Solved Help computer infected! log files requested in sticky are pasted

jestein

jestein

Posts: 48   +0
Hi this is my first time requesting assistance from the users and mods of techspot. I appreciate all help given. My computer has been acting slow and is infected with a trojan that malwarebytes has detected but has been unable to remove successfully. Thanks in advance for your assistance in cleaning up my computer.

MBAM LOG:

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Admin :: LINDSAY-PC [administrator]

Protection: Enabled

9/25/2012 9:43:19 PM
mbam-log-2012-09-25 (22-11-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252473
Time elapsed: 17 minute(s), 58 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2604 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

GMER LOG:

GMER did not find any modifications and did not produce a log

DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_35
Run by Admin at 22:36:31 on 2012-09-25
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.571 [GMT -7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\mqsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Sophos\Encryption\BLService.exe
C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFBA.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe
C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe
C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Users\Admin\Downloads\rm0srrso.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]
R2 MSSQL$SOPHOS;SQL Server (SOPHOS);C:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-9-17 57966424]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-11-29 36864]
R2 SGNBusinessLogicService;Sophos Encryption Business Logic Service;C:\Program Files (x86)\Sophos\Encryption\BLService.exe [2012-4-29 12800]
R2 Sophos Agent;Sophos Agent;C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe [2011-10-18 282624]
R2 Sophos Certification Manager;Sophos Certification Manager;C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
R2 Sophos Management Service;Sophos Management Service;C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe [2012-4-27 5839872]
R2 Sophos Message Router;Sophos Message Router;C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe [2011-10-18 806912]
R2 SophosManagementHostService;Sophos Management Host;C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe [2012-4-27 9728]
R2 SophosPatchEndpointCommunicator;Sophos Patch Endpoint Communicator;C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe [2012-4-27 151064]
R2 SophosPatchOrchestratorService;Sophos Patch Endpoint Orchestrator;C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe [2012-4-27 19992]
R2 SophosPatchServerCommunicator;Sophos Patch Server Communicator;C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe [2012-4-27 61464]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 250288]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-9-19 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);C:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
.
=============== Created Last 30 ================
.
4103-10-08 07:18:11 -------- d-----w- C:\Windows\pss
2099-10-22 12:04:31 -------- d-----w- C:\Program Files\iPod
2099-10-22 12:04:30 -------- d-----w- C:\Program Files\iTunes
2099-10-22 12:04:30 -------- d-----w- C:\Program Files (x86)\iTunes
2099-10-22 12:03:17 -------- d-----w- C:\Program Files\Bonjour
2099-10-22 12:03:17 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-09-26 03:35:10 20480 ----a-w- C:\Windows\svchost.exe
2012-09-17 00:53:24 -------- d-----w- C:\ProgramData\Utimaco
2012-09-17 00:53:24 -------- d-----w- C:\Program Files (x86)\Sophos
2012-09-17 00:53:24 -------- d-----w- C:\Program Files (x86)\Common Files\Business Objects
2012-09-17 00:52:22 -------- d-----w- C:\Program Files\Sophos
2012-09-17 00:50:19 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50:19 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50:07 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50:07 108376 ----a-w- C:\Windows\System32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49:25 -------- d-----w- C:\Windows\System32\RsFx
2012-09-17 00:48:41 -------- d-----w- C:\Windows\SysWow64\1033
2012-09-17 00:48:41 -------- d-----w- C:\Windows\System32\1033
2012-09-17 00:46:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-09-17 00:45:56 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-09-17 00:43:28 -------- d-----w- C:\Windows\System32\msmq
2012-09-17 00:42:37 -------- d-----w- C:\Program Files (x86)\Business Objects
2012-09-17 00:40:02 -------- d-----w- C:\ProgramData\Sophos
2012-09-17 00:39:20 -------- d-----w- C:\sec_51
2012-09-13 03:35:02 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-13 03:32:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-09-13 03:31:27 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-09-13 03:30:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-09-13 03:30:59 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-09-13 03:26:35 -------- d-----w- C:\ProgramData\!SASCORE
2012-09-13 03:22:50 -------- d-----w- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46:26 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-08-30 16:33:03 -------- d-----w- C:\Users\Admin\AppData\Local\Apple
2012-08-30 07:22:02 -------- d-----w- C:\Program Files (x86)\MSECache
2012-08-30 07:13:26 -------- d-----w- C:\Program Files (x86)\Investintech.com Inc
2012-08-30 05:04:49 -------- d-----w- C:\Users\Admin\AppData\Local\Adobe
2012-08-30 04:57:58 -------- d-----w- C:\Users\Admin\AppData\Local\Macromedia
2012-08-30 04:57:40 -------- d-----w- C:\Users\Admin\AppData\Local\Mozilla
.
==================== Find3M ====================
.
2012-09-21 08:12:52 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 08:12:52 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-13 03:34:46 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-08 00:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 22:37:02.43 ===============

DDS ATTACH LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2010 10:01:50 AM
System Uptime: 9/25/2012 8:49:46 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78T-E
Processor: AMD Athlon(tm) II X4 630 Processor | AM3 | 2809/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 541 GiB total, 445.147 GiB free.
D: is FIXED (NTFS) - 391 GiB total, 369.847 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP1: 11/29/2010 9:13:45 AM - Installed REALTEK PCIE Wireless LAN Driver
RP2: 11/29/2010 9:21:49 AM - Installed REALTEK PCIE Wireless LAN Driver
RP56: 9/12/2012 7:28:41 PM - Installed Rosetta Stone V3.
RP57: 9/12/2012 7:31:12 PM - Installed Rosetta Stone V3.
RP58: 9/12/2012 7:32:04 PM - Installed Rosetta Stone V3.
RP59: 9/12/2012 7:32:56 PM - Installed Rosetta Stone V3.
RP60: 9/12/2012 7:44:42 PM - Installed Rosetta Stone V3.
RP61: 9/12/2012 8:16:57 PM - Installed Rosetta Stone V3.
RP62: 9/12/2012 8:30:32 PM - Windows Update
RP63: 9/12/2012 8:33:45 PM - Installed Java(TM) 6 Update 35
RP64: 9/12/2012 9:43:33 PM - Installed Rosetta Stone V3.
RP65: 9/12/2012 9:50:27 PM - Installed Rosetta Stone V3.
RP66: 9/12/2012 9:51:55 PM - Installed Rosetta Stone V3.
RP67: 9/12/2012 9:56:10 PM - Installed Rosetta Stone V3.
RP68: 9/16/2012 5:42:59 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
7-Zip 9.20
Able2Extract 7.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.1
AIM 7
Apple Application Support
Apple Software Update
BitComet 1.11
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Download Updater (AOL LLC)
Epson CreativeZone
Epson Easy Photo Print 2
Epson Event Manager
EPSON Scan
Evernote v. 4.5.3
Fallout 3
Freecorder 5
Full Tilt Poker
Java Auto Updater
Java(TM) 6 Update 35
Jcats AOC
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft SQL Server 2008 Browser
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 10.0.2 (x86 en-US)
Oblivion
Photodex Presenter
PHOTOfunSTUDIO 5.0
PokerStars
PostgreSQL 8.4
PowerISO
QuickTime
REALTEK Wireless LAN Driver and Utility
SitNGo Wizard
TableNinja
Virtual DJ Pro Full - Atomix Productions
Visual Studio 2008 x64 Redistributables
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
9/25/2012 8:51:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nSU service.
9/25/2012 8:50:17 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
9/25/2012 8:50:15 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/25/2012 8:50:14 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
9/25/2012 8:34:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000004a8000000e0, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a54995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092512-28126-01.
9/25/2012 8:16:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002d72fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092512-26629-01.
9/25/2012 10:36:07 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
11/8/2099 11:09:07 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JESTEIN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C2E68E71-4D89-4571-ADDE-07B7D237543A}. The master browser is stopping or an election is being forced.
11/8/2099 10:57:02 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.8. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.
11/17/2099 11:43:00 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.4 with the system having network hardware address 00-26-B0-28-F4-41. Network operations on this system may be disrupted as a result.
10/22/2099 5:04:34 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
10/22/2099 5:03:34 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/22/2099 5:03:23 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/10/2099 5:38:46 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C2E68E71-4D89-4571-ADDE-07B7D237543A} because another computer on the network has the same name. The server could not start.
10/10/2099 5:38:46 PM, Error: NetBT [4321] - The name "LINDSAY-PC :20" could not be registered on the interface with IP address 192.168.1.9. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
10/10/2099 5:38:46 PM, Error: NetBT [4321] - The name "LINDSAY-PC :0" could not be registered on the interface with IP address 192.168.1.9. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
 
MBAM LOG (after action taken to fix):

NOTE: I've rebooted before but trojan is never removed.


Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Admin :: LINDSAY-PC [administrator]

Protection: Disabled

9/25/2012 9:43:19 PM
mbam-log-2012-09-25 (21-43-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252473
Time elapsed: 17 minute(s), 58 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2604 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
I think this is what your looking for. Let me know if it isn't:

22:34:38.0603 1784 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:34:40.0615 1784 ============================================================
22:34:40.0615 1784 Current date / time: 2012/09/26 22:34:40.0615
22:34:40.0615 1784 SystemInfo:
22:34:40.0615 1784
22:34:40.0615 1784 OS Version: 6.1.7600 ServicePack: 0.0
22:34:40.0615 1784 Product type: Workstation
22:34:40.0615 1784 ComputerName: LINDSAY-PC
22:34:40.0615 1784 UserName: Admin
22:34:40.0615 1784 Windows directory: C:\Windows
22:34:40.0615 1784 System windows directory: C:\Windows
22:34:40.0615 1784 Running under WOW64
22:34:40.0615 1784 Processor architecture: Intel x64
22:34:40.0615 1784 Number of processors: 4
22:34:40.0615 1784 Page size: 0x1000
22:34:40.0615 1784 Boot type: Normal boot
22:34:40.0615 1784 ============================================================
22:35:02.0076 1784 BG loaded
22:35:02.0528 1784 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:35:02.0544 1784 ============================================================
22:35:02.0544 1784 \Device\Harddisk0\DR0:
22:35:02.0544 1784 MBR partitions:
22:35:02.0544 1784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:35:02.0544 1784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
22:35:02.0544 1784 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
22:35:02.0544 1784 ============================================================
22:35:02.0622 1784 C: <-> \Device\Harddisk0\DR0\Partition3
22:35:02.0809 1784 D: <-> \Device\Harddisk0\DR0\Partition2
22:35:02.0809 1784 ============================================================
22:35:02.0809 1784 Initialize success
22:35:02.0809 1784 ============================================================
 
22:30:29.0781 8472 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:30:30.0471 8472 ============================================================
22:30:30.0472 8472 Current date / time: 2012/09/26 22:30:30.0471
22:30:30.0472 8472 SystemInfo:
22:30:30.0472 8472
22:30:30.0472 8472 OS Version: 6.1.7600 ServicePack: 0.0
22:30:30.0472 8472 Product type: Workstation
22:30:30.0472 8472 ComputerName: LINDSAY-PC
22:30:30.0472 8472 UserName: Admin
22:30:30.0472 8472 Windows directory: C:\Windows
22:30:30.0472 8472 System windows directory: C:\Windows
22:30:30.0472 8472 Running under WOW64
22:30:30.0472 8472 Processor architecture: Intel x64
22:30:30.0472 8472 Number of processors: 4
22:30:30.0472 8472 Page size: 0x1000
22:30:30.0472 8472 Boot type: Normal boot
22:30:30.0472 8472 ============================================================
22:30:31.0496 8472 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:30:31.0499 8472 ============================================================
22:30:31.0499 8472 \Device\Harddisk0\DR0:
22:30:31.0499 8472 MBR partitions:
22:30:31.0499 8472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:30:31.0499 8472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
22:30:31.0499 8472 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
22:30:31.0499 8472 ============================================================
22:30:31.0519 8472 C: <-> \Device\Harddisk0\DR0\Partition3
22:30:31.0556 8472 D: <-> \Device\Harddisk0\DR0\Partition2
22:30:31.0556 8472 ============================================================
22:30:31.0556 8472 Initialize success
22:30:31.0556 8472 ============================================================
22:30:54.0026 7668 ============================================================
22:30:54.0026 7668 Scan started
22:30:54.0026 7668 Mode: Manual;
22:30:54.0026 7668 ============================================================
22:30:56.0394 7668 ================ Scan system memory ========================
22:30:56.0394 7668 System memory - ok
22:30:56.0394 7668 ================ Scan services =============================
22:30:56.0591 7668 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:30:56.0593 7668 !SASCORE - ok
22:30:56.0714 7668 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:30:56.0717 7668 1394ohci - ok
22:30:56.0744 7668 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:30:56.0748 7668 ACPI - ok
22:30:56.0778 7668 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:30:56.0778 7668 AcpiPmi - ok
22:30:56.0893 7668 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:30:56.0896 7668 AdobeFlashPlayerUpdateSvc - ok
22:30:56.0926 7668 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:30:56.0931 7668 adp94xx - ok
22:30:56.0961 7668 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:30:56.0965 7668 adpahci - ok
22:30:56.0988 7668 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:30:56.0991 7668 adpu320 - ok
22:30:57.0024 7668 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:30:57.0025 7668 AeLookupSvc - ok
22:30:57.0079 7668 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:30:57.0085 7668 AFD - ok
22:30:57.0104 7668 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:30:57.0105 7668 agp440 - ok
22:30:57.0140 7668 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:30:57.0141 7668 ALG - ok
22:30:57.0154 7668 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:30:57.0155 7668 aliide - ok
22:30:57.0170 7668 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:30:57.0171 7668 amdide - ok
22:30:57.0187 7668 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:30:57.0188 7668 AmdK8 - ok
22:30:57.0210 7668 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:30:57.0211 7668 AmdPPM - ok
22:30:57.0216 7668 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
22:30:57.0217 7668 amdsata - ok
22:30:57.0253 7668 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:30:57.0255 7668 amdsbs - ok
22:30:57.0283 7668 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
22:30:57.0284 7668 amdxata - ok
22:30:57.0297 7668 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:30:57.0298 7668 AppID - ok
22:30:57.0331 7668 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:30:57.0332 7668 AppIDSvc - ok
22:30:57.0359 7668 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:30:57.0360 7668 Appinfo - ok
22:30:57.0459 7668 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:30:57.0460 7668 Apple Mobile Device - ok
22:30:57.0487 7668 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:30:57.0489 7668 AppMgmt - ok
22:30:57.0494 7668 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:30:57.0496 7668 arc - ok
22:30:57.0500 7668 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:30:57.0502 7668 arcsas - ok
22:30:57.0527 7668 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:57.0528 7668 AsyncMac - ok
22:30:57.0543 7668 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:30:57.0544 7668 atapi - ok
22:30:57.0642 7668 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:30:57.0691 7668 atikmdag - ok
22:30:57.0715 7668 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:30:57.0722 7668 AudioEndpointBuilder - ok
22:30:57.0731 7668 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:30:57.0735 7668 AudioSrv - ok
22:30:57.0760 7668 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:30:57.0762 7668 AxInstSV - ok
22:30:57.0789 7668 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:30:57.0806 7668 b06bdrv - ok
22:30:57.0835 7668 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:30:57.0839 7668 b57nd60a - ok
22:30:57.0874 7668 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:30:57.0876 7668 BDESVC - ok
22:30:57.0890 7668 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:30:57.0891 7668 Beep - ok
22:30:57.0930 7668 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
22:30:57.0939 7668 BITS - ok
22:30:57.0955 7668 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:30:57.0956 7668 blbdrive - ok
22:30:58.0006 7668 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:30:58.0009 7668 Bonjour Service - ok
22:30:58.0040 7668 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:30:58.0041 7668 bowser - ok
22:30:58.0061 7668 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:30:58.0062 7668 BrFiltLo - ok
22:30:58.0080 7668 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:30:58.0080 7668 BrFiltUp - ok
22:30:58.0098 7668 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
22:30:58.0100 7668 Browser - ok
22:30:58.0120 7668 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:30:58.0123 7668 Brserid - ok
22:30:58.0142 7668 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:30:58.0143 7668 BrSerWdm - ok
22:30:58.0151 7668 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:30:58.0152 7668 BrUsbMdm - ok
22:30:58.0161 7668 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:30:58.0161 7668 BrUsbSer - ok
22:30:58.0178 7668 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:30:58.0179 7668 BTHMODEM - ok
22:30:58.0206 7668 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:30:58.0208 7668 bthserv - ok
22:30:58.0227 7668 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:30:58.0229 7668 cdfs - ok
22:30:58.0248 7668 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:30:58.0250 7668 cdrom - ok
22:30:58.0299 7668 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:30:58.0301 7668 CertPropSvc - ok
22:30:58.0305 7668 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:30:58.0306 7668 circlass - ok
22:30:58.0340 7668 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:30:58.0345 7668 CLFS - ok
22:30:58.0389 7668 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:30:58.0418 7668 clr_optimization_v2.0.50727_32 - ok
22:30:58.0645 7668 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:30:58.0647 7668 clr_optimization_v2.0.50727_64 - ok
22:30:58.0663 7668 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:30:58.0664 7668 CmBatt - ok
22:30:58.0680 7668 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:30:58.0680 7668 cmdide - ok
22:30:58.0712 7668 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
22:30:58.0717 7668 CNG - ok
22:30:58.0742 7668 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:30:58.0743 7668 Compbatt - ok
22:30:58.0747 7668 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:30:58.0749 7668 CompositeBus - ok
22:30:58.0753 7668 COMSysApp - ok
22:30:58.0772 7668 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
22:30:58.0772 7668 cpuz134 - ok
22:30:58.0791 7668 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:30:58.0792 7668 crcdisk - ok
22:30:58.0823 7668 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:30:58.0825 7668 CryptSvc - ok
22:30:58.0851 7668 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
22:30:58.0857 7668 CSC - ok
22:30:58.0882 7668 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
22:30:58.0889 7668 CscService - ok
22:30:58.0916 7668 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:30:58.0922 7668 DcomLaunch - ok
22:30:58.0948 7668 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:30:58.0952 7668 defragsvc - ok
22:30:58.0974 7668 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:30:58.0975 7668 DfsC - ok
22:30:58.0995 7668 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:30:58.0999 7668 Dhcp - ok
22:30:59.0010 7668 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:30:59.0012 7668 discache - ok
22:30:59.0020 7668 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:30:59.0021 7668 Disk - ok
22:30:59.0041 7668 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:30:59.0043 7668 Dnscache - ok
22:30:59.0070 7668 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:30:59.0073 7668 dot3svc - ok
22:30:59.0084 7668 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:30:59.0087 7668 DPS - ok
22:30:59.0122 7668 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:30:59.0123 7668 drmkaud - ok
22:30:59.0155 7668 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:30:59.0165 7668 DXGKrnl - ok
22:30:59.0186 7668 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:30:59.0188 7668 EapHost - ok
22:30:59.0261 7668 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:30:59.0294 7668 ebdrv - ok
22:30:59.0324 7668 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:30:59.0326 7668 EFS - ok
22:30:59.0375 7668 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:30:59.0382 7668 ehRecvr - ok
22:30:59.0402 7668 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:30:59.0403 7668 ehSched - ok
22:30:59.0438 7668 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:30:59.0444 7668 elxstor - ok
22:30:59.0539 7668 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
22:30:59.0541 7668 EPSON_EB_RPCV4_01 - ok
22:30:59.0585 7668 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
22:30:59.0586 7668 EPSON_PM_RPCV4_01 - ok
22:30:59.0602 7668 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:30:59.0602 7668 ErrDev - ok
22:30:59.0629 7668 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:30:59.0634 7668 EventSystem - ok
22:30:59.0668 7668 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:30:59.0671 7668 exfat - ok
22:30:59.0689 7668 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:30:59.0692 7668 fastfat - ok
22:30:59.0729 7668 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:30:59.0736 7668 Fax - ok
22:30:59.0755 7668 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:30:59.0756 7668 fdc - ok
22:30:59.0780 7668 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:30:59.0781 7668 fdPHost - ok
22:30:59.0789 7668 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:30:59.0790 7668 FDResPub - ok
22:30:59.0799 7668 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:30:59.0800 7668 FileInfo - ok
22:30:59.0814 7668 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:30:59.0815 7668 Filetrace - ok
22:30:59.0830 7668 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:30:59.0831 7668 flpydisk - ok
22:30:59.0845 7668 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:30:59.0848 7668 FltMgr - ok
22:30:59.0899 7668 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
22:30:59.0910 7668 FontCache - ok
22:30:59.0966 7668 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:30:59.0968 7668 FontCache3.0.0.0 - ok
22:30:59.0991 7668 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:30:59.0993 7668 FsDepends - ok
22:31:00.0020 7668 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:31:00.0021 7668 Fs_Rec - ok
22:31:00.0040 7668 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:31:00.0043 7668 fvevol - ok
22:31:00.0069 7668 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:00.0070 7668 gagp30kx - ok
22:31:00.0083 7668 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:00.0084 7668 GEARAspiWDM - ok
22:31:00.0110 7668 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:31:00.0119 7668 gpsvc - ok
22:31:00.0138 7668 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:31:00.0139 7668 hcw85cir - ok
22:31:00.0174 7668 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:31:00.0177 7668 HdAudAddService - ok
22:31:00.0204 7668 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:31:00.0206 7668 HDAudBus - ok
22:31:00.0225 7668 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:31:00.0225 7668 HidBatt - ok
22:31:00.0230 7668 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:31:00.0232 7668 HidBth - ok
22:31:00.0246 7668 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:31:00.0247 7668 HidIr - ok
22:31:00.0266 7668 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:31:00.0267 7668 hidserv - ok
22:31:00.0284 7668 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:31:00.0286 7668 HidUsb - ok
22:31:00.0340 7668 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:31:00.0341 7668 hkmsvc - ok
22:31:00.0360 7668 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:31:00.0364 7668 HomeGroupListener - ok
22:31:00.0398 7668 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:31:00.0401 7668 HomeGroupProvider - ok
22:31:00.0405 7668 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:31:00.0407 7668 HpSAMD - ok
22:31:00.0449 7668 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:31:00.0457 7668 HTTP - ok
22:31:00.0469 7668 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:31:00.0469 7668 hwpolicy - ok
22:31:00.0509 7668 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:00.0511 7668 i8042prt - ok
22:31:00.0539 7668 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
22:31:00.0543 7668 iaStorV - ok
22:31:00.0638 7668 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:31:00.0640 7668 IDriverT - ok
22:31:00.0695 7668 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:31:00.0704 7668 idsvc - ok
22:31:00.0724 7668 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:31:00.0725 7668 iirsp - ok
22:31:00.0759 7668 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:31:00.0768 7668 IKEEXT - ok
22:31:00.0789 7668 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:31:00.0790 7668 intelide - ok
22:31:00.0812 7668 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:31:00.0814 7668 intelppm - ok
22:31:00.0825 7668 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:31:00.0827 7668 IPBusEnum - ok
22:31:00.0846 7668 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:00.0848 7668 IpFilterDriver - ok
22:31:00.0862 7668 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:31:00.0864 7668 IPMIDRV - ok
22:31:00.0882 7668 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:31:00.0884 7668 IPNAT - ok
22:31:00.0957 7668 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:31:00.0967 7668 iPod Service - ok
22:31:00.0984 7668 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:31:00.0985 7668 IRENUM - ok
22:31:01.0000 7668 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:31:01.0001 7668 isapnp - ok
22:31:01.0034 7668 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:01.0055 7668 iScsiPrt - ok
22:31:01.0076 7668 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:01.0077 7668 kbdclass - ok
22:31:01.0096 7668 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:01.0097 7668 kbdhid - ok
22:31:01.0116 7668 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:31:01.0117 7668 KeyIso - ok
22:31:01.0129 7668 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:31:01.0130 7668 KSecDD - ok
22:31:01.0166 7668 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:31:01.0168 7668 KSecPkg - ok
22:31:01.0187 7668 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:31:01.0188 7668 ksthunk - ok
22:31:01.0213 7668 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:31:01.0218 7668 KtmRm - ok
22:31:01.0231 7668 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
22:31:01.0233 7668 L1E - ok
22:31:01.0250 7668 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:31:01.0253 7668 LanmanServer - ok
22:31:01.0279 7668 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:31:01.0282 7668 LanmanWorkstation - ok
22:31:01.0304 7668 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:31:01.0306 7668 lltdio - ok
22:31:01.0367 7668 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:31:01.0370 7668 lltdsvc - ok
22:31:01.0406 7668 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:31:01.0407 7668 lmhosts - ok
22:31:01.0439 7668 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:31:01.0441 7668 LSI_FC - ok
22:31:01.0445 7668 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:31:01.0447 7668 LSI_SAS - ok
22:31:01.0465 7668 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:31:01.0466 7668 LSI_SAS2 - ok
22:31:01.0471 7668 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:31:01.0473 7668 LSI_SCSI - ok
22:31:01.0493 7668 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:31:01.0495 7668 luafv - ok
22:31:01.0534 7668 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:31:01.0535 7668 MBAMProtector - ok
22:31:01.0594 7668 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:31:01.0598 7668 MBAMScheduler - ok
22:31:01.0631 7668 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:31:01.0638 7668 MBAMService - ok
22:31:01.0663 7668 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:31:01.0665 7668 Mcx2Svc - ok
22:31:01.0675 7668 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:31:01.0676 7668 megasas - ok
22:31:01.0701 7668 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:31:01.0704 7668 MegaSR - ok
22:31:01.0768 7668 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:31:01.0770 7668 Microsoft Office Groove Audit Service - ok
22:31:01.0796 7668 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:31:01.0797 7668 MMCSS - ok
22:31:01.0808 7668 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:31:01.0809 7668 Modem - ok
22:31:01.0826 7668 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:31:01.0827 7668 monitor - ok
22:31:01.0839 7668 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:31:01.0840 7668 mouclass - ok
22:31:01.0858 7668 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:31:01.0859 7668 mouhid - ok
22:31:01.0875 7668 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:31:01.0877 7668 mountmgr - ok
22:31:01.0896 7668 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:31:01.0898 7668 mpio - ok
22:31:01.0920 7668 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:31:01.0922 7668 mpsdrv - ok
22:31:01.0943 7668 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
22:31:01.0946 7668 MQAC - ok
22:31:01.0964 7668 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:31:01.0966 7668 MRxDAV - ok
22:31:01.0987 7668 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:01.0989 7668 mrxsmb - ok
22:31:02.0015 7668 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:02.0019 7668 mrxsmb10 - ok
22:31:02.0048 7668 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:02.0050 7668 mrxsmb20 - ok
22:31:02.0061 7668 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:31:02.0062 7668 msahci - ok
22:31:02.0067 7668 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:31:02.0069 7668 msdsm - ok
22:31:02.0092 7668 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:31:02.0095 7668 MSDTC - ok
22:31:02.0107 7668 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:31:02.0108 7668 Msfs - ok
22:31:02.0125 7668 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:31:02.0125 7668 mshidkmdf - ok
22:31:02.0133 7668 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:31:02.0134 7668 msisadrv - ok
22:31:02.0168 7668 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:31:02.0171 7668 MSiSCSI - ok
22:31:02.0174 7668 msiserver - ok
22:31:02.0198 7668 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:31:02.0199 7668 MSKSSRV - ok
22:31:02.0229 7668 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
22:31:02.0230 7668 MSMQ - ok
22:31:02.0245 7668 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:02.0247 7668 MSPCLOCK - ok
22:31:02.0261 7668 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:31:02.0262 7668 MSPQM - ok
22:31:02.0285 7668 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:31:02.0289 7668 MsRPC - ok
22:31:02.0312 7668 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:31:02.0313 7668 mssmbios - ok
22:31:02.0424 7668 MSSQL$SOPHOS - ok
22:31:02.0502 7668 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:31:02.0503 7668 MSSQLServerADHelper100 - ok
22:31:02.0516 7668 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:31:02.0517 7668 MSTEE - ok
22:31:02.0535 7668 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:31:02.0536 7668 MTConfig - ok
22:31:02.0555 7668 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:31:02.0556 7668 Mup - ok
22:31:02.0592 7668 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:31:02.0598 7668 napagent - ok
22:31:02.0635 7668 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:31:02.0639 7668 NativeWifiP - ok
22:31:02.0667 7668 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:31:02.0677 7668 NDIS - ok
22:31:02.0694 7668 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:31:02.0695 7668 NdisCap - ok
22:31:02.0723 7668 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:02.0724 7668 NdisTapi - ok
22:31:02.0742 7668 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:02.0744 7668 Ndisuio - ok
22:31:02.0755 7668 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:02.0757 7668 NdisWan - ok
22:31:02.0771 7668 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:31:02.0772 7668 NDProxy - ok
22:31:02.0785 7668 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:31:02.0786 7668 NetBIOS - ok
22:31:02.0798 7668 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:31:02.0802 7668 NetBT - ok
22:31:02.0819 7668 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:31:02.0820 7668 Netlogon - ok
22:31:02.0865 7668 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:31:02.0869 7668 Netman - ok
22:31:02.0889 7668 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:31:02.0895 7668 netprofm - ok
22:31:02.0915 7668 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:31:02.0917 7668 NetTcpPortSharing - ok
22:31:02.0933 7668 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:31:02.0935 7668 nfrd960 - ok
22:31:02.0953 7668 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:31:02.0957 7668 NlaSvc - ok
22:31:02.0969 7668 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:31:02.0970 7668 Npfs - ok
22:31:02.0988 7668 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:31:02.0990 7668 nsi - ok
22:31:03.0000 7668 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:31:03.0001 7668 nsiproxy - ok
22:31:03.0041 7668 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:31:03.0058 7668 Ntfs - ok
22:31:03.0067 7668 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:31:03.0068 7668 Null - ok
22:31:03.0097 7668 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
22:31:03.0099 7668 nvraid - ok
22:31:03.0115 7668 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
22:31:03.0117 7668 nvstor - ok
22:31:03.0131 7668 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:31:03.0132 7668 nv_agp - ok
22:31:03.0210 7668 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:31:03.0215 7668 odserv - ok
22:31:03.0231 7668 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:31:03.0232 7668 ohci1394 - ok
22:31:03.0265 7668 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:31:03.0268 7668 ose - ok
22:31:03.0290 7668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:31:03.0295 7668 p2pimsvc - ok
22:31:03.0325 7668 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:31:03.0330 7668 p2psvc - ok
22:31:03.0335 7668 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:31:03.0337 7668 Parport - ok
22:31:03.0374 7668 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:31:03.0390 7668 partmgr - ok
22:31:03.0415 7668 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:31:03.0418 7668 PcaSvc - ok
22:31:03.0429 7668 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:31:03.0431 7668 pci - ok
22:31:03.0447 7668 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:31:03.0447 7668 pciide - ok
22:31:03.0461 7668 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:31:03.0463 7668 pcmcia - ok
22:31:03.0477 7668 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:31:03.0479 7668 pcw - ok
22:31:03.0496 7668 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:31:03.0503 7668 PEAUTH - ok
22:31:03.0537 7668 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:31:03.0551 7668 PeerDistSvc - ok
22:31:03.0618 7668 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:31:03.0620 7668 PerfHost - ok
22:31:03.0679 7668 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:31:03.0694 7668 pla - ok
22:31:03.0718 7668 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:31:03.0724 7668 PlugPlay - ok
22:31:03.0736 7668 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:31:03.0737 7668 PNRPAutoReg - ok
22:31:03.0744 7668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:31:03.0747 7668 PNRPsvc - ok
22:31:03.0776 7668 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:31:03.0781 7668 PolicyAgent - ok
22:31:03.0854 7668 postgresql-8.4 - ok
22:31:03.0886 7668 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:31:03.0889 7668 Power - ok
22:31:03.0913 7668 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:31:03.0915 7668 PptpMiniport - ok
22:31:03.0931 7668 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:31:03.0932 7668 Processor - ok
22:31:03.0947 7668 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
22:31:03.0950 7668 ProfSvc - ok
22:31:03.0969 7668 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:31:03.0970 7668 ProtectedStorage - ok
22:31:03.0993 7668 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:31:03.0995 7668 Psched - ok
22:31:04.0043 7668 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
 
22:31:04.0059 7668 ql2300 - ok
22:31:04.0081 7668 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:31:04.0083 7668 ql40xx - ok
22:31:04.0102 7668 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:31:04.0105 7668 QWAVE - ok
22:31:04.0124 7668 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:31:04.0125 7668 QWAVEdrv - ok
22:31:04.0140 7668 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:31:04.0141 7668 RasAcd - ok
22:31:04.0170 7668 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:31:04.0172 7668 RasAgileVpn - ok
22:31:04.0187 7668 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:31:04.0189 7668 RasAuto - ok
22:31:04.0202 7668 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:04.0204 7668 Rasl2tp - ok
22:31:04.0216 7668 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:31:04.0221 7668 RasMan - ok
22:31:04.0231 7668 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:04.0233 7668 RasPppoe - ok
22:31:04.0263 7668 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:31:04.0265 7668 RasSstp - ok
22:31:04.0285 7668 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:31:04.0289 7668 rdbss - ok
22:31:04.0297 7668 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:31:04.0298 7668 rdpbus - ok
22:31:04.0309 7668 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:04.0310 7668 RDPCDD - ok
22:31:04.0334 7668 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:31:04.0336 7668 RDPDR - ok
22:31:04.0363 7668 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:31:04.0364 7668 RDPENCDD - ok
22:31:04.0378 7668 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:31:04.0378 7668 RDPREFMP - ok
22:31:04.0427 7668 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:31:04.0439 7668 RDPWD - ok
22:31:04.0453 7668 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:31:04.0456 7668 rdyboost - ok
22:31:04.0511 7668 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
22:31:04.0512 7668 Realtek11nSU - ok
22:31:04.0553 7668 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:31:04.0555 7668 RemoteAccess - ok
22:31:04.0569 7668 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:31:04.0572 7668 RemoteRegistry - ok
22:31:04.0582 7668 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:31:04.0584 7668 RpcEptMapper - ok
22:31:04.0614 7668 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:31:04.0615 7668 RpcLocator - ok
22:31:04.0634 7668 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:31:04.0638 7668 RpcSs - ok
22:31:04.0689 7668 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
22:31:04.0693 7668 RsFx0103 - ok
22:31:04.0705 7668 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:31:04.0707 7668 rspndr - ok
22:31:04.0727 7668 [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
22:31:04.0735 7668 RTL8192su - ok
22:31:04.0758 7668 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:31:04.0759 7668 s3cap - ok
22:31:04.0777 7668 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:31:04.0777 7668 SamSs - ok
22:31:04.0860 7668 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:31:04.0860 7668 SASDIFSV - ok
22:31:04.0888 7668 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:31:04.0889 7668 SASKUTIL - ok
22:31:04.0900 7668 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:31:04.0902 7668 sbp2port - ok
22:31:04.0930 7668 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:31:04.0933 7668 SCardSvr - ok
22:31:04.0962 7668 [ 4B12E2E559641B0F26474BBC6D7CFAFF ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
22:31:04.0963 7668 SCDEmu - ok
22:31:04.0974 7668 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:31:04.0976 7668 scfilter - ok
22:31:05.0018 7668 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:31:05.0031 7668 Schedule - ok
22:31:05.0056 7668 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:31:05.0057 7668 SCPolicySvc - ok
22:31:05.0067 7668 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:31:05.0070 7668 SDRSVC - ok
22:31:05.0097 7668 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:31:05.0098 7668 secdrv - ok
22:31:05.0113 7668 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:31:05.0115 7668 seclogon - ok
22:31:05.0123 7668 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:31:05.0124 7668 SENS - ok
22:31:05.0128 7668 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:31:05.0130 7668 SensrSvc - ok
22:31:05.0138 7668 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:31:05.0140 7668 Serenum - ok
22:31:05.0147 7668 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:31:05.0148 7668 Serial - ok
22:31:05.0160 7668 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:31:05.0161 7668 sermouse - ok
22:31:05.0187 7668 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:31:05.0190 7668 SessionEnv - ok
22:31:05.0208 7668 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:31:05.0209 7668 sffdisk - ok
22:31:05.0216 7668 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:31:05.0217 7668 sffp_mmc - ok
22:31:05.0235 7668 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:31:05.0236 7668 sffp_sd - ok
22:31:05.0246 7668 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:31:05.0247 7668 sfloppy - ok
22:31:05.0290 7668 [ 41264E06A5CB8FF21D4D2FC59CFEE8EC ] SGNBusinessLogicService C:\Program Files (x86)\Sophos\Encryption\BLService.exe
22:31:05.0291 7668 SGNBusinessLogicService - ok
22:31:05.0295 7668 SGN_LogSystem - ok
22:31:05.0324 7668 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:31:05.0328 7668 SharedAccess - ok
22:31:05.0372 7668 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:31:05.0377 7668 ShellHWDetection - ok
22:31:05.0390 7668 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:31:05.0391 7668 SiSRaid2 - ok
22:31:05.0403 7668 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:31:05.0404 7668 SiSRaid4 - ok
22:31:05.0442 7668 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:31:05.0444 7668 Smb - ok
22:31:05.0467 7668 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:31:05.0468 7668 SNMPTRAP - ok
22:31:05.0609 7668 [ 1DD15CBAE4AA7B2F5166D0C2700AEF94 ] Sophos Agent C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
22:31:05.0612 7668 Sophos Agent - ok
22:31:05.0631 7668 [ F55A42C8A2FA52B2EFAB477C015AD24E ] Sophos Certification Manager C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
22:31:05.0632 7668 Sophos Certification Manager - ok
22:31:05.0759 7668 [ AB6E2BF3AD49DDB152A53201DFF42483 ] Sophos Management Service C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
22:31:05.0815 7668 Sophos Management Service - ok
22:31:05.0857 7668 [ 65F816D7534D25623DA909911FF7E7D8 ] Sophos Message Router C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
22:31:05.0865 7668 Sophos Message Router - ok
22:31:05.0908 7668 [ 1BE9D02F57AB179C2FB900E3B3938F41 ] SophosManagementHostService C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe
22:31:05.0908 7668 SophosManagementHostService - ok
22:31:05.0937 7668 [ D0BC85E0D204E42EE54867A8E6EFE7A6 ] SophosPatchEndpointCommunicator C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe
22:31:05.0939 7668 SophosPatchEndpointCommunicator - ok
22:31:05.0970 7668 [ AA87E68657D0AD06C5922A01D01B47FB ] SophosPatchOrchestratorService C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe
22:31:05.0971 7668 SophosPatchOrchestratorService - ok
22:31:06.0009 7668 [ C5816593AC80CA028EBD8A481E70B8DB ] SophosPatchServerCommunicator C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe
22:31:06.0010 7668 SophosPatchServerCommunicator - ok
22:31:06.0028 7668 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:31:06.0029 7668 spldr - ok
22:31:06.0052 7668 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
22:31:06.0059 7668 Spooler - ok
22:31:06.0128 7668 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:31:06.0162 7668 sppsvc - ok
22:31:06.0185 7668 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:31:06.0187 7668 sppuinotify - ok
22:31:06.0276 7668 [ A5609D0178B2FEC118A7F4A24ECD1BFB ] SQLAgent$SOPHOS c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE
22:31:06.0281 7668 SQLAgent$SOPHOS - ok
22:31:06.0351 7668 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:31:06.0354 7668 SQLBrowser - ok
22:31:06.0394 7668 [ C298D989D717CB153702E397B6D9AAAD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:31:06.0396 7668 SQLWriter - ok
22:31:06.0459 7668 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:31:06.0464 7668 srv - ok
22:31:06.0491 7668 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:31:06.0495 7668 srv2 - ok
22:31:06.0505 7668 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:31:06.0508 7668 srvnet - ok
22:31:06.0533 7668 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:31:06.0536 7668 SSDPSRV - ok
22:31:06.0548 7668 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:31:06.0550 7668 SstpSvc - ok
22:31:06.0572 7668 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:31:06.0573 7668 stexstor - ok
22:31:06.0598 7668 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:31:06.0605 7668 stisvc - ok
22:31:06.0616 7668 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:31:06.0617 7668 storflt - ok
22:31:06.0634 7668 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:31:06.0635 7668 storvsc - ok
22:31:06.0648 7668 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:31:06.0649 7668 swenum - ok
22:31:06.0667 7668 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:31:06.0673 7668 swprv - ok
22:31:06.0710 7668 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:31:06.0728 7668 SysMain - ok
22:31:06.0744 7668 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:31:06.0746 7668 TabletInputService - ok
22:31:06.0765 7668 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:31:06.0769 7668 TapiSrv - ok
22:31:06.0781 7668 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:31:06.0783 7668 TBS - ok
22:31:06.0834 7668 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:31:06.0853 7668 Tcpip - ok
22:31:06.0886 7668 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:31:06.0895 7668 TCPIP6 - ok
22:31:06.0919 7668 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:31:06.0920 7668 tcpipreg - ok
22:31:06.0926 7668 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:31:06.0927 7668 TDPIPE - ok
22:31:06.0948 7668 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:31:06.0949 7668 TDTCP - ok
22:31:06.0965 7668 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:31:06.0967 7668 tdx - ok
22:31:06.0984 7668 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:31:06.0986 7668 TermDD - ok
22:31:07.0003 7668 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:31:07.0011 7668 TermService - ok
22:31:07.0024 7668 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:31:07.0025 7668 Themes - ok
22:31:07.0049 7668 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:31:07.0051 7668 THREADORDER - ok
22:31:07.0063 7668 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:31:07.0065 7668 TrkWks - ok
22:31:07.0116 7668 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:31:07.0119 7668 TrustedInstaller - ok
22:31:07.0133 7668 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:07.0135 7668 tssecsrv - ok
22:31:07.0161 7668 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:31:07.0162 7668 tunnel - ok
22:31:07.0177 7668 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:31:07.0178 7668 uagp35 - ok
22:31:07.0202 7668 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:31:07.0205 7668 udfs - ok
22:31:07.0224 7668 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:31:07.0226 7668 UI0Detect - ok
22:31:07.0241 7668 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:31:07.0243 7668 uliagpkx - ok
22:31:07.0264 7668 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:31:07.0265 7668 umbus - ok
22:31:07.0281 7668 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:31:07.0282 7668 UmPass - ok
22:31:07.0296 7668 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
22:31:07.0299 7668 UmRdpService - ok
22:31:07.0318 7668 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:31:07.0323 7668 upnphost - ok
22:31:07.0341 7668 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:31:07.0342 7668 USBAAPL64 - ok
22:31:07.0368 7668 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:31:07.0370 7668 usbaudio - ok
22:31:07.0389 7668 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:07.0390 7668 usbccgp - ok
22:31:07.0408 7668 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:31:07.0410 7668 usbcir - ok
22:31:07.0428 7668 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:31:07.0429 7668 usbehci - ok
22:31:07.0481 7668 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:31:07.0485 7668 usbhub - ok
22:31:07.0510 7668 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:31:07.0511 7668 usbohci - ok
22:31:07.0533 7668 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:31:07.0534 7668 usbprint - ok
22:31:07.0543 7668 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:31:07.0544 7668 usbscan - ok
22:31:07.0560 7668 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:07.0562 7668 USBSTOR - ok
22:31:07.0577 7668 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:31:07.0578 7668 usbuhci - ok
22:31:07.0600 7668 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:31:07.0602 7668 UxSms - ok
22:31:07.0619 7668 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:31:07.0620 7668 VaultSvc - ok
22:31:07.0641 7668 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:31:07.0642 7668 vdrvroot - ok
22:31:07.0666 7668 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:31:07.0672 7668 vds - ok
22:31:07.0703 7668 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:07.0704 7668 vga - ok
22:31:07.0718 7668 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:31:07.0719 7668 VgaSave - ok
22:31:07.0731 7668 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:31:07.0734 7668 vhdmp - ok
22:31:07.0745 7668 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:31:07.0746 7668 viaide - ok
22:31:07.0764 7668 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:31:07.0767 7668 vmbus - ok
22:31:07.0779 7668 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:31:07.0780 7668 VMBusHID - ok
22:31:07.0796 7668 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:31:07.0797 7668 volmgr - ok
22:31:07.0817 7668 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:31:07.0822 7668 volmgrx - ok
22:31:07.0839 7668 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:31:07.0843 7668 volsnap - ok
22:31:07.0848 7668 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:31:07.0851 7668 vsmraid - ok
22:31:07.0890 7668 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:31:07.0907 7668 VSS - ok
22:31:07.0919 7668 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:31:07.0920 7668 vwifibus - ok
22:31:07.0940 7668 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:31:07.0941 7668 vwififlt - ok
22:31:07.0965 7668 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:31:07.0969 7668 W32Time - ok
22:31:07.0999 7668 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:31:08.0000 7668 WacomPen - ok
22:31:08.0024 7668 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:31:08.0025 7668 WANARP - ok
22:31:08.0029 7668 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:31:08.0030 7668 Wanarpv6 - ok
22:31:08.0068 7668 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:31:08.0084 7668 wbengine - ok
22:31:08.0149 7668 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:31:08.0174 7668 WbioSrvc - ok
22:31:08.0191 7668 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:31:08.0197 7668 wcncsvc - ok
22:31:08.0222 7668 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:31:08.0223 7668 WcsPlugInService - ok
22:31:08.0241 7668 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:31:08.0242 7668 Wd - ok
22:31:08.0262 7668 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:31:08.0269 7668 Wdf01000 - ok
22:31:08.0299 7668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:31:08.0301 7668 WdiServiceHost - ok
22:31:08.0304 7668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:31:08.0306 7668 WdiSystemHost - ok
22:31:08.0319 7668 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
22:31:08.0323 7668 WebClient - ok
22:31:08.0333 7668 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:31:08.0336 7668 Wecsvc - ok
22:31:08.0367 7668 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:31:08.0369 7668 wercplsupport - ok
22:31:08.0392 7668 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:31:08.0394 7668 WerSvc - ok
22:31:08.0407 7668 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:31:08.0408 7668 WfpLwf - ok
22:31:08.0418 7668 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:31:08.0419 7668 WIMMount - ok
22:31:08.0424 7668 WinHttpAutoProxySvc - ok
22:31:08.0512 7668 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:31:08.0515 7668 Winmgmt - ok
22:31:08.0572 7668 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:31:08.0593 7668 WinRM - ok
22:31:08.0627 7668 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:31:08.0629 7668 WinUsb - ok
22:31:08.0665 7668 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:31:08.0675 7668 Wlansvc - ok
22:31:08.0679 7668 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:31:08.0680 7668 WmiAcpi - ok
22:31:08.0701 7668 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:31:08.0703 7668 wmiApSrv - ok
22:31:08.0733 7668 WMPNetworkSvc - ok
22:31:08.0740 7668 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:31:08.0741 7668 WPCSvc - ok
22:31:08.0751 7668 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:31:08.0753 7668 WPDBusEnum - ok
22:31:08.0761 7668 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:31:08.0763 7668 ws2ifsl - ok
22:31:08.0767 7668 WSearch - ok
22:31:08.0842 7668 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:31:08.0867 7668 wuauserv - ok
22:31:08.0886 7668 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:31:08.0887 7668 WudfPf - ok
22:31:08.0925 7668 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:08.0928 7668 WUDFRd - ok
22:31:08.0943 7668 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:31:08.0945 7668 wudfsvc - ok
22:31:08.0974 7668 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:31:08.0977 7668 WwanSvc - ok
22:31:09.0001 7668 ================ Scan global ===============================
22:31:09.0024 7668 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:31:09.0051 7668 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:31:09.0075 7668 [ 6BF2039986AF96D98E08824AC6C383FD ] C:\Windows\system32\consrv.dll
22:31:09.0278 7668 C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - infected
22:31:09.0278 7668 C:\Windows\system32\consrv.dll - detected Backdoor.Multi.ZAccess.genb (0)
22:31:09.0299 7668 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:31:09.0304 7668 ================ Scan MBR ==================================
22:31:09.0328 7668 [ 0F84F2562620C40D8A3E1908C8075675 ] \Device\Harddisk0\DR0
22:31:09.0328 7668 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:31:09.0369 7668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:31:09.0369 7668 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:31:09.0369 7668 ================ Scan VBR ==================================
22:31:09.0372 7668 [ B500B05005FFF3872CC13A7D176C531B ] \Device\Harddisk0\DR0\Partition1
22:31:09.0374 7668 \Device\Harddisk0\DR0\Partition1 - ok
22:31:09.0384 7668 [ 359DFC2FEAD303787C79170B040CE9DD ] \Device\Harddisk0\DR0\Partition2
22:31:09.0385 7668 \Device\Harddisk0\DR0\Partition2 - ok
22:31:09.0407 7668 [ 1DCD00F7961C9059EFBD44E74902AD78 ] \Device\Harddisk0\DR0\Partition3
22:31:09.0408 7668 \Device\Harddisk0\DR0\Partition3 - ok
22:31:09.0408 7668 ============================================================
22:31:09.0408 7668 Scan finished
22:31:09.0408 7668 ============================================================
22:31:09.0419 8852 Detected object count: 2
22:31:09.0419 8852 Actual detected object count: 2
22:31:47.0510 8852 C:\Windows\system32\consrv.dll - copied to quarantine
22:31:47.0910 8852 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
22:31:47.0929 8852 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
22:31:48.0071 8852 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems:Windows - will be cured on reboot
22:31:48.0071 8852 C:\Windows\system32\consrv.dll - will be deleted on reboot
22:31:48.0095 8852 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
22:31:48.0095 8852 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
22:31:48.0096 8852 C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - User select action: Delete
22:31:48.0409 8852 \Device\Harddisk0\DR0\# - copied to quarantine
22:31:48.0410 8852 \Device\Harddisk0\DR0 - copied to quarantine
22:31:48.0436 8852 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:31:48.0437 8852 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:31:48.0440 8852 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:31:48.0443 8852 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:31:48.0451 8852 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:31:48.0456 8852 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:31:48.0457 8852 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:31:48.0458 8852 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:31:48.0459 8852 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:31:48.0460 8852 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:31:48.0462 8852 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:31:48.0463 8852 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:31:48.0489 8852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:31:48.0490 8852 \Device\Harddisk0\DR0 - ok
22:31:54.0164 8852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:32:03.0759 8824 Deinitialize success
 
Good :)
Update MBAM, re-run it and post new log.

Next...

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Roguekiller wouldn't finish scan. Kept stopping halfway through. I changed the name to winlogin and it still wouldn't complete. MRB worked and is below:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 19:07:10
-----------------------------
19:07:10.000 OS Version: Windows x64 6.1.7600
19:07:10.000 Number of processors: 4 586 0x502
19:07:10.000 ComputerName: LINDSAY-PC UserName: Admin
19:07:11.638 Initialize success
19:39:14.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
19:39:14.831 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
19:39:14.831 Device \Driver\atapi -> MajorFunction fffffa80050445c4
19:39:14.831 Disk 0 MBR read successfully
19:39:14.847 Disk 0 MBR scan
19:39:14.847 Disk 0 TDL4@MBR code has been found
19:39:14.847 Disk 0 Windows 7 default MBR code found via API
19:39:14.847 Disk 0 MBR hidden
19:39:14.863 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:39:14.878 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 400000 MB offset 206848
19:39:14.909 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 553767 MB offset 819406848
19:39:14.909 Disk 0 MBR [TDL4] **ROOTKIT**
19:39:14.909 Disk 0 trace - called modules:
19:39:14.909 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80050445c4]<<
19:39:14.909 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004739060]
19:39:14.925 3 CLASSPNP.SYS[fffff880018ef43f] -> nt!IofCallDriver -> [0xfffffa80044b1520]
19:39:14.925 5 ACPI.sys[fffff88000ec5781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80044b3060]
19:39:14.925 \Driver\atapi[0xfffffa8004667e70] -> IRP_MJ_CREATE -> 0xfffffa80050445c4
19:39:14.925 Scan finished successfully
19:39:21.227 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
19:39:21.227 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
 
I saw you put "Please pay attention." I'm not sure why you put that. The only thing I'm thinking is that I didn't know how to open a .dat file and I tried to download something and I hope I didn't mess things up more. I'm really sorry and I appreciate the help, I'm a total noob and I'll try to be more diligent and careful with your instructions.

MBR log (there's two of them)

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.27.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Admin :: LINDSAY-PC [administrator]

Protection: Disabled

9/27/2012 8:11:04 PM
mbam-log-2012-09-27 (20-16-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252158
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe (PUP.MyWebSearch) -> 4576 -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> 6100 -> No action taken.

Memory Modules Detected: 1
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll (PUP.MyWebSearch) -> No action taken.

Registry Keys Detected: 13
HKCR\CLSID\{ed345812-2722-4dca-9976-d01832db44ee} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{f1f328eb-f5a5-432b-a54c-05f3ef5b0bd8} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} (PUP.MyWebSearch) -> No action taken.
HKCR\VideoDownloadConverter_4z.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\VideoDownloadConverter_4z.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE} (PUP.MyWebSearch) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B} (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter_4z Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{93A3111F-4F74-4ED8-895E-D9708497629E} (PUP.MyWebSearch) -> Data: -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (PUP.MyWebSearch) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
C:\Users\Admin\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

(end)

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.27.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Admin :: LINDSAY-PC [administrator]

Protection: Disabled

9/27/2012 8:11:04 PM
mbam-log-2012-09-27 (20-11-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252158
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe (PUP.MyWebSearch) -> 4576 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 6100 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll (PUP.MyWebSearch) -> Delete on reboot.

Registry Keys Detected: 13
HKCR\CLSID\{ed345812-2722-4dca-9976-d01832db44ee} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{f1f328eb-f5a5-432b-a54c-05f3ef5b0bd8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter_4z Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{93A3111F-4F74-4ED8-895E-D9708497629E} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Admin\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
 
Good :)

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01
Ran by SYSTEM at 01-10-2012 21:20:56
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKU\Lindsay\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2988784 2011-01-13] (SUPERAntiSpyware.com)
HKLM-x32\...\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [443728 2010-12-20] (Malwarebytes Corporation)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [128752 2010-06-29] (SUPERAntiSpyware.com)

==================== Drivers (Whitelisted) =====================

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========



==================== 3 Months Modified Files ==================

2012-08-11 17:04 - 2012-04-04 05:39 - 00243186 ____A C:\VirtualDJ Local Database v6.xml

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2010-11-29 09:13:49
Restore point made on: 2010-11-29 09:21:54

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3838.18 MB
Available physical RAM: 3263.98 MB
Total Pagefile: 3836.33 MB
Available Pagefile: 3257.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

2 Drive c: (Primary) (Fixed) (Total:390.62 GB) (Free:369.8 GB) NTFS
3 Drive e: () (Fixed) (Total:540.78 GB) (Free:444.9 GB) NTFS
5 Drive g: () (Removable) (Total:1 GB) (Free:0.99 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1020 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 390 GB 101 MB
Partition 3 Primary 540 GB 390 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Primary NTFS Partition 390 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 540 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1020 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2010-11-29 08:36

==================== End Of Log =============================



Farbar Recovery Scan Tool (x64) Version: 30-09-2012 01
Ran by SYSTEM at 2012-10-01 21:24:57
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
 
Looks good.

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-10-02.02 - Admin 10/02/2012 22:19:23.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2352 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
---- Previous Run -------
.
c:\programdata\071633p1j612x862q517x5krx0j0
c:\programdata\44883720
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-03 to 2012-10-03 )))))))))))))))))))))))))))))))
.
.
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-03 05:32 . 2012-10-03 05:32 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-03 05:32 . 2012-10-03 05:32 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-03 05:32 . 2012-10-03 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
2012-09-27 05:31 . 2012-09-27 19:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-17 00:44 . 2012-10-03 04:25 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
2012-09-13 03:35 . 2012-09-13 03:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 03:35 . 2012-09-13 03:34 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 03:34 . 2012-09-13 03:34 -------- d-----w- c:\program files (x86)\Java
2012-09-13 03:33 . 2012-09-13 03:33 -------- d-----w- c:\programdata\McAfee
2012-09-13 03:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-13 03:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-13 03:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-13 03:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-13 03:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-13 03:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-13 03:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-13 03:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-13 03:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-13 03:26 . 2012-09-13 03:26 -------- d-----w- c:\programdata\!SASCORE
2012-09-13 03:22 . 2012-09-13 03:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46 . 2012-09-13 02:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-06 03:32 . 2012-09-06 03:32 -------- d-----w- c:\users\Lindsay\AppData\Roaming\ZoomBrowser EX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 08:12 . 2012-04-14 02:26 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 08:12 . 2012-02-04 22:08 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:12]
.
2012-10-03 c:\windows\Tasks\Sophos Patch Feed.job
- c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
.
2012-10-02 c:\windows\Tasks\Sophos Patch Purge.job
- c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^HJ^xdm003^S03103^us&ptb=6F2055D6-ADB1-4FDC-94C0-8138DA23D0F4&si=CNu90_qf17ICFURxQgodmgQAmg
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=6F2055D6-ADB1-4FDC-94C0-8138DA23D0F4&n=77ee1931&p2=^HJ^xdm003^S03103^us&si=CNu90_qf17ICFURxQgodmgQAmg
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6F2055D6-ADB1-4FDC-94C0-8138DA23D0F4&n=77ee1931&ind=2012092721&p2=^HJ^xdm003^S03103^us&si=CNu90_qf17ICFURxQgodmgQAmg&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
SafeBoot-87603829.sys
SafeBoot-97633125.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-02 22:49:47
ComboFix-quarantined-files.txt 2012-10-03 05:49
.
Pre-Run: 483,970,039,808 bytes free
Post-Run: 483,648,933,888 bytes free
.
- - End Of File - - 8A6C44313B76E2697892FE53DAB667DE
 
Just noticed I'm now getting this message a lot from my MBM anti-malware program while posting in this forum:

Successfully blocked access to a potentially malicious website: 199.21.14.88

Type: outgoing
Port: 51868, Process: svchost.exe
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
22:35:09.0026 8872 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:35:09.0476 8872 ============================================================
22:35:09.0476 8872 Current date / time: 2012/10/03 22:35:09.0476
22:35:09.0476 8872 SystemInfo:
22:35:09.0476 8872
22:35:09.0476 8872 OS Version: 6.1.7600 ServicePack: 0.0
22:35:09.0476 8872 Product type: Workstation
22:35:09.0476 8872 ComputerName: LINDSAY-PC
22:35:09.0476 8872 UserName: Admin
22:35:09.0476 8872 Windows directory: C:\Windows
22:35:09.0476 8872 System windows directory: C:\Windows
22:35:09.0476 8872 Running under WOW64
22:35:09.0476 8872 Processor architecture: Intel x64
22:35:09.0476 8872 Number of processors: 4
22:35:09.0476 8872 Page size: 0x1000
22:35:09.0476 8872 Boot type: Normal boot
22:35:09.0476 8872 ============================================================
22:35:13.0066 8872 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:35:13.0076 8872 ============================================================
22:35:13.0076 8872 \Device\Harddisk0\DR0:
22:35:13.0076 8872 MBR partitions:
22:35:13.0076 8872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:35:13.0076 8872 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
22:35:13.0076 8872 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
22:35:13.0076 8872 ============================================================
22:35:13.0096 8872 C: <-> \Device\Harddisk0\DR0\Partition3
22:35:13.0136 8872 D: <-> \Device\Harddisk0\DR0\Partition2
22:35:13.0136 8872 ============================================================
22:35:13.0136 8872 Initialize success
22:35:13.0136 8872 ============================================================
22:35:15.0466 9492 ============================================================
22:35:15.0466 9492 Scan started
22:35:15.0466 9492 Mode: Manual;
22:35:15.0466 9492 ============================================================
22:35:22.0256 9492 ================ Scan system memory ========================
22:35:22.0256 9492 System memory - ok
22:35:22.0256 9492 ================ Scan services =============================
22:35:22.0456 9492 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:35:22.0526 9492 !SASCORE - ok
22:35:22.0736 9492 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:35:22.0746 9492 1394ohci - ok
22:35:22.0776 9492 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:35:22.0776 9492 ACPI - ok
22:35:22.0816 9492 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:35:22.0816 9492 AcpiPmi - ok
22:35:22.0936 9492 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:35:22.0956 9492 AdobeFlashPlayerUpdateSvc - ok
22:35:22.0986 9492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:35:22.0996 9492 adp94xx - ok
22:35:23.0036 9492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:35:23.0036 9492 adpahci - ok
22:35:23.0056 9492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:35:23.0056 9492 adpu320 - ok
22:35:23.0106 9492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:35:23.0116 9492 AeLookupSvc - ok
22:35:23.0176 9492 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:35:23.0186 9492 AFD - ok
22:35:23.0216 9492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:35:23.0216 9492 agp440 - ok
22:35:23.0246 9492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:35:24.0526 9492 ALG - ok
22:35:24.0546 9492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:35:24.0546 9492 aliide - ok
22:35:24.0556 9492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:35:24.0556 9492 amdide - ok
22:35:24.0576 9492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:35:24.0586 9492 AmdK8 - ok
22:35:24.0616 9492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:35:24.0616 9492 AmdPPM - ok
22:35:24.0636 9492 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
22:35:24.0636 9492 amdsata - ok
22:35:24.0646 9492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:35:24.0656 9492 amdsbs - ok
22:35:24.0666 9492 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
22:35:24.0666 9492 amdxata - ok
22:35:24.0726 9492 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:35:24.0746 9492 AppID - ok
22:35:24.0776 9492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:35:24.0776 9492 AppIDSvc - ok
22:35:24.0796 9492 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:35:24.0796 9492 Appinfo - ok
22:35:24.0906 9492 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:35:24.0916 9492 Apple Mobile Device - ok
22:35:24.0956 9492 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:35:24.0966 9492 AppMgmt - ok
22:35:24.0986 9492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:35:24.0986 9492 arc - ok
22:35:25.0006 9492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:35:25.0006 9492 arcsas - ok
22:35:25.0026 9492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:35:25.0026 9492 AsyncMac - ok
22:35:25.0036 9492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:35:25.0036 9492 atapi - ok
22:35:25.0146 9492 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:35:25.0206 9492 atikmdag - ok
22:35:25.0246 9492 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:35:25.0256 9492 AudioEndpointBuilder - ok
22:35:25.0266 9492 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:35:25.0266 9492 AudioSrv - ok
22:35:25.0296 9492 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:35:25.0296 9492 AxInstSV - ok
22:35:25.0316 9492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:35:25.0326 9492 b06bdrv - ok
22:35:25.0356 9492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:35:25.0356 9492 b57nd60a - ok
22:35:25.0396 9492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:35:25.0396 9492 BDESVC - ok
22:35:25.0416 9492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:35:25.0416 9492 Beep - ok
22:35:25.0446 9492 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:35:25.0446 9492 BFE - ok
22:35:25.0516 9492 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
22:35:25.0526 9492 BITS - ok
22:35:25.0566 9492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:35:25.0576 9492 blbdrive - ok
22:35:25.0686 9492 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:35:25.0686 9492 Bonjour Service - ok
22:35:25.0896 9492 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:35:25.0896 9492 bowser - ok
22:35:25.0946 9492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:35:25.0946 9492 BrFiltLo - ok
22:35:25.0956 9492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:35:25.0956 9492 BrFiltUp - ok
22:35:25.0966 9492 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:35:25.0966 9492 BridgeMP - ok
22:35:25.0986 9492 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
22:35:25.0986 9492 Browser - ok
22:35:26.0006 9492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:35:26.0006 9492 Brserid - ok
22:35:26.0026 9492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:35:26.0026 9492 BrSerWdm - ok
22:35:26.0026 9492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:35:26.0026 9492 BrUsbMdm - ok
22:35:26.0036 9492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:35:26.0036 9492 BrUsbSer - ok
22:35:26.0056 9492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:35:26.0056 9492 BTHMODEM - ok
22:35:26.0076 9492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:35:26.0076 9492 bthserv - ok
22:35:26.0086 9492 catchme - ok
22:35:26.0106 9492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:35:26.0106 9492 cdfs - ok
22:35:26.0126 9492 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:35:26.0126 9492 cdrom - ok
22:35:26.0156 9492 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:35:26.0156 9492 CertPropSvc - ok
22:35:26.0156 9492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:35:26.0156 9492 circlass - ok
22:35:26.0176 9492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:35:26.0176 9492 CLFS - ok
22:35:26.0236 9492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:35:26.0246 9492 clr_optimization_v2.0.50727_32 - ok
22:35:26.0296 9492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:35:26.0306 9492 clr_optimization_v2.0.50727_64 - ok
22:35:26.0306 9492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:35:26.0306 9492 CmBatt - ok
22:35:26.0346 9492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:35:26.0356 9492 cmdide - ok
22:35:26.0376 9492 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
22:35:26.0386 9492 CNG - ok
22:35:26.0386 9492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:35:26.0386 9492 Compbatt - ok
22:35:26.0426 9492 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:35:26.0436 9492 CompositeBus - ok
22:35:26.0436 9492 COMSysApp - ok
22:35:26.0456 9492 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
22:35:26.0466 9492 cpuz134 - ok
22:35:26.0466 9492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:35:26.0466 9492 crcdisk - ok
22:35:26.0536 9492 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:35:26.0556 9492 CryptSvc - ok
22:35:26.0576 9492 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
22:35:26.0576 9492 CSC - ok
22:35:26.0606 9492 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
22:35:26.0616 9492 CscService - ok
22:35:26.0636 9492 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:35:26.0646 9492 DcomLaunch - ok
22:35:26.0686 9492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:35:26.0686 9492 defragsvc - ok
22:35:26.0706 9492 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:35:26.0706 9492 DfsC - ok
22:35:26.0726 9492 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:35:26.0736 9492 Dhcp - ok
22:35:26.0746 9492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:35:26.0746 9492 discache - ok
22:35:26.0756 9492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:35:26.0756 9492 Disk - ok
22:35:26.0776 9492 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:35:26.0776 9492 Dnscache - ok
22:35:26.0806 9492 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:35:26.0806 9492 dot3svc - ok
22:35:26.0816 9492 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:35:26.0816 9492 DPS - ok
22:35:26.0856 9492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:35:26.0856 9492 drmkaud - ok
22:35:26.0916 9492 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:35:26.0936 9492 DXGKrnl - ok
22:35:26.0976 9492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:35:26.0976 9492 EapHost - ok
22:35:27.0196 9492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:35:27.0236 9492 ebdrv - ok
22:35:27.0306 9492 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:35:27.0316 9492 EFS - ok
22:35:27.0476 9492 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:35:27.0486 9492 ehRecvr - ok
22:35:27.0516 9492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:35:27.0516 9492 ehSched - ok
22:35:27.0646 9492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:35:27.0746 9492 elxstor - ok
22:35:27.0926 9492 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
22:35:27.0936 9492 EPSON_EB_RPCV4_01 - ok
22:35:27.0966 9492 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
22:35:27.0986 9492 EPSON_PM_RPCV4_01 - ok
22:35:27.0996 9492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:35:28.0016 9492 ErrDev - ok
22:35:28.0086 9492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:35:28.0096 9492 EventSystem - ok
22:35:28.0146 9492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:35:28.0156 9492 exfat - ok
22:35:28.0186 9492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:35:28.0196 9492 fastfat - ok
22:35:28.0346 9492 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:35:28.0356 9492 Fax - ok
22:35:28.0376 9492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:35:28.0386 9492 fdc - ok
22:35:28.0406 9492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:35:28.0416 9492 fdPHost - ok
22:35:28.0436 9492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:35:28.0456 9492 FDResPub - ok
22:35:28.0476 9492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:35:28.0486 9492 FileInfo - ok
22:35:28.0506 9492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:35:28.0526 9492 Filetrace - ok
22:35:28.0706 9492 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:35:28.0706 9492 FLEXnet Licensing Service - ok
22:35:28.0726 9492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:35:28.0736 9492 flpydisk - ok
22:35:28.0806 9492 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:35:28.0816 9492 FltMgr - ok
22:35:28.0996 9492 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
22:35:29.0016 9492 FontCache - ok
22:35:29.0086 9492 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:35:29.0086 9492 FontCache3.0.0.0 - ok
22:35:29.0106 9492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:35:29.0116 9492 FsDepends - ok
22:35:29.0156 9492 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:35:29.0156 9492 Fs_Rec - ok
22:35:29.0226 9492 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:35:29.0236 9492 fvevol - ok
22:35:29.0286 9492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:35:29.0286 9492 gagp30kx - ok
22:35:29.0356 9492 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:35:29.0366 9492 GEARAspiWDM - ok
22:35:29.0516 9492 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:35:29.0526 9492 gpsvc - ok
22:35:29.0546 9492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:35:29.0546 9492 hcw85cir - ok
22:35:29.0626 9492 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:35:29.0626 9492 HdAudAddService - ok
22:35:29.0666 9492 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:35:29.0666 9492 HDAudBus - ok
22:35:29.0686 9492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:35:29.0696 9492 HidBatt - ok
22:35:29.0716 9492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:35:29.0726 9492 HidBth - ok
22:35:29.0746 9492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:35:29.0746 9492 HidIr - ok
22:35:29.0756 9492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:35:29.0766 9492 hidserv - ok
22:35:29.0846 9492 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:35:29.0846 9492 HidUsb - ok
22:35:29.0876 9492 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:35:29.0886 9492 hkmsvc - ok
22:35:29.0926 9492 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:35:29.0946 9492 HomeGroupListener - ok
22:35:30.0026 9492 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:35:30.0036 9492 HomeGroupProvider - ok
22:35:30.0056 9492 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:35:30.0066 9492 HpSAMD - ok
22:35:30.0166 9492 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:35:30.0176 9492 HTTP - ok
22:35:30.0196 9492 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:35:30.0196 9492 hwpolicy - ok
22:35:30.0246 9492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:35:30.0266 9492 i8042prt - ok
22:35:30.0336 9492 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
22:35:30.0346 9492 iaStorV - ok
22:35:30.0446 9492 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:35:30.0456 9492 IDriverT - ok
22:35:30.0536 9492 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:35:30.0556 9492 idsvc - ok
22:35:30.0576 9492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:35:30.0576 9492 iirsp - ok
22:35:30.0736 9492 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:35:30.0766 9492 IKEEXT - ok
22:35:30.0816 9492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:35:30.0816 9492 intelide - ok
22:35:30.0846 9492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:35:30.0846 9492 intelppm - ok
22:35:30.0866 9492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:35:30.0876 9492 IPBusEnum - ok
22:35:30.0916 9492 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:35:30.0926 9492 IpFilterDriver - ok
22:35:31.0006 9492 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:35:31.0026 9492 iphlpsvc - ok
22:35:31.0046 9492 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:35:31.0056 9492 IPMIDRV - ok
22:35:31.0086 9492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:35:31.0086 9492 IPNAT - ok
22:35:31.0176 9492 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:35:31.0186 9492 iPod Service - ok
22:35:31.0226 9492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:35:31.0226 9492 IRENUM - ok
22:35:31.0256 9492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:35:31.0256 9492 isapnp - ok
22:35:31.0276 9492 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:35:31.0286 9492 iScsiPrt - ok
22:35:31.0296 9492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:35:31.0296 9492 kbdclass - ok
22:35:31.0336 9492 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:35:31.0336 9492 kbdhid - ok
22:35:31.0346 9492 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:35:31.0346 9492 KeyIso - ok
22:35:31.0366 9492 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:35:31.0366 9492 KSecDD - ok
22:35:31.0436 9492 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:35:31.0446 9492 KSecPkg - ok
22:35:31.0466 9492 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:35:31.0466 9492 ksthunk - ok
22:35:31.0516 9492 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:35:31.0516 9492 KtmRm - ok
22:35:31.0546 9492 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
22:35:31.0546 9492 L1E - ok
22:35:31.0576 9492 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:35:31.0586 9492 LanmanServer - ok
22:35:31.0616 9492 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:35:31.0636 9492 LanmanWorkstation - ok
22:35:31.0656 9492 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:35:31.0656 9492 lltdio - ok
22:35:31.0686 9492 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:35:31.0696 9492 lltdsvc - ok
22:35:31.0736 9492 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:35:31.0746 9492 lmhosts - ok
22:35:31.0786 9492 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:35:31.0786 9492 LSI_FC - ok
22:35:31.0806 9492 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:35:31.0806 9492 LSI_SAS - ok
22:35:31.0806 9492 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:35:31.0816 9492 LSI_SAS2 - ok
22:35:31.0816 9492 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:35:31.0816 9492 LSI_SCSI - ok
22:35:31.0836 9492 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:35:31.0836 9492 luafv - ok
22:35:31.0866 9492 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:35:31.0866 9492 MBAMProtector - ok
22:35:31.0916 9492 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:35:31.0916 9492 MBAMScheduler - ok
22:35:31.0936 9492 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:35:31.0946 9492 MBAMService - ok
22:35:31.0976 9492 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:35:31.0976 9492 Mcx2Svc - ok
22:35:31.0996 9492 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:35:31.0996 9492 megasas - ok
22:35:32.0006 9492 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:35:32.0016 9492 MegaSR - ok
22:35:32.0066 9492 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:35:32.0086 9492 Microsoft Office Groove Audit Service - ok
22:35:32.0106 9492 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:35:32.0106 9492 MMCSS - ok
22:35:32.0136 9492 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:35:32.0136 9492 Modem - ok
22:35:32.0166 9492 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:35:32.0166 9492 monitor - ok
22:35:32.0196 9492 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
 
22:35:32.0196 9492 mouclass - ok
22:35:32.0196 9492 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:35:32.0196 9492 mouhid - ok
22:35:32.0216 9492 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:35:32.0216 9492 mountmgr - ok
22:35:32.0236 9492 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:35:32.0236 9492 mpio - ok
22:35:32.0266 9492 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:35:32.0266 9492 mpsdrv - ok
22:35:32.0286 9492 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:35:32.0296 9492 MpsSvc - ok
22:35:32.0326 9492 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
22:35:32.0326 9492 MQAC - ok
22:35:32.0356 9492 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:35:32.0366 9492 MRxDAV - ok
22:35:32.0406 9492 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:35:32.0436 9492 mrxsmb - ok
22:35:32.0466 9492 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:35:32.0466 9492 mrxsmb10 - ok
22:35:32.0486 9492 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:35:32.0486 9492 mrxsmb20 - ok
22:35:32.0496 9492 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:35:32.0506 9492 msahci - ok
22:35:32.0516 9492 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:35:32.0516 9492 msdsm - ok
22:35:32.0546 9492 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:35:32.0546 9492 MSDTC - ok
22:35:32.0566 9492 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:35:32.0566 9492 Msfs - ok
22:35:32.0576 9492 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:35:32.0576 9492 mshidkmdf - ok
22:35:32.0586 9492 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:35:32.0586 9492 msisadrv - ok
22:35:32.0626 9492 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:35:32.0626 9492 MSiSCSI - ok
22:35:32.0626 9492 msiserver - ok
22:35:32.0666 9492 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:35:32.0666 9492 MSKSSRV - ok
22:35:32.0676 9492 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
22:35:32.0676 9492 MSMQ - ok
22:35:32.0686 9492 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:35:32.0686 9492 MSPCLOCK - ok
22:35:32.0696 9492 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:35:32.0696 9492 MSPQM - ok
22:35:32.0716 9492 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:35:32.0716 9492 MsRPC - ok
22:35:32.0746 9492 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:35:32.0746 9492 mssmbios - ok
22:35:33.0086 9492 MSSQL$SOPHOS - ok
22:35:33.0276 9492 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:35:33.0376 9492 MSSQLServerADHelper100 - ok
22:35:33.0396 9492 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:35:33.0396 9492 MSTEE - ok
22:35:33.0406 9492 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:35:33.0406 9492 MTConfig - ok
22:35:33.0426 9492 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:35:33.0426 9492 Mup - ok
22:35:33.0466 9492 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:35:33.0476 9492 napagent - ok
22:35:33.0516 9492 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:35:33.0526 9492 NativeWifiP - ok
22:35:33.0566 9492 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:35:33.0576 9492 NDIS - ok
22:35:33.0586 9492 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:35:33.0586 9492 NdisCap - ok
22:35:33.0596 9492 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:35:33.0606 9492 NdisTapi - ok
22:35:33.0616 9492 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:35:33.0616 9492 Ndisuio - ok
22:35:33.0626 9492 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:35:33.0636 9492 NdisWan - ok
22:35:33.0646 9492 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:35:33.0646 9492 NDProxy - ok
22:35:33.0656 9492 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:35:33.0656 9492 NetBIOS - ok
22:35:33.0676 9492 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:35:33.0676 9492 NetBT - ok
22:35:33.0686 9492 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:35:33.0686 9492 Netlogon - ok
22:35:33.0696 9492 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:35:33.0696 9492 Netman - ok
22:35:33.0716 9492 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:35:33.0726 9492 netprofm - ok
22:35:33.0746 9492 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:35:33.0746 9492 NetTcpPortSharing - ok
22:35:33.0756 9492 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:35:33.0766 9492 nfrd960 - ok
22:35:33.0776 9492 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:35:33.0776 9492 NlaSvc - ok
22:35:33.0786 9492 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:35:33.0786 9492 Npfs - ok
22:35:33.0796 9492 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:35:33.0796 9492 nsi - ok
22:35:33.0806 9492 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:35:33.0806 9492 nsiproxy - ok
22:35:33.0866 9492 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:35:33.0886 9492 Ntfs - ok
22:35:33.0896 9492 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:35:33.0896 9492 Null - ok
22:35:33.0926 9492 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
22:35:33.0926 9492 nvraid - ok
22:35:33.0946 9492 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
22:35:33.0946 9492 nvstor - ok
22:35:33.0956 9492 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:35:33.0956 9492 nv_agp - ok
22:35:34.0026 9492 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:35:34.0036 9492 odserv - ok
22:35:34.0046 9492 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:35:34.0056 9492 ohci1394 - ok
22:35:34.0096 9492 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:35:34.0106 9492 ose - ok
22:35:34.0146 9492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:35:34.0146 9492 p2pimsvc - ok
22:35:34.0176 9492 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:35:34.0186 9492 p2psvc - ok
22:35:34.0216 9492 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:35:34.0216 9492 Parport - ok
22:35:34.0236 9492 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:35:34.0246 9492 partmgr - ok
22:35:34.0256 9492 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:35:34.0256 9492 PcaSvc - ok
22:35:34.0266 9492 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:35:34.0276 9492 pci - ok
22:35:34.0286 9492 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:35:34.0286 9492 pciide - ok
22:35:34.0296 9492 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:35:34.0306 9492 pcmcia - ok
22:35:34.0316 9492 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:35:34.0316 9492 pcw - ok
22:35:34.0336 9492 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:35:34.0346 9492 PEAUTH - ok
22:35:34.0376 9492 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:35:34.0396 9492 PeerDistSvc - ok
22:35:34.0496 9492 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:35:34.0506 9492 PerfHost - ok
22:35:34.0566 9492 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:35:34.0576 9492 pla - ok
22:35:34.0616 9492 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:35:34.0626 9492 PlugPlay - ok
22:35:34.0656 9492 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:35:34.0676 9492 PNRPAutoReg - ok
22:35:34.0676 9492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:35:34.0686 9492 PNRPsvc - ok
22:35:34.0776 9492 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:35:34.0786 9492 PolicyAgent - ok
22:35:34.0876 9492 postgresql-8.4 - ok
22:35:34.0906 9492 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:35:34.0906 9492 Power - ok
22:35:34.0936 9492 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:35:34.0936 9492 PptpMiniport - ok
22:35:34.0946 9492 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:35:34.0946 9492 Processor - ok
22:35:34.0956 9492 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
22:35:34.0956 9492 ProfSvc - ok
22:35:34.0986 9492 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:35:34.0986 9492 ProtectedStorage - ok
22:35:35.0006 9492 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:35:35.0016 9492 Psched - ok
22:35:35.0056 9492 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:35:35.0076 9492 ql2300 - ok
22:35:35.0106 9492 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:35:35.0106 9492 ql40xx - ok
22:35:35.0116 9492 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:35:35.0116 9492 QWAVE - ok
22:35:35.0146 9492 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:35:35.0146 9492 QWAVEdrv - ok
22:35:35.0156 9492 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:35:35.0156 9492 RasAcd - ok
22:35:35.0186 9492 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:35:35.0186 9492 RasAgileVpn - ok
22:35:35.0196 9492 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:35:35.0196 9492 RasAuto - ok
22:35:35.0206 9492 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:35:35.0216 9492 Rasl2tp - ok
22:35:35.0226 9492 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:35:35.0226 9492 RasMan - ok
22:35:35.0256 9492 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:35:35.0266 9492 RasPppoe - ok
22:35:35.0296 9492 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:35:35.0296 9492 RasSstp - ok
22:35:35.0316 9492 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:35:35.0316 9492 rdbss - ok
22:35:35.0326 9492 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:35:35.0326 9492 rdpbus - ok
22:35:35.0336 9492 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:35:35.0336 9492 RDPCDD - ok
22:35:35.0356 9492 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:35:35.0356 9492 RDPDR - ok
22:35:35.0376 9492 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:35:35.0376 9492 RDPENCDD - ok
22:35:35.0386 9492 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:35:35.0386 9492 RDPREFMP - ok
22:35:35.0416 9492 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:35:35.0426 9492 RDPWD - ok
22:35:35.0436 9492 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:35:35.0436 9492 rdyboost - ok
22:35:35.0496 9492 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
22:35:35.0496 9492 Realtek11nSU - ok
22:35:35.0526 9492 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:35:35.0526 9492 RemoteAccess - ok
22:35:35.0546 9492 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:35:35.0546 9492 RemoteRegistry - ok
22:35:35.0556 9492 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:35:35.0556 9492 RpcEptMapper - ok
22:35:35.0586 9492 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:35:35.0596 9492 RpcLocator - ok
22:35:35.0626 9492 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:35:35.0636 9492 RpcSs - ok
22:35:35.0716 9492 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
22:35:35.0736 9492 RsFx0103 - ok
22:35:35.0766 9492 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:35:35.0766 9492 rspndr - ok
22:35:35.0806 9492 [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
22:35:35.0816 9492 RTL8192su - ok
22:35:35.0846 9492 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:35:35.0856 9492 s3cap - ok
22:35:35.0866 9492 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:35:35.0866 9492 SamSs - ok
22:35:35.0906 9492 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:35:35.0906 9492 SASDIFSV - ok
22:35:35.0936 9492 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:35:35.0936 9492 SASKUTIL - ok
22:35:35.0946 9492 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:35:35.0946 9492 sbp2port - ok
22:35:35.0996 9492 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:35:35.0996 9492 SCardSvr - ok
22:35:36.0026 9492 [ 4B12E2E559641B0F26474BBC6D7CFAFF ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
22:35:36.0026 9492 SCDEmu - ok
22:35:36.0036 9492 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:35:36.0036 9492 scfilter - ok
22:35:36.0106 9492 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:35:36.0116 9492 Schedule - ok
22:35:36.0176 9492 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:35:36.0176 9492 SCPolicySvc - ok
22:35:36.0276 9492 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:35:36.0286 9492 SDRSVC - ok
22:35:36.0306 9492 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:35:36.0306 9492 secdrv - ok
22:35:36.0316 9492 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:35:36.0326 9492 seclogon - ok
22:35:36.0326 9492 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:35:36.0326 9492 SENS - ok
22:35:36.0346 9492 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:35:36.0346 9492 SensrSvc - ok
22:35:36.0356 9492 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:35:36.0356 9492 Serenum - ok
22:35:36.0366 9492 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:35:36.0366 9492 Serial - ok
22:35:36.0376 9492 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:35:36.0376 9492 sermouse - ok
22:35:36.0406 9492 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:35:36.0416 9492 SessionEnv - ok
22:35:36.0436 9492 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:35:36.0436 9492 sffdisk - ok
22:35:36.0446 9492 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:35:36.0446 9492 sffp_mmc - ok
22:35:36.0456 9492 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:35:36.0456 9492 sffp_sd - ok
22:35:36.0466 9492 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:35:36.0466 9492 sfloppy - ok
22:35:36.0516 9492 [ 41264E06A5CB8FF21D4D2FC59CFEE8EC ] SGNBusinessLogicService C:\Program Files (x86)\Sophos\Encryption\BLService.exe
22:35:36.0516 9492 SGNBusinessLogicService - ok
22:35:36.0526 9492 SGN_LogSystem - ok
22:35:36.0576 9492 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:35:36.0576 9492 SharedAccess - ok
22:35:36.0636 9492 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:35:36.0636 9492 ShellHWDetection - ok
22:35:36.0666 9492 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:35:36.0666 9492 SiSRaid2 - ok
22:35:36.0686 9492 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:35:36.0686 9492 SiSRaid4 - ok
22:35:36.0736 9492 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:35:36.0746 9492 Smb - ok
22:35:36.0766 9492 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:35:36.0766 9492 SNMPTRAP - ok
22:35:36.0806 9492 [ 1DD15CBAE4AA7B2F5166D0C2700AEF94 ] Sophos Agent C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
22:35:36.0816 9492 Sophos Agent - ok
22:35:36.0826 9492 [ F55A42C8A2FA52B2EFAB477C015AD24E ] Sophos Certification Manager C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
22:35:36.0826 9492 Sophos Certification Manager - ok
22:35:37.0456 9492 [ AB6E2BF3AD49DDB152A53201DFF42483 ] Sophos Management Service C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
22:35:37.0516 9492 Sophos Management Service - ok
22:35:37.0556 9492 [ 65F816D7534D25623DA909911FF7E7D8 ] Sophos Message Router C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
22:35:37.0566 9492 Sophos Message Router - ok
22:35:37.0626 9492 [ 1BE9D02F57AB179C2FB900E3B3938F41 ] SophosManagementHostService C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe
22:35:37.0626 9492 SophosManagementHostService - ok
22:35:37.0656 9492 [ D0BC85E0D204E42EE54867A8E6EFE7A6 ] SophosPatchEndpointCommunicator C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe
22:35:37.0656 9492 SophosPatchEndpointCommunicator - ok
22:35:37.0676 9492 [ AA87E68657D0AD06C5922A01D01B47FB ] SophosPatchOrchestratorService C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe
22:35:37.0676 9492 SophosPatchOrchestratorService - ok
22:35:37.0696 9492 [ C5816593AC80CA028EBD8A481E70B8DB ] SophosPatchServerCommunicator C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe
22:35:37.0706 9492 SophosPatchServerCommunicator - ok
22:35:37.0716 9492 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:35:37.0726 9492 spldr - ok
22:35:37.0796 9492 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
22:35:37.0806 9492 Spooler - ok
22:35:37.0886 9492 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:35:37.0926 9492 sppsvc - ok
22:35:37.0946 9492 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:35:37.0946 9492 sppuinotify - ok
22:35:38.0046 9492 [ A5609D0178B2FEC118A7F4A24ECD1BFB ] SQLAgent$SOPHOS c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE
22:35:38.0056 9492 SQLAgent$SOPHOS - ok
22:35:38.0126 9492 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:35:38.0126 9492 SQLBrowser - ok
22:35:38.0146 9492 [ C298D989D717CB153702E397B6D9AAAD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:35:38.0156 9492 SQLWriter - ok
22:35:38.0186 9492 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:35:38.0186 9492 srv - ok
22:35:38.0226 9492 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:35:38.0226 9492 srv2 - ok
22:35:38.0246 9492 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:35:38.0246 9492 srvnet - ok
22:35:38.0266 9492 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:35:38.0276 9492 SSDPSRV - ok22:35:38.0286 9492 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:35:38.0286 9492 SstpSvc - ok
22:35:38.0306 9492 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:35:38.0306 9492 stexstor - ok
22:35:38.0336 9492 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:35:38.0346 9492 stisvc - ok
22:35:38.0366 9492 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:35:38.0366 9492 storflt - ok
22:35:38.0376 9492 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:35:38.0376 9492 storvsc - ok
22:35:38.0386 9492 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:35:38.0386 9492 swenum - ok
22:35:38.0426 9492 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:35:38.0436 9492 swprv - ok
22:35:38.0466 9492 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:35:38.0486 9492 SysMain - ok
22:35:38.0516 9492 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:35:38.0526 9492 TabletInputService - ok
22:35:38.0546 9492 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:35:38.0546 9492 TapiSrv - ok
22:35:38.0566 9492 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:35:38.0566 9492 TBS - ok
22:35:38.0616 9492 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:35:38.0636 9492 Tcpip - ok
22:35:38.0676 9492 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:35:38.0686 9492 TCPIP6 - ok
22:35:38.0716 9492 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:35:38.0716 9492 tcpipreg - ok
22:35:38.0746 9492 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:35:38.0766 9492 TDPIPE - ok
22:35:38.0796 9492 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:35:38.0796 9492 TDTCP - ok
22:35:38.0816 9492 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:35:38.0816 9492 tdx - ok
22:35:38.0836 9492 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:35:38.0836 9492 TermDD - ok
22:35:38.0856 9492 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:35:38.0856 9492 TermService - ok
22:35:38.0876 9492 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:35:38.0876 9492 Themes - ok
22:35:38.0896 9492 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:35:38.0896 9492 THREADORDER - ok
22:35:38.0926 9492 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:35:38.0926 9492 TrkWks - ok
22:35:38.0976 9492 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:35:38.0976 9492 TrustedInstaller - ok
22:35:38.0986 9492 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:35:38.0986 9492 tssecsrv - ok
22:35:39.0016 9492 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:35:39.0026 9492 tunnel - ok
22:35:39.0036 9492 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:35:39.0036 9492 uagp35 - ok
22:35:39.0056 9492 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:35:39.0066 9492 udfs - ok
22:35:39.0086 9492 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:35:39.0086 9492 UI0Detect - ok
22:35:39.0096 9492 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:35:39.0096 9492 uliagpkx - ok
22:35:39.0116 9492 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:35:39.0116 9492 umbus - ok
22:35:39.0126 9492 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:35:39.0126 9492 UmPass - ok
22:35:39.0146 9492 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
22:35:39.0146 9492 UmRdpService - ok
22:35:39.0166 9492 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:35:39.0176 9492 upnphost - ok
22:35:39.0196 9492 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:35:39.0196 9492 USBAAPL64 - ok
22:35:39.0226 9492 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:35:39.0226 9492 usbaudio - ok
22:35:39.0266 9492 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:35:39.0276 9492 usbccgp - ok
22:35:39.0296 9492 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:35:39.0296 9492 usbcir - ok
22:35:39.0306 9492 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:35:39.0306 9492 usbehci - ok
22:35:39.0326 9492 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:35:39.0336 9492 usbhub - ok
22:35:39.0366 9492 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:35:39.0366 9492 usbohci - ok
22:35:39.0376 9492 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:35:39.0376 9492 usbprint - ok
22:35:39.0396 9492 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:35:39.0396 9492 usbscan - ok
22:35:39.0406 9492 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:35:39.0406 9492 USBSTOR - ok
22:35:39.0426 9492 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:35:39.0426 9492 usbuhci - ok
22:35:39.0446 9492 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:35:39.0456 9492 UxSms - ok
22:35:39.0466 9492 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:35:39.0466 9492 VaultSvc - ok
22:35:39.0486 9492 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:35:39.0486 9492 vdrvroot - ok
22:35:39.0516 9492 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:35:39.0516 9492 vds - ok
22:35:39.0546 9492 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:35:39.0546 9492 vga - ok
22:35:39.0566 9492 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:35:39.0566 9492 VgaSave - ok
22:35:39.0576 9492 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:35:39.0586 9492 vhdmp - ok
22:35:39.0596 9492 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:35:39.0596 9492 viaide - ok
22:35:39.0616 9492 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:35:39.0616 9492 vmbus - ok
22:35:39.0626 9492 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:35:39.0626 9492 VMBusHID - ok
22:35:39.0656 9492 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:35:39.0656 9492 volmgr - ok
22:35:39.0676 9492 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:35:39.0676 9492 volmgrx - ok
22:35:39.0696 9492 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:35:39.0696 9492 volsnap - ok
22:35:39.0736 9492 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:35:39.0736 9492 vsmraid - ok
22:35:39.0826 9492 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:35:39.0846 9492 VSS - ok
22:35:39.0866 9492 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:35:39.0866 9492 vwifibus - ok
22:35:39.0876 9492 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:35:39.0876 9492 vwififlt - ok
22:35:39.0886 9492 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:35:39.0896 9492 W32Time - ok
22:35:39.0916 9492 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:35:39.0916 9492 WacomPen - ok
22:35:39.0936 9492 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:35:39.0936 9492 WANARP - ok
22:35:39.0946 9492 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:35:39.0946 9492 Wanarpv6 - ok
22:35:39.0996 9492 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:35:40.0006 9492 wbengine - ok
22:35:40.0026 9492 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:35:40.0036 9492 WbioSrvc - ok
22:35:40.0046 9492 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:35:40.0056 9492 wcncsvc - ok
22:35:40.0106 9492 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:35:40.0106 9492 WcsPlugInService - ok
22:35:40.0106 9492 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:35:40.0106 9492 Wd - ok
22:35:40.0196 9492 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:35:40.0206 9492 Wdf01000 - ok
22:35:40.0236 9492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:35:40.0236 9492 WdiServiceHost - ok
22:35:40.0246 9492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:35:40.0246 9492 WdiSystemHost - ok
22:35:40.0276 9492 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
22:35:40.0286 9492 WebClient - ok
22:35:40.0296 9492 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:35:40.0296 9492 Wecsvc - ok
22:35:40.0316 9492 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:35:40.0316 9492 wercplsupport - ok
22:35:40.0336 9492 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:35:40.0346 9492 WerSvc - ok
22:35:40.0356 9492 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:35:40.0356 9492 WfpLwf - ok
22:35:40.0366 9492 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:35:40.0376 9492 WIMMount - ok
22:35:40.0386 9492 WinDefend - ok
22:35:40.0396 9492 WinHttpAutoProxySvc - ok
22:35:40.0426 9492 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:35:40.0436 9492 Winmgmt - ok
22:35:40.0486 9492 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:35:40.0506 9492 WinRM - ok
22:35:40.0566 9492 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:35:40.0566 9492 WinUsb - ok
22:35:40.0596 9492 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:35:40.0606 9492 Wlansvc - ok
22:35:40.0606 9492 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:35:40.0606 9492 WmiAcpi - ok
22:35:40.0626 9492 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:35:40.0646 9492 wmiApSrv - ok
22:35:40.0656 9492 WMPNetworkSvc - ok
22:35:40.0666 9492 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:35:40.0666 9492 WPCSvc - ok
22:35:40.0676 9492 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:35:40.0676 9492 WPDBusEnum - ok
22:35:40.0686 9492 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:35:40.0686 9492 ws2ifsl - ok
22:35:40.0716 9492 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:35:40.0716 9492 wscsvc - ok
22:35:40.0726 9492 WSearch - ok
22:35:40.0846 9492 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:35:40.0876 9492 wuauserv - ok
22:35:40.0896 9492 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:35:40.0906 9492 WudfPf - ok
22:35:40.0936 9492 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:35:40.0936 9492 WUDFRd - ok
22:35:40.0946 9492 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:35:40.0946 9492 wudfsvc - ok
22:35:40.0966 9492 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:35:40.0966 9492 WwanSvc - ok
22:35:40.0986 9492 ================ Scan global ===============================
22:35:41.0016 9492 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:35:41.0046 9492 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:35:41.0046 9492 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:35:41.0076 9492 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:35:41.0096 9492 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:35:41.0096 9492 [Global] - ok
22:35:41.0096 9492 ================ Scan MBR ==================================
22:35:41.0136 9492 [ 0F84F2562620C40D8A3E1908C8075675 ] \Device\Harddisk0\DR0
22:35:41.0136 9492 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:35:41.0176 9492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:35:41.0176 9492 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:35:41.0176 9492 ================ Scan VBR ==================================
22:35:41.0176 9492 [ B500B05005FFF3872CC13A7D176C531B ] \Device\Harddisk0\DR0\Partition1
22:35:41.0176 9492 \Device\Harddisk0\DR0\Partition1 - ok
22:35:41.0186 9492 [ 359DFC2FEAD303787C79170B040CE9DD ] \Device\Harddisk0\DR0\Partition2
22:35:41.0186 9492 \Device\Harddisk0\DR0\Partition2 - ok
22:35:41.0196 9492 [ 1DCD00F7961C9059EFBD44E74902AD78 ] \Device\Harddisk0\DR0\Partition3
22:35:41.0196 9492 \Device\Harddisk0\DR0\Partition3 - ok
22:35:41.0196 9492 ============================================================
22:35:41.0196 9492 Scan finished
22:35:41.0196 9492 ============================================================
22:35:41.0206 7336 Detected object count: 1
22:35:41.0206 7336 Actual detected object count: 1
22:35:48.0316 7336 \Device\Harddisk0\DR0\# - copied to quarantine
22:35:48.0386 7336 \Device\Harddisk0\DR0 - copied to quarantine
22:35:48.0406 7336 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:35:48.0406 7336 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:35:48.0416 7336 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:35:48.0416 7336 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:35:48.0426 7336 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:35:48.0426 7336 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:35:48.0476 7336 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:35:48.0496 7336 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:35:48.0506 7336 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:35:48.0526 7336 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:35:48.0546 7336 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:35:48.0556 7336 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:35:48.0626 7336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:35:48.0636 7336 \Device\Harddisk0\DR0 - ok
22:35:54.0216 7336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:36:00.0716 10452 Deinitialize success
 
22:39:03.0129 3988 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:39:03.0721 3988 ============================================================
22:39:03.0721 3988 Current date / time: 2012/10/03 22:39:03.0721
22:39:03.0721 3988 SystemInfo:
22:39:03.0721 3988
22:39:03.0721 3988 OS Version: 6.1.7600 ServicePack: 0.0
22:39:03.0721 3988 Product type: Workstation
22:39:03.0721 3988 ComputerName: LINDSAY-PC
22:39:03.0721 3988 UserName: Admin
22:39:03.0721 3988 Windows directory: C:\Windows
22:39:03.0721 3988 System windows directory: C:\Windows
22:39:03.0721 3988 Running under WOW64
22:39:03.0721 3988 Processor architecture: Intel x64
22:39:03.0721 3988 Number of processors: 4
22:39:03.0721 3988 Page size: 0x1000
22:39:03.0721 3988 Boot type: Normal boot
22:39:03.0721 3988 ============================================================
22:39:08.0308 3988 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:39:08.0339 3988 ============================================================
22:39:08.0339 3988 \Device\Harddisk0\DR0:
22:39:08.0370 3988 MBR partitions:
22:39:08.0370 3988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:39:08.0370 3988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
22:39:08.0370 3988 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
22:39:08.0370 3988 ============================================================
22:39:08.0464 3988 C: <-> \Device\Harddisk0\DR0\Partition3
22:39:08.0542 3988 D: <-> \Device\Harddisk0\DR0\Partition2
22:39:08.0542 3988 ============================================================
22:39:08.0542 3988 Initialize success
22:39:08.0542 3988 ============================================================
 
Same message:

Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website: 78.41.203.120

Type: outgoing
Port: 50230, Process: svchost.exe
 
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.04.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Admin :: LINDSAY-PC [administrator]

Protection: Enabled

10/4/2012 12:26:55 PM
mbam-log-2012-10-04 (12-26-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247249
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

12:26:32.0240 1424 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:26:34.0253 1424 ============================================================
12:26:34.0253 1424 Current date / time: 2012/10/04 12:26:34.0253
12:26:34.0253 1424 SystemInfo:
12:26:34.0253 1424
12:26:34.0253 1424 OS Version: 6.1.7600 ServicePack: 0.0
12:26:34.0253 1424 Product type: Workstation
12:26:34.0253 1424 ComputerName: LINDSAY-PC
12:26:37.0446 1424 UserName: Admin
12:26:37.0446 1424 Windows directory: C:\Windows
12:26:37.0446 1424 System windows directory: C:\Windows
12:26:37.0446 1424 Running under WOW64
12:26:37.0446 1424 Processor architecture: Intel x64
12:26:37.0446 1424 Number of processors: 4
12:26:37.0446 1424 Page size: 0x1000
12:26:37.0446 1424 Boot type: Normal boot
12:26:37.0446 1424 ============================================================
12:26:39.0115 1424 BG loaded
12:26:39.0848 1424 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:26:39.0848 1424 ============================================================
12:26:39.0848 1424 \Device\Harddisk0\DR0:
12:26:39.0864 1424 MBR partitions:
12:26:39.0864 1424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:26:39.0864 1424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
12:26:39.0864 1424 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
12:26:39.0864 1424 ============================================================
12:26:39.0910 1424 C: <-> \Device\Harddisk0\DR0\Partition3
12:26:40.0004 1424 D: <-> \Device\Harddisk0\DR0\Partition2
12:26:40.0004 1424 ============================================================
12:26:40.0004 1424 Initialize success
12:26:40.0004 1424 ============================================================
12:26:45.0667 1504 Deinitialize success
 
12:49:07.0154 4112 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:49:07.0574 4112 ============================================================
12:49:07.0574 4112 Current date / time: 2012/09/27 12:49:07.0574
12:49:07.0574 4112 SystemInfo:
12:49:07.0574 4112
12:49:07.0574 4112 OS Version: 6.1.7600 ServicePack: 0.0
12:49:07.0574 4112 Product type: Workstation
12:49:07.0574 4112 ComputerName: LINDSAY-PC
12:49:07.0574 4112 UserName: Admin
12:49:07.0574 4112 Windows directory: C:\Windows
12:49:07.0574 4112 System windows directory: C:\Windows
12:49:07.0574 4112 Running under WOW64
12:49:07.0574 4112 Processor architecture: Intel x64
12:49:07.0574 4112 Number of processors: 4
12:49:07.0574 4112 Page size: 0x1000
12:49:07.0574 4112 Boot type: Normal boot
12:49:07.0574 4112 ============================================================
12:49:08.0354 4112 BG loaded
12:49:08.0574 4112 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:49:08.0584 4112 ============================================================
12:49:08.0584 4112 \Device\Harddisk0\DR0:
12:49:08.0584 4112 MBR partitions:
12:49:08.0584 4112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:49:08.0584 4112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
12:49:08.0584 4112 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
12:49:08.0584 4112 ============================================================
12:49:08.0604 4112 C: <-> \Device\Harddisk0\DR0\Partition3
12:49:08.0644 4112 D: <-> \Device\Harddisk0\DR0\Partition2
12:49:08.0644 4112 ============================================================
12:49:08.0644 4112 Initialize success
12:49:08.0644 4112 ============================================================
12:49:10.0034 2168 ============================================================
12:49:10.0034 2168 Scan started
12:49:10.0034 2168 Mode: Manual;
12:49:10.0034 2168 ============================================================
12:49:11.0464 2168 ================ Scan system memory ========================
12:49:11.0464 2168 System memory - ok
12:49:11.0464 2168 ================ Scan services =============================
12:49:11.0554 2168 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:49:11.0604 2168 !SASCORE - ok
12:49:11.0844 2168 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:49:11.0844 2168 1394ohci - ok
12:49:11.0874 2168 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
12:49:11.0874 2168 ACPI - ok
12:49:11.0894 2168 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
12:49:11.0894 2168 AcpiPmi - ok
12:49:12.0014 2168 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:49:12.0014 2168 AdobeFlashPlayerUpdateSvc - ok
12:49:12.0044 2168 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:49:12.0044 2168 adp94xx - ok
12:49:12.0064 2168 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:49:12.0074 2168 adpahci - ok
12:49:12.0094 2168 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:49:12.0094 2168 adpu320 - ok
12:49:12.0124 2168 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:49:12.0124 2168 AeLookupSvc - ok
12:49:12.0164 2168 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
12:49:12.0174 2168 AFD - ok
12:49:12.0184 2168 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
12:49:12.0194 2168 agp440 - ok
12:49:12.0224 2168 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:49:12.0224 2168 ALG - ok
12:49:12.0234 2168 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
12:49:12.0244 2168 aliide - ok
12:49:12.0254 2168 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
12:49:12.0254 2168 amdide - ok
12:49:12.0274 2168 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:49:12.0274 2168 AmdK8 - ok
12:49:12.0294 2168 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:49:12.0294 2168 AmdPPM - ok
12:49:12.0304 2168 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
12:49:12.0304 2168 amdsata - ok
12:49:12.0324 2168 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:49:12.0324 2168 amdsbs - ok
12:49:12.0344 2168 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
12:49:12.0344 2168 amdxata - ok
12:49:12.0364 2168 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
12:49:12.0364 2168 AppID - ok
12:49:12.0394 2168 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:49:12.0394 2168 AppIDSvc - ok
12:49:12.0444 2168 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
12:49:12.0444 2168 Appinfo - ok
12:49:12.0544 2168 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:49:12.0544 2168 Apple Mobile Device - ok
12:49:12.0584 2168 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:49:12.0584 2168 AppMgmt - ok
12:49:12.0594 2168 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:49:12.0594 2168 arc - ok
12:49:12.0594 2168 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:49:12.0594 2168 arcsas - ok
12:49:12.0624 2168 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:49:12.0624 2168 AsyncMac - ok
12:49:12.0644 2168 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
12:49:12.0644 2168 atapi - ok
12:49:12.0734 2168 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:49:12.0784 2168 atikmdag - ok
12:49:12.0814 2168 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:49:12.0814 2168 AudioEndpointBuilder - ok
12:49:12.0824 2168 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:49:12.0834 2168 AudioSrv - ok
12:49:12.0864 2168 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:49:12.0864 2168 AxInstSV - ok
12:49:12.0904 2168 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:49:12.0914 2168 b06bdrv - ok
12:49:12.0934 2168 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:49:12.0934 2168 b57nd60a - ok
12:49:12.0954 2168 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:49:12.0964 2168 BDESVC - ok
12:49:12.0974 2168 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:49:12.0974 2168 Beep - ok
12:49:13.0014 2168 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
12:49:13.0024 2168 BITS - ok
12:49:13.0024 2168 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:49:13.0034 2168 blbdrive - ok
12:49:13.0084 2168 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:49:13.0084 2168 Bonjour Service - ok
12:49:13.0114 2168 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:49:13.0114 2168 bowser - ok
12:49:13.0134 2168 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:49:13.0134 2168 BrFiltLo - ok
12:49:13.0154 2168 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:49:13.0154 2168 BrFiltUp - ok
12:49:13.0184 2168 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
12:49:13.0184 2168 Browser - ok
12:49:13.0204 2168 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:49:13.0204 2168 Brserid - ok
12:49:13.0224 2168 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:49:13.0224 2168 BrSerWdm - ok
12:49:13.0234 2168 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:49:13.0234 2168 BrUsbMdm - ok
12:49:13.0244 2168 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:49:13.0244 2168 BrUsbSer - ok
12:49:13.0264 2168 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:49:13.0264 2168 BTHMODEM - ok
12:49:13.0284 2168 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:49:13.0284 2168 bthserv - ok
12:49:13.0304 2168 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:49:13.0304 2168 cdfs - ok
12:49:13.0324 2168 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:49:13.0324 2168 cdrom - ok
12:49:13.0354 2168 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
12:49:13.0354 2168 CertPropSvc - ok
12:49:13.0354 2168 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:49:13.0354 2168 circlass - ok
12:49:13.0394 2168 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:49:13.0394 2168 CLFS - ok
12:49:13.0464 2168 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:49:13.0464 2168 clr_optimization_v2.0.50727_32 - ok
12:49:13.0524 2168 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:49:13.0524 2168 clr_optimization_v2.0.50727_64 - ok
12:49:13.0534 2168 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:49:13.0534 2168 CmBatt - ok
12:49:13.0554 2168 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
12:49:13.0554 2168 cmdide - ok
12:49:13.0584 2168 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
12:49:13.0594 2168 CNG - ok
12:49:13.0604 2168 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:49:13.0604 2168 Compbatt - ok
12:49:13.0624 2168 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:49:13.0624 2168 CompositeBus - ok
12:49:13.0624 2168 COMSysApp - ok
12:49:13.0644 2168 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
12:49:13.0644 2168 cpuz134 - ok
12:49:13.0664 2168 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:49:13.0664 2168 crcdisk - ok
12:49:13.0684 2168 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:49:13.0684 2168 CryptSvc - ok
12:49:13.0714 2168 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
12:49:13.0724 2168 CSC - ok
12:49:13.0754 2168 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
12:49:13.0764 2168 CscService - ok
12:49:13.0794 2168 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:49:13.0794 2168 DcomLaunch - ok
12:49:13.0814 2168 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:49:13.0814 2168 defragsvc - ok
12:49:13.0834 2168 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:49:13.0834 2168 DfsC - ok
12:49:13.0854 2168 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
12:49:13.0864 2168 Dhcp - ok
12:49:13.0874 2168 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:49:13.0874 2168 discache - ok
12:49:13.0884 2168 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:49:13.0884 2168 Disk - ok
12:49:13.0904 2168 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:49:13.0904 2168 Dnscache - ok
12:49:13.0934 2168 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
12:49:13.0934 2168 dot3svc - ok
12:49:13.0944 2168 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
12:49:13.0954 2168 DPS - ok
12:49:13.0984 2168 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:49:13.0984 2168 drmkaud - ok
12:49:14.0014 2168 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:49:14.0024 2168 DXGKrnl - ok
12:49:14.0054 2168 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:49:14.0054 2168 EapHost - ok
12:49:14.0134 2168 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:49:14.0164 2168 ebdrv - ok
12:49:14.0184 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
12:49:14.0194 2168 EFS - ok
12:49:14.0234 2168 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:49:14.0244 2168 ehRecvr - ok
12:49:14.0254 2168 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:49:14.0254 2168 ehSched - ok
12:49:14.0284 2168 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:49:14.0284 2168 elxstor - ok
12:49:14.0384 2168 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
12:49:14.0384 2168 EPSON_EB_RPCV4_01 - ok
12:49:14.0424 2168 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
12:49:14.0424 2168 EPSON_PM_RPCV4_01 - ok
12:49:14.0444 2168 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
12:49:14.0464 2168 ErrDev - ok
12:49:14.0514 2168 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:49:14.0524 2168 EventSystem - ok
12:49:14.0554 2168 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:49:14.0554 2168 exfat - ok
12:49:14.0574 2168 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:49:14.0574 2168 fastfat - ok
12:49:14.0614 2168 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
12:49:14.0624 2168 Fax - ok
12:49:14.0654 2168 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:49:14.0654 2168 fdc - ok
12:49:14.0664 2168 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:49:14.0664 2168 fdPHost - ok
12:49:14.0674 2168 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:49:14.0674 2168 FDResPub - ok
12:49:14.0684 2168 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:49:14.0684 2168 FileInfo - ok
12:49:14.0704 2168 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:49:14.0704 2168 Filetrace - ok
12:49:14.0714 2168 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:49:14.0714 2168 flpydisk - ok
12:49:14.0734 2168 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:49:14.0734 2168 FltMgr - ok
12:49:14.0774 2168 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
12:49:14.0784 2168 FontCache - ok
12:49:14.0844 2168 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:49:14.0844 2168 FontCache3.0.0.0 - ok
12:49:14.0864 2168 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:49:14.0864 2168 FsDepends - ok
12:49:14.0894 2168 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:49:14.0894 2168 Fs_Rec - ok
12:49:14.0914 2168 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:49:14.0914 2168 fvevol - ok
12:49:14.0944 2168 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:49:14.0944 2168 gagp30kx - ok
12:49:14.0954 2168 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:49:14.0954 2168 GEARAspiWDM - ok
12:49:14.0984 2168 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
12:49:14.0994 2168 gpsvc - ok
12:49:15.0014 2168 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:49:15.0014 2168 hcw85cir - ok
12:49:15.0044 2168 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:49:15.0054 2168 HdAudAddService - ok
12:49:15.0074 2168 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:49:15.0084 2168 HDAudBus - ok
12:49:15.0104 2168 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:49:15.0104 2168 HidBatt - ok
12:49:15.0104 2168 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:49:15.0104 2168 HidBth - ok
12:49:15.0124 2168 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:49:15.0124 2168 HidIr - ok
12:49:15.0144 2168 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:49:15.0144 2168 hidserv - ok
12:49:15.0164 2168 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:49:15.0164 2168 HidUsb - ok
12:49:15.0184 2168 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:49:15.0184 2168 hkmsvc - ok
12:49:15.0204 2168 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:49:15.0204 2168 HomeGroupListener - ok
12:49:15.0244 2168 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:49:15.0244 2168 HomeGroupProvider - ok
12:49:15.0244 2168 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
12:49:15.0244 2168 HpSAMD - ok
12:49:15.0294 2168 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:49:15.0294 2168 HTTP - ok
12:49:15.0314 2168 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:49:15.0314 2168 hwpolicy - ok
12:49:15.0354 2168 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:49:15.0354 2168 i8042prt - ok
12:49:15.0374 2168 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
12:49:15.0374 2168 iaStorV - ok
12:49:15.0464 2168 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:49:15.0484 2168 IDriverT - ok
12:49:15.0544 2168 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:49:15.0554 2168 idsvc - ok
12:49:15.0574 2168 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:49:15.0574 2168 iirsp - ok
12:49:15.0614 2168 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
12:49:15.0614 2168 IKEEXT - ok
12:49:15.0634 2168 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
12:49:15.0634 2168 intelide - ok
12:49:15.0654 2168 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:49:15.0654 2168 intelppm - ok
12:49:15.0664 2168 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:49:15.0664 2168 IPBusEnum - ok
12:49:15.0684 2168 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:49:15.0684 2168 IpFilterDriver - ok
12:49:15.0704 2168 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:49:15.0704 2168 IPMIDRV - ok
12:49:15.0724 2168 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:49:15.0724 2168 IPNAT - ok
12:49:15.0844 2168 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:49:15.0854 2168 iPod Service - ok
12:49:15.0874 2168 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:49:15.0874 2168 IRENUM - ok
12:49:15.0884 2168 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
12:49:15.0884 2168 isapnp - ok
12:49:15.0904 2168 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:49:15.0914 2168 iScsiPrt - ok
12:49:15.0944 2168 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:49:15.0944 2168 kbdclass - ok
12:49:15.0964 2168 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:49:15.0964 2168 kbdhid - ok
12:49:15.0984 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
12:49:15.0984 2168 KeyIso - ok
12:49:15.0994 2168 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:49:15.0994 2168 KSecDD - ok
12:49:16.0014 2168 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:49:16.0024 2168 KSecPkg - ok
12:49:16.0044 2168 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:49:16.0044 2168 ksthunk - ok
12:49:16.0054 2168 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:49:16.0054 2168 KtmRm - ok
12:49:16.0074 2168 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
12:49:16.0074 2168 L1E - ok
12:49:16.0094 2168 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:49:16.0094 2168 LanmanServer - ok
12:49:16.0124 2168 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:49:16.0124 2168 LanmanWorkstation - ok
12:49:16.0144 2168 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:49:16.0144 2168 lltdio - ok
12:49:16.0164 2168 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:49:16.0164 2168 lltdsvc - ok
12:49:16.0204 2168 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:49:16.0204 2168 lmhosts - ok
12:49:16.0224 2168 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:49:16.0224 2168 LSI_FC - ok
12:49:16.0234 2168 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:49:16.0234 2168 LSI_SAS - ok
12:49:16.0244 2168 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:49:16.0244 2168 LSI_SAS2 - ok
12:49:16.0264 2168 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:49:16.0264 2168 LSI_SCSI - ok
12:49:16.0294 2168 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:49:16.0294 2168 luafv - ok
12:49:16.0334 2168 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:49:16.0334 2168 MBAMProtector - ok
12:49:16.0384 2168 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:49:16.0384 2168 MBAMScheduler - ok
12:49:16.0414 2168 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:49:16.0424 2168 MBAMService - ok
12:49:16.0454 2168 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:49:16.0454 2168 Mcx2Svc - ok
12:49:16.0464 2168 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:49:16.0464 2168 megasas - ok
12:49:16.0524 2168 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:49:16.0524 2168 MegaSR - ok
12:49:16.0584 2168 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:49:16.0594 2168 Microsoft Office Groove Audit Service - ok
12:49:16.0614 2168 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:49:16.0614 2168 MMCSS - ok
12:49:16.0654 2168 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:49:16.0654 2168 Modem - ok
12:49:16.0664 2168 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:49:16.0664 2168 monitor - ok
12:49:16.0684 2168 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:49:16.0684 2168 mouclass - ok
12:49:16.0684 2168 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:49:16.0684 2168 mouhid - ok
12:49:16.0714 2168 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:49:16.0714 2168 mountmgr - ok
12:49:16.0734 2168 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
12:49:16.0744 2168 mpio - ok
12:49:16.0764 2168 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:49:16.0764 2168 mpsdrv - ok
12:49:16.0794 2168 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
12:49:16.0794 2168 MQAC - ok
12:49:16.0824 2168 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:49:16.0854 2168 MRxDAV - ok
12:49:16.0954 2168 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:49:16.0964 2168 mrxsmb - ok
12:49:16.0994 2168 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:49:16.0994 2168 mrxsmb10 - ok
12:49:17.0014 2168 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:49:17.0014 2168 mrxsmb20 - ok
12:49:17.0024 2168 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
12:49:17.0024 2168 msahci - ok
12:49:17.0034 2168 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
12:49:17.0034 2168 msdsm - ok
12:49:17.0044 2168 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:49:17.0044 2168 MSDTC - ok
12:49:17.0064 2168 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:49:17.0064 2168 Msfs - ok
12:49:17.0074 2168 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:49:17.0074 2168 mshidkmdf - ok
12:49:17.0084 2168 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
12:49:17.0084 2168 msisadrv - ok
12:49:17.0114 2168 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:49:17.0114 2168 MSiSCSI - ok
12:49:17.0114 2168 msiserver - ok
12:49:17.0144 2168 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:49:17.0144 2168 MSKSSRV - ok
12:49:17.0174 2168 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
12:49:17.0174 2168 MSMQ - ok
12:49:17.0184 2168 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:49:17.0184 2168 MSPCLOCK - ok
12:49:17.0204 2168 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:49:17.0204 2168 MSPQM - ok
12:49:17.0224 2168 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:49:17.0234 2168 MsRPC - ok
12:49:17.0254 2168 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:49:17.0254 2168 mssmbios - ok
12:49:17.0384 2168 MSSQL$SOPHOS - ok
12:49:17.0484 2168 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:49:17.0484 2168 MSSQLServerADHelper100 - ok
12:49:17.0514 2168 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:49:17.0514 2168 MSTEE - ok
12:49:17.0534 2168 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:49:17.0534 2168 MTConfig - ok
12:49:17.0554 2168 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:49:17.0554 2168 Mup - ok
12:49:17.0584 2168 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
12:49:17.0594 2168 napagent - ok
12:49:17.0644 2168 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:49:17.0644 2168 NativeWifiP - ok
12:49:17.0674 2168 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:49:17.0684 2168 NDIS - ok
12:49:17.0704 2168 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:49:17.0704 2168 NdisCap - ok
12:49:17.0734 2168 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:49:17.0734 2168 NdisTapi - ok
12:49:17.0754 2168 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:49:17.0754 2168 Ndisuio - ok
12:49:17.0764 2168 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:49:17.0764 2168 NdisWan - ok
12:49:17.0774 2168 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:49:17.0784 2168 NDProxy - ok
12:49:17.0794 2168 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:49:17.0794 2168 NetBIOS - ok
12:49:17.0804 2168 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:49:17.0804 2168 NetBT - ok
12:49:17.0824 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
12:49:17.0824 2168 Netlogon - ok
12:49:17.0874 2168 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:49:17.0874 2168 Netman - ok
12:49:17.0894 2168 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:49:17.0904 2168 netprofm - ok
12:49:17.0924 2168 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:49:17.0924 2168 NetTcpPortSharing - ok
12:49:17.0944 2168 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:49:17.0944 2168 nfrd960 - ok
12:49:17.0964 2168 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:49:17.0964 2168 NlaSvc - ok
12:49:17.0974 2168 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:49:17.0974 2168 Npfs - ok
12:49:17.0994 2168 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:49:17.0994 2168 nsi - ok
12:49:18.0004 2168 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:49:18.0004 2168 nsiproxy - ok
12:49:18.0044 2168 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:49:18.0064 2168 Ntfs - ok
12:49:18.0074 2168 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:49:18.0074 2168 Null - ok
12:49:18.0094 2168 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
12:49:18.0094 2168 nvraid - ok
12:49:18.0114 2168 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
12:49:18.0114 2168 nvstor - ok
12:49:18.0124 2168 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
12:49:18.0124 2168 nv_agp - ok
12:49:18.0204 2168 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:49:18.0214 2168 odserv - ok
12:49:18.0224 2168 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:49:18.0224 2168 ohci1394 - ok
12:49:18.0264 2168 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:49:18.0264 2168 ose - ok
12:49:18.0284 2168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:49:18.0294 2168 p2pimsvc - ok
12:49:18.0334 2168 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:49:18.0334 2168 p2psvc - ok
12:49:18.0344 2168 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:49:18.0344 2168 Parport - ok
12:49:18.0374 2168 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:49:18.0374 2168 partmgr - ok
12:49:18.0394 2168 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:49:18.0394 2168 PcaSvc - ok
12:49:18.0404 2168 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
12:49:18.0404 2168 pci - ok
12:49:18.0424 2168 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:49:18.0424 2168 pciide - ok
12:49:18.0434 2168 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:49:18.0434 2168 pcmcia - ok
12:49:18.0454 2168 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:49:18.0454 2168 pcw - ok
12:49:18.0474 2168 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:49:18.0474 2168 PEAUTH - ok
12:49:18.0544 2168 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:49:18.0554 2168 PeerDistSvc - ok
12:49:18.0624 2168 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:49:18.0624 2168 PerfHost - ok
12:49:18.0664 2168 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
12:49:18.0674 2168 pla - ok
12:49:18.0704 2168 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:49:18.0714 2168 PlugPlay - ok
12:49:18.0724 2168 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:49:18.0724 2168 PNRPAutoReg - ok
12:49:18.0734 2168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
 
12:49:18.0734 2168 PNRPsvc - ok
12:49:18.0764 2168 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:49:18.0764 2168 PolicyAgent - ok
12:49:18.0844 2168 postgresql-8.4 - ok
12:49:18.0874 2168 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:49:18.0874 2168 Power - ok
12:49:18.0894 2168 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:49:18.0904 2168 PptpMiniport - ok
12:49:18.0914 2168 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:49:18.0914 2168 Processor - ok
12:49:18.0934 2168 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
12:49:18.0934 2168 ProfSvc - ok
12:49:18.0954 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:49:18.0954 2168 ProtectedStorage - ok
12:49:18.0974 2168 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:49:18.0984 2168 Psched - ok
12:49:19.0044 2168 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:49:19.0054 2168 ql2300 - ok
12:49:19.0074 2168 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:49:19.0084 2168 ql40xx - ok
12:49:19.0094 2168 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:49:19.0104 2168 QWAVE - ok
12:49:19.0134 2168 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:49:19.0134 2168 QWAVEdrv - ok
12:49:19.0144 2168 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:49:19.0144 2168 RasAcd - ok
12:49:19.0174 2168 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:49:19.0174 2168 RasAgileVpn - ok
12:49:19.0194 2168 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:49:19.0194 2168 RasAuto - ok
12:49:19.0214 2168 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:49:19.0214 2168 Rasl2tp - ok
12:49:19.0224 2168 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
12:49:19.0224 2168 RasMan - ok
12:49:19.0244 2168 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:49:19.0244 2168 RasPppoe - ok
12:49:19.0274 2168 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:49:19.0274 2168 RasSstp - ok
12:49:19.0294 2168 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:49:19.0294 2168 rdbss - ok
12:49:19.0304 2168 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:49:19.0304 2168 rdpbus - ok
12:49:19.0314 2168 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:49:19.0314 2168 RDPCDD - ok
12:49:19.0344 2168 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:49:19.0344 2168 RDPDR - ok
12:49:19.0374 2168 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:49:19.0374 2168 RDPENCDD - ok
12:49:19.0384 2168 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:49:19.0384 2168 RDPREFMP - ok
12:49:19.0414 2168 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:49:19.0414 2168 RDPWD - ok
12:49:19.0424 2168 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:49:19.0434 2168 rdyboost - ok
12:49:19.0484 2168 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
12:49:19.0484 2168 Realtek11nSU - ok
12:49:19.0554 2168 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:49:19.0554 2168 RemoteAccess - ok
12:49:19.0564 2168 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:49:19.0564 2168 RemoteRegistry - ok
12:49:19.0594 2168 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:49:19.0594 2168 RpcEptMapper - ok
12:49:19.0624 2168 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:49:19.0624 2168 RpcLocator - ok
12:49:19.0644 2168 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
12:49:19.0644 2168 RpcSs - ok
12:49:19.0694 2168 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
12:49:19.0704 2168 RsFx0103 - ok
12:49:19.0714 2168 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:49:19.0714 2168 rspndr - ok
12:49:19.0734 2168 [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
12:49:19.0744 2168 RTL8192su - ok
12:49:19.0764 2168 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
12:49:19.0764 2168 s3cap - ok
12:49:19.0784 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
12:49:19.0784 2168 SamSs - ok
12:49:19.0864 2168 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:49:19.0864 2168 SASDIFSV - ok
12:49:19.0884 2168 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:49:19.0884 2168 SASKUTIL - ok
12:49:19.0894 2168 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
12:49:19.0894 2168 sbp2port - ok
12:49:19.0924 2168 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:49:19.0934 2168 SCardSvr - ok
12:49:19.0954 2168 [ 4B12E2E559641B0F26474BBC6D7CFAFF ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
12:49:19.0964 2168 SCDEmu - ok
12:49:19.0974 2168 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:49:19.0974 2168 scfilter - ok
12:49:20.0014 2168 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
12:49:20.0024 2168 Schedule - ok
12:49:20.0054 2168 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:49:20.0054 2168 SCPolicySvc - ok
12:49:20.0064 2168 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:49:20.0064 2168 SDRSVC - ok
12:49:20.0084 2168 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:49:20.0084 2168 secdrv - ok
12:49:20.0094 2168 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
12:49:20.0104 2168 seclogon - ok
12:49:20.0104 2168 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:49:20.0114 2168 SENS - ok
12:49:20.0114 2168 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:49:20.0114 2168 SensrSvc - ok
12:49:20.0124 2168 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:49:20.0124 2168 Serenum - ok
12:49:20.0134 2168 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:49:20.0134 2168 Serial - ok
12:49:20.0144 2168 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:49:20.0144 2168 sermouse - ok
12:49:20.0174 2168 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
12:49:20.0174 2168 SessionEnv - ok
12:49:20.0194 2168 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
12:49:20.0194 2168 sffdisk - ok
12:49:20.0204 2168 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:49:20.0204 2168 sffp_mmc - ok
12:49:20.0224 2168 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
12:49:20.0224 2168 sffp_sd - ok
12:49:20.0234 2168 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:49:20.0234 2168 sfloppy - ok
12:49:20.0264 2168 [ 41264E06A5CB8FF21D4D2FC59CFEE8EC ] SGNBusinessLogicService C:\Program Files (x86)\Sophos\Encryption\BLService.exe
12:49:20.0264 2168 SGNBusinessLogicService - ok
12:49:20.0274 2168 SGN_LogSystem - ok
12:49:20.0294 2168 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:49:20.0304 2168 SharedAccess - ok
12:49:20.0324 2168 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:49:20.0334 2168 ShellHWDetection - ok
12:49:20.0354 2168 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:49:20.0354 2168 SiSRaid2 - ok
12:49:20.0364 2168 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:49:20.0364 2168 SiSRaid4 - ok
12:49:20.0404 2168 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:49:20.0404 2168 Smb - ok
12:49:20.0434 2168 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:49:20.0434 2168 SNMPTRAP - ok
12:49:20.0594 2168 [ 1DD15CBAE4AA7B2F5166D0C2700AEF94 ] Sophos Agent C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
12:49:20.0594 2168 Sophos Agent - ok
12:49:20.0614 2168 [ F55A42C8A2FA52B2EFAB477C015AD24E ] Sophos Certification Manager C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
12:49:20.0614 2168 Sophos Certification Manager - ok
12:49:20.0734 2168 [ AB6E2BF3AD49DDB152A53201DFF42483 ] Sophos Management Service C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
12:49:20.0784 2168 Sophos Management Service - ok
12:49:20.0834 2168 [ 65F816D7534D25623DA909911FF7E7D8 ] Sophos Message Router C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
12:49:20.0844 2168 Sophos Message Router - ok
12:49:20.0884 2168 [ 1BE9D02F57AB179C2FB900E3B3938F41 ] SophosManagementHostService C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe
12:49:20.0884 2168 SophosManagementHostService - ok
12:49:20.0914 2168 [ D0BC85E0D204E42EE54867A8E6EFE7A6 ] SophosPatchEndpointCommunicator C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe
12:49:20.0914 2168 SophosPatchEndpointCommunicator - ok
12:49:20.0944 2168 [ AA87E68657D0AD06C5922A01D01B47FB ] SophosPatchOrchestratorService C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe
12:49:20.0944 2168 SophosPatchOrchestratorService - ok
12:49:20.0974 2168 [ C5816593AC80CA028EBD8A481E70B8DB ] SophosPatchServerCommunicator C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe
12:49:20.0974 2168 SophosPatchServerCommunicator - ok
12:49:20.0994 2168 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:49:20.0994 2168 spldr - ok
12:49:21.0014 2168 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
12:49:21.0024 2168 Spooler - ok
12:49:21.0094 2168 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
12:49:21.0124 2168 sppsvc - ok
12:49:21.0164 2168 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:49:21.0164 2168 sppuinotify - ok
12:49:21.0254 2168 [ A5609D0178B2FEC118A7F4A24ECD1BFB ] SQLAgent$SOPHOS c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE
12:49:21.0254 2168 SQLAgent$SOPHOS - ok
12:49:21.0324 2168 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:49:21.0324 2168 SQLBrowser - ok
12:49:21.0364 2168 [ C298D989D717CB153702E397B6D9AAAD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:49:21.0374 2168 SQLWriter - ok
12:49:21.0404 2168 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:49:21.0404 2168 srv - ok
12:49:21.0444 2168 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:49:21.0444 2168 srv2 - ok
12:49:21.0484 2168 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:49:21.0484 2168 srvnet - ok
12:49:21.0504 2168 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:49:21.0514 2168 SSDPSRV - ok
12:49:21.0524 2168 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:49:21.0524 2168 SstpSvc - ok
12:49:21.0544 2168 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:49:21.0544 2168 stexstor - ok
12:49:21.0604 2168 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
12:49:21.0614 2168 stisvc - ok
12:49:21.0624 2168 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
12:49:21.0624 2168 storflt - ok
12:49:21.0644 2168 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
12:49:21.0644 2168 storvsc - ok
12:49:21.0654 2168 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:49:21.0654 2168 swenum - ok
12:49:21.0684 2168 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:49:21.0694 2168 swprv - ok
12:49:21.0734 2168 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
12:49:21.0744 2168 SysMain - ok
12:49:21.0764 2168 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:49:21.0764 2168 TabletInputService - ok
12:49:21.0784 2168 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
12:49:21.0784 2168 TapiSrv - ok
12:49:21.0804 2168 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:49:21.0804 2168 TBS - ok
12:49:21.0854 2168 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:49:21.0874 2168 Tcpip - ok
12:49:21.0904 2168 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:49:21.0914 2168 TCPIP6 - ok
12:49:21.0934 2168 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:49:21.0934 2168 tcpipreg - ok
12:49:21.0944 2168 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:49:21.0944 2168 TDPIPE - ok
12:49:21.0964 2168 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:49:21.0984 2168 TDTCP - ok
12:49:22.0024 2168 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:49:22.0054 2168 tdx - ok
12:49:22.0104 2168 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:49:22.0124 2168 TermDD - ok
12:49:22.0154 2168 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
12:49:22.0164 2168 TermService - ok
12:49:22.0174 2168 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:49:22.0174 2168 Themes - ok
12:49:22.0204 2168 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:49:22.0204 2168 THREADORDER - ok
12:49:22.0214 2168 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:49:22.0214 2168 TrkWks - ok
12:49:22.0264 2168 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:49:22.0274 2168 TrustedInstaller - ok
12:49:22.0274 2168 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:49:22.0274 2168 tssecsrv - ok
12:49:22.0314 2168 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:49:22.0314 2168 tunnel - ok
12:49:22.0324 2168 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:49:22.0334 2168 uagp35 - ok
12:49:22.0354 2168 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:49:22.0354 2168 udfs - ok
12:49:22.0374 2168 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:49:22.0374 2168 UI0Detect - ok
12:49:22.0394 2168 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
12:49:22.0394 2168 uliagpkx - ok
12:49:22.0424 2168 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:49:22.0424 2168 umbus - ok
12:49:22.0464 2168 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:49:22.0464 2168 UmPass - ok
12:49:22.0484 2168 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
12:49:22.0484 2168 UmRdpService - ok
12:49:22.0514 2168 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:49:22.0514 2168 upnphost - ok
12:49:22.0534 2168 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:49:22.0534 2168 USBAAPL64 - ok
12:49:22.0564 2168 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:49:22.0564 2168 usbaudio - ok
12:49:22.0584 2168 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:49:22.0604 2168 usbccgp - ok
12:49:22.0624 2168 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:49:22.0624 2168 usbcir - ok
12:49:22.0644 2168 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:49:22.0644 2168 usbehci - ok
12:49:22.0664 2168 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:49:22.0674 2168 usbhub - ok
12:49:22.0684 2168 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:49:22.0684 2168 usbohci - ok
12:49:22.0704 2168 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:49:22.0704 2168 usbprint - ok
12:49:22.0714 2168 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:49:22.0714 2168 usbscan - ok
12:49:22.0734 2168 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:49:22.0734 2168 USBSTOR - ok
12:49:22.0754 2168 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:49:22.0754 2168 usbuhci - ok
12:49:22.0774 2168 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:49:22.0774 2168 UxSms - ok
12:49:22.0794 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
12:49:22.0794 2168 VaultSvc - ok
12:49:22.0814 2168 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
12:49:22.0814 2168 vdrvroot - ok
12:49:22.0844 2168 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
12:49:22.0844 2168 vds - ok
12:49:22.0854 2168 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:49:22.0854 2168 vga - ok
12:49:22.0874 2168 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:49:22.0874 2168 VgaSave - ok
12:49:22.0884 2168 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
12:49:22.0884 2168 vhdmp - ok
12:49:22.0894 2168 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
12:49:22.0894 2168 viaide - ok
12:49:22.0914 2168 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
12:49:22.0914 2168 vmbus - ok
12:49:22.0934 2168 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
12:49:22.0934 2168 VMBusHID - ok
12:49:22.0944 2168 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
12:49:22.0944 2168 volmgr - ok
12:49:22.0964 2168 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:49:22.0974 2168 volmgrx - ok
12:49:22.0994 2168 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
12:49:22.0994 2168 volsnap - ok
12:49:23.0004 2168 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:49:23.0004 2168 vsmraid - ok
12:49:23.0044 2168 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
12:49:23.0054 2168 VSS - ok
12:49:23.0074 2168 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:49:23.0074 2168 vwifibus - ok
12:49:23.0094 2168 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:49:23.0094 2168 vwififlt - ok
12:49:23.0114 2168 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:49:23.0124 2168 W32Time - ok
12:49:23.0144 2168 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:49:23.0144 2168 WacomPen - ok
12:49:23.0164 2168 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:49:23.0164 2168 WANARP - ok
12:49:23.0174 2168 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:49:23.0174 2168 Wanarpv6 - ok
12:49:23.0204 2168 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
12:49:23.0224 2168 wbengine - ok
12:49:23.0244 2168 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:49:23.0244 2168 WbioSrvc - ok
12:49:23.0264 2168 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:49:23.0274 2168 wcncsvc - ok
12:49:23.0294 2168 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:49:23.0294 2168 WcsPlugInService - ok
12:49:23.0314 2168 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:49:23.0314 2168 Wd - ok
12:49:23.0334 2168 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:49:23.0344 2168 Wdf01000 - ok
12:49:23.0354 2168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:49:23.0354 2168 WdiServiceHost - ok
12:49:23.0354 2168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:49:23.0354 2168 WdiSystemHost - ok
12:49:23.0374 2168 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
12:49:23.0374 2168 WebClient - ok
12:49:23.0384 2168 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:49:23.0384 2168 Wecsvc - ok
12:49:23.0424 2168 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:49:23.0424 2168 wercplsupport - ok
12:49:23.0444 2168 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:49:23.0444 2168 WerSvc - ok
12:49:23.0464 2168 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:49:23.0464 2168 WfpLwf - ok
12:49:23.0474 2168 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:49:23.0474 2168 WIMMount - ok
12:49:23.0474 2168 WinHttpAutoProxySvc - ok
12:49:23.0534 2168 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:49:23.0534 2168 Winmgmt - ok
12:49:23.0664 2168 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
12:49:23.0684 2168 WinRM - ok
12:49:23.0724 2168 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:49:23.0724 2168 WinUsb - ok
12:49:23.0764 2168 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:49:23.0774 2168 Wlansvc - ok
12:49:23.0774 2168 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:49:23.0774 2168 WmiAcpi - ok
12:49:23.0794 2168 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:49:23.0804 2168 wmiApSrv - ok
12:49:23.0834 2168 WMPNetworkSvc - ok
12:49:23.0834 2168 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:49:23.0834 2168 WPCSvc - ok
12:49:23.0844 2168 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:49:23.0854 2168 WPDBusEnum - ok
12:49:23.0854 2168 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:49:23.0854 2168 ws2ifsl - ok
12:49:23.0864 2168 WSearch - ok
12:49:23.0934 2168 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:49:23.0954 2168 wuauserv - ok
12:49:23.0974 2168 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:49:23.0974 2168 WudfPf - ok
12:49:24.0014 2168 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:49:24.0014 2168 WUDFRd - ok
12:49:24.0044 2168 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:49:24.0044 2168 wudfsvc - ok
12:49:24.0074 2168 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:49:24.0074 2168 WwanSvc - ok
12:49:24.0094 2168 ================ Scan global ===============================
12:49:24.0124 2168 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:49:24.0144 2168 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:49:24.0154 2168 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:49:24.0164 2168 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:49:24.0194 2168 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:49:24.0204 2168 [Global] - ok
12:49:24.0204 2168 ================ Scan MBR ==================================
12:49:24.0214 2168 [ 0F84F2562620C40D8A3E1908C8075675 ] \Device\Harddisk0\DR0
12:49:24.0214 2168 Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:49:24.0254 2168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:49:24.0254 2168 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:49:24.0254 2168 ================ Scan VBR ==================================
12:49:24.0264 2168 [ B500B05005FFF3872CC13A7D176C531B ] \Device\Harddisk0\DR0\Partition1
12:49:24.0264 2168 \Device\Harddisk0\DR0\Partition1 - ok
12:49:24.0274 2168 [ 359DFC2FEAD303787C79170B040CE9DD ] \Device\Harddisk0\DR0\Partition2
12:49:24.0274 2168 \Device\Harddisk0\DR0\Partition2 - ok
12:49:24.0274 2168 [ 1DCD00F7961C9059EFBD44E74902AD78 ] \Device\Harddisk0\DR0\Partition3
12:49:24.0274 2168 \Device\Harddisk0\DR0\Partition3 - ok
12:49:24.0274 2168 ============================================================
12:49:24.0274 2168 Scan finished
12:49:24.0274 2168 ============================================================
12:49:24.0284 2136 Detected object count: 1
12:49:24.0284 2136 Actual detected object count: 1
12:49:36.0534 2136 \Device\Harddisk0\DR0\# - copied to quarantine
12:49:36.0534 2136 \Device\Harddisk0\DR0 - copied to quarantine
12:49:36.0554 2136 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:49:36.0554 2136 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:49:36.0584 2136 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:49:36.0584 2136 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:49:36.0594 2136 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:49:36.0594 2136 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:49:36.0594 2136 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:49:36.0604 2136 \Device\Harddisk0\DR0 - ok
12:49:42.0234 2136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:49:49.0444 5708 Deinitialize success
 
12:53:43.0032 4004 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:53:43.0766 4004 ============================================================
12:53:43.0766 4004 Current date / time: 2012/09/27 12:53:43.0766
12:53:43.0766 4004 SystemInfo:
12:53:43.0766 4004
12:53:43.0766 4004 OS Version: 6.1.7600 ServicePack: 0.0
12:53:43.0766 4004 Product type: Workstation
12:53:43.0766 4004 ComputerName: LINDSAY-PC
12:53:43.0766 4004 UserName: Admin
12:53:43.0766 4004 Windows directory: C:\Windows
12:53:43.0766 4004 System windows directory: C:\Windows
12:53:43.0766 4004 Running under WOW64
12:53:43.0766 4004 Processor architecture: Intel x64
12:53:43.0766 4004 Number of processors: 4
12:53:43.0766 4004 Page size: 0x1000
12:53:43.0766 4004 Boot type: Normal boot
12:53:43.0766 4004 ============================================================
12:53:48.0196 4004 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:53:48.0196 4004 ============================================================
12:53:48.0196 4004 \Device\Harddisk0\DR0:
12:53:48.0196 4004 MBR partitions:
12:53:48.0196 4004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:53:48.0196 4004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
12:53:48.0196 4004 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
12:53:48.0196 4004 ============================================================
12:53:48.0243 4004 C: <-> \Device\Harddisk0\DR0\Partition3
12:53:48.0305 4004 D: <-> \Device\Harddisk0\DR0\Partition2
12:53:48.0305 4004 ============================================================
12:53:48.0305 4004 Initialize success
12:53:48.0305 4004 ============================================================
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back