48:13.0125 3264  SPBBCDrv - ok
17:48:13.0171 3264  [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
17:48:13.0171 3264  SPBBCSvc - ok
17:48:13.0203 3264  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:48:13.0203 3264  splitter - ok
17:48:13.0250 3264  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:48:13.0265 3264  Spooler - ok
17:48:13.0296 3264  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:48:13.0296 3264  sr - ok
17:48:13.0343 3264  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:48:13.0343 3264  srservice - ok
17:48:13.0406 3264  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:48:13.0421 3264  Srv - ok
17:48:13.0437 3264  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:48:13.0453 3264  SSDPSRV - ok
17:48:13.0515 3264  [ 797FCC1D859B203958E915BB82528DA9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
17:48:13.0531 3264  STHDA - ok
17:48:13.0562 3264  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:48:13.0562 3264  stisvc - ok
17:48:13.0609 3264  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:48:13.0609 3264  swenum - ok
17:48:13.0625 3264  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:48:13.0625 3264  swmidi - ok
17:48:13.0625 3264  SwPrv - ok
17:48:13.0718 3264  [ 0023CC5610B9C48CF68571DEE4C686FC ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
17:48:13.0734 3264  Symantec AntiVirus - ok
17:48:13.0750 3264  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
17:48:13.0750 3264  symc810 - ok
17:48:13.0765 3264  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:48:13.0765 3264  symc8xx - ok
17:48:13.0796 3264  [ 49B20B430A4F219173F823536944474A ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:48:13.0796 3264  SymEvent - ok
17:48:13.0828 3264  [ 626F733BE7F951116C5C0804B068666C ] SYMREDRV        C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:48:13.0828 3264  SYMREDRV - ok
17:48:13.0843 3264  [ CB7CC4DDBE09E224D4CD876760BA982C ] SYMTDI          C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:48:13.0843 3264  SYMTDI - ok
17:48:13.0875 3264  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:48:13.0875 3264  sym_hi - ok
17:48:13.0875 3264  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:48:13.0875 3264  sym_u3 - ok
17:48:13.0906 3264  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:48:13.0906 3264  sysaudio - ok
17:48:13.0937 3264  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:48:13.0937 3264  SysmonLog - ok
17:48:13.0968 3264  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:48:13.0984 3264  TapiSrv - ok
17:48:14.0031 3264  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:48:14.0031 3264  Tcpip - ok
17:48:14.0062 3264  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:48:14.0062 3264  TDPIPE - ok
17:48:14.0093 3264  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:48:14.0093 3264  TDTCP - ok
17:48:14.0109 3264  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:48:14.0109 3264  TermDD - ok
17:48:14.0125 3264  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
17:48:14.0156 3264  TermService - ok
17:48:14.0171 3264  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:48:14.0171 3264  Themes - ok
17:48:14.0203 3264  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:48:14.0203 3264  TlntSvr - ok
17:48:14.0218 3264  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
17:48:14.0218 3264  TosIde - ok
17:48:14.0234 3264  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:48:14.0250 3264  TrkWks - ok
17:48:14.0281 3264  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:48:14.0281 3264  Udfs - ok
17:48:14.0281 3264  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
17:48:14.0296 3264  ultra - ok
17:48:14.0328 3264  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:48:14.0328 3264  Update - ok
17:48:14.0359 3264  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:48:14.0359 3264  upnphost - ok
17:48:14.0375 3264  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
17:48:14.0375 3264  UPS - ok
17:48:14.0390 3264  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
17:48:14.0390 3264  usbaudio - ok
17:48:14.0421 3264  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:48:14.0421 3264  usbccgp - ok
17:48:14.0437 3264  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:48:14.0437 3264  usbehci - ok
17:48:14.0453 3264  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:48:14.0453 3264  usbhub - ok
17:48:14.0468 3264  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:48:14.0468 3264  USBSTOR - ok
17:48:14.0500 3264  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:48:14.0500 3264  usbuhci - ok
17:48:14.0500 3264  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:48:14.0500 3264  VgaSave - ok
17:48:14.0515 3264  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:48:14.0515 3264  viaagp - ok
17:48:14.0546 3264  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
17:48:14.0562 3264  ViaIde - ok
17:48:14.0593 3264  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:48:14.0593 3264  VolSnap - ok
17:48:14.0625 3264  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
17:48:14.0625 3264  VSS - ok
17:48:14.0656 3264  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
17:48:14.0656 3264  w32time - ok
17:48:14.0703 3264  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:48:14.0703 3264  Wanarp - ok
17:48:14.0703 3264  WDICA - ok
17:48:14.0750 3264  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:48:14.0750 3264  wdmaud - ok
17:48:14.0765 3264  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:48:14.0781 3264  WebClient - ok
17:48:14.0843 3264  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:48:14.0859 3264  winmgmt - ok
17:48:14.0875 3264  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:48:14.0890 3264  WmdmPmSN - ok
17:48:14.0921 3264  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:48:14.0937 3264  Wmi - ok
17:48:14.0953 3264  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:48:14.0968 3264  WmiApSrv - ok
17:48:15.0031 3264  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
17:48:15.0031 3264  WMPNetworkSvc - ok
17:48:15.0046 3264  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:48:15.0078 3264  wscsvc - ok
17:48:15.0109 3264  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:48:15.0109 3264  wuauserv - ok
17:48:15.0140 3264  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:48:15.0140 3264  WudfPf - ok
17:48:15.0156 3264  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:48:15.0156 3264  WudfRd - ok
17:48:15.0187 3264  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:48:15.0187 3264  WudfSvc - ok
17:48:15.0234 3264  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:48:15.0250 3264  WZCSVC - ok
17:48:15.0265 3264  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:48:15.0265 3264  xmlprov - ok
17:48:15.0359 3264  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:48:15.0359 3264  YahooAUService - ok
17:48:15.0359 3264  ================ Scan global ===============================
17:48:15.0406 3264  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:48:15.0453 3264  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:48:15.0468 3264  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:48:15.0515 3264  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:48:15.0515 3264  [Global] - ok
17:48:15.0515 3264  ================ Scan MBR ==================================
17:48:15.0531 3264  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:48:15.0703 3264  \Device\Harddisk0\DR0 - ok
17:48:15.0703 3264  ================ Scan VBR ==================================
17:48:15.0703 3264  [ 0CF212CE3558E3C544BC2EE86BE24DD2 ] \Device\Harddisk0\DR0\Partition1
17:48:15.0703 3264  \Device\Harddisk0\DR0\Partition1 - ok
17:48:15.0703 3264  ============================================================
17:48:15.0703 3264  Scan finished
17:48:15.0703 3264  ============================================================
17:48:15.0718 3216  Detected object count: 1
17:48:15.0718 3216  Actual detected object count: 1
19:31:01.0781 3216  C:\WINDOWS\system32\DRIVERS\pci.sys - copied to quarantine
19:31:02.0031 3216  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
19:31:02.0046 3216  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
19:31:02.0046 3216  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:31:02.0046 3216  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:31:02.0093 3216  \Device\Harddisk0\DR0\TDLFS\clc.dll - copied to quarantine
19:31:02.0109 3216  \Device\Harddisk0\DR0\TDLFS\module.dll - copied to quarantine
19:31:03.0437 3216  Backup copy found, using it..
19:31:03.0468 3216  C:\WINDOWS\system32\DRIVERS\pci.sys - will be cured on reboot
19:31:03.0468 3216  PCI ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure 
19:34:54.0359 1376  Deinitialize success
 
Umfortunately, this scan was run at around 7pm on 3/23, and according to centurylink, the bug was active on 3/24, though that may just be a time difference, I don't know for sure.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 AM

Posted 27 March 2013 - 10:19 PM

Hello sausage


I don't know about the time difference but that is the one we are looking for. we will run it again in a little while to be sure it is gone.

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
  • Gringo

Edited by gringo_pr, 27 March 2013 - 10:19 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 AM

Posted 30 March 2013 - 01:41 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 AM

Posted 03 April 2013 - 10:06 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 AM

Posted 06 April 2013 - 01:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users