Help computer infected! log files requested in sticky are pasted

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.04.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Admin :: LINDSAY-PC [administrator]

Protection: Enabled

10/4/2012 12:26:55 PM
mbam-log-2012-10-04 (12-26-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247249
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

12:26:32.0240 1424 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:26:34.0253 1424 ============================================================
12:26:34.0253 1424 Current date / time: 2012/10/04 12:26:34.0253
12:26:34.0253 1424 SystemInfo:
12:26:34.0253 1424
12:26:34.0253 1424 OS Version: 6.1.7600 ServicePack: 0.0
12:26:34.0253 1424 Product type: Workstation
12:26:34.0253 1424 ComputerName: LINDSAY-PC
12:26:37.0446 1424 UserName: Admin
12:26:37.0446 1424 Windows directory: C:\Windows
12:26:37.0446 1424 System windows directory: C:\Windows
12:26:37.0446 1424 Running under WOW64
12:26:37.0446 1424 Processor architecture: Intel x64
12:26:37.0446 1424 Number of processors: 4
12:26:37.0446 1424 Page size: 0x1000
12:26:37.0446 1424 Boot type: Normal boot
12:26:37.0446 1424 ============================================================
12:26:39.0115 1424 BG loaded
12:26:39.0848 1424 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:26:39.0848 1424 ============================================================
12:26:39.0848 1424 \Device\Harddisk0\DR0:
12:26:39.0864 1424 MBR partitions:
12:26:39.0864 1424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:26:39.0864 1424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
12:26:39.0864 1424 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
12:26:39.0864 1424 ============================================================
12:26:39.0910 1424 C: <-> \Device\Harddisk0\DR0\Partition3
12:26:40.0004 1424 D: <-> \Device\Harddisk0\DR0\Partition2
12:26:40.0004 1424 ============================================================
12:26:40.0004 1424 Initialize success
12:26:40.0004 1424 ============================================================
12:26:45.0667 1504 Deinitialize success

12:49:07.0154 4112 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:49:07.0574 4112 ============================================================
12:49:07.0574 4112 Current date / time: 2012/09/27 12:49:07.0574
12:49:07.0574 4112 SystemInfo:
12:49:07.0574 4112
12:49:07.0574 4112 OS Version: 6.1.7600 ServicePack: 0.0
12:49:07.0574 4112 Product type: Workstation
12:49:07.0574 4112 ComputerName: LINDSAY-PC
12:49:07.0574 4112 UserName: Admin
12:49:07.0574 4112 Windows directory: C:\Windows
12:49:07.0574 4112 System windows directory: C:\Windows
12:49:07.0574 4112 Running under WOW64
12:49:07.0574 4112 Processor architecture: Intel x64
12:49:07.0574 4112 Number of processors: 4
12:49:07.0574 4112 Page size: 0x1000
12:49:07.0574 4112 Boot type: Normal boot
12:49:07.0574 4112 ============================================================
12:49:08.0354 4112 BG loaded
12:49:08.0574 4112 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:49:08.0584 4112 ============================================================
12:49:08.0584 4112 \Device\Harddisk0\DR0:
12:49:08.0584 4112 MBR partitions:
12:49:08.0584 4112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:49:08.0584 4112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
12:49:08.0584 4112 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
12:49:08.0584 4112 ============================================================
12:49:08.0604 4112 C: <-> \Device\Harddisk0\DR0\Partition3
12:49:08.0644 4112 D: <-> \Device\Harddisk0\DR0\Partition2
12:49:08.0644 4112 ============================================================
12:49:08.0644 4112 Initialize success
12:49:08.0644 4112 ============================================================
12:49:10.0034 2168 ============================================================
12:49:10.0034 2168 Scan started
12:49:10.0034 2168 Mode: Manual;
12:49:10.0034 2168 ============================================================
12:49:11.0464 2168 ================ Scan system memory ========================
12:49:11.0464 2168 System memory - ok
12:49:11.0464 2168 ================ Scan services =============================
12:49:11.0554 2168 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:49:11.0604 2168 !SASCORE - ok
12:49:11.0844 2168 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:49:11.0844 2168 1394ohci - ok
12:49:11.0874 2168 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
12:49:11.0874 2168 ACPI - ok
12:49:11.0894 2168 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
12:49:11.0894 2168 AcpiPmi - ok
12:49:12.0014 2168 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:49:12.0014 2168 AdobeFlashPlayerUpdateSvc - ok
12:49:12.0044 2168 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:49:12.0044 2168 adp94xx - ok
12:49:12.0064 2168 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:49:12.0074 2168 adpahci - ok
12:49:12.0094 2168 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:49:12.0094 2168 adpu320 - ok
12:49:12.0124 2168 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:49:12.0124 2168 AeLookupSvc - ok
12:49:12.0164 2168 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
12:49:12.0174 2168 AFD - ok
12:49:12.0184 2168 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
12:49:12.0194 2168 agp440 - ok
12:49:12.0224 2168 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:49:12.0224 2168 ALG - ok
12:49:12.0234 2168 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
12:49:12.0244 2168 aliide - ok
12:49:12.0254 2168 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
12:49:12.0254 2168 amdide - ok
12:49:12.0274 2168 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:49:12.0274 2168 AmdK8 - ok
12:49:12.0294 2168 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:49:12.0294 2168 AmdPPM - ok
12:49:12.0304 2168 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
12:49:12.0304 2168 amdsata - ok
12:49:12.0324 2168 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:49:12.0324 2168 amdsbs - ok
12:49:12.0344 2168 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
12:49:12.0344 2168 amdxata - ok
12:49:12.0364 2168 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
12:49:12.0364 2168 AppID - ok
12:49:12.0394 2168 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:49:12.0394 2168 AppIDSvc - ok
12:49:12.0444 2168 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
12:49:12.0444 2168 Appinfo - ok
12:49:12.0544 2168 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:49:12.0544 2168 Apple Mobile Device - ok
12:49:12.0584 2168 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:49:12.0584 2168 AppMgmt - ok
12:49:12.0594 2168 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:49:12.0594 2168 arc - ok
12:49:12.0594 2168 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:49:12.0594 2168 arcsas - ok
12:49:12.0624 2168 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:49:12.0624 2168 AsyncMac - ok
12:49:12.0644 2168 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
12:49:12.0644 2168 atapi - ok
12:49:12.0734 2168 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:49:12.0784 2168 atikmdag - ok
12:49:12.0814 2168 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:49:12.0814 2168 AudioEndpointBuilder - ok
12:49:12.0824 2168 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:49:12.0834 2168 AudioSrv - ok
12:49:12.0864 2168 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:49:12.0864 2168 AxInstSV - ok
12:49:12.0904 2168 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:49:12.0914 2168 b06bdrv - ok
12:49:12.0934 2168 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:49:12.0934 2168 b57nd60a - ok
12:49:12.0954 2168 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:49:12.0964 2168 BDESVC - ok
12:49:12.0974 2168 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:49:12.0974 2168 Beep - ok
12:49:13.0014 2168 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
12:49:13.0024 2168 BITS - ok
12:49:13.0024 2168 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:49:13.0034 2168 blbdrive - ok
12:49:13.0084 2168 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:49:13.0084 2168 Bonjour Service - ok
12:49:13.0114 2168 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:49:13.0114 2168 bowser - ok
12:49:13.0134 2168 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:49:13.0134 2168 BrFiltLo - ok
12:49:13.0154 2168 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:49:13.0154 2168 BrFiltUp - ok
12:49:13.0184 2168 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
12:49:13.0184 2168 Browser - ok
12:49:13.0204 2168 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:49:13.0204 2168 Brserid - ok
12:49:13.0224 2168 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:49:13.0224 2168 BrSerWdm - ok
12:49:13.0234 2168 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:49:13.0234 2168 BrUsbMdm - ok
12:49:13.0244 2168 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:49:13.0244 2168 BrUsbSer - ok
12:49:13.0264 2168 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:49:13.0264 2168 BTHMODEM - ok
12:49:13.0284 2168 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:49:13.0284 2168 bthserv - ok
12:49:13.0304 2168 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:49:13.0304 2168 cdfs - ok
12:49:13.0324 2168 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:49:13.0324 2168 cdrom - ok
12:49:13.0354 2168 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
12:49:13.0354 2168 CertPropSvc - ok
12:49:13.0354 2168 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:49:13.0354 2168 circlass - ok
12:49:13.0394 2168 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:49:13.0394 2168 CLFS - ok
12:49:13.0464 2168 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:49:13.0464 2168 clr_optimization_v2.0.50727_32 - ok
12:49:13.0524 2168 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:49:13.0524 2168 clr_optimization_v2.0.50727_64 - ok
12:49:13.0534 2168 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:49:13.0534 2168 CmBatt - ok
12:49:13.0554 2168 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
12:49:13.0554 2168 cmdide - ok
12:49:13.0584 2168 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
12:49:13.0594 2168 CNG - ok
12:49:13.0604 2168 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:49:13.0604 2168 Compbatt - ok
12:49:13.0624 2168 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:49:13.0624 2168 CompositeBus - ok
12:49:13.0624 2168 COMSysApp - ok
12:49:13.0644 2168 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
12:49:13.0644 2168 cpuz134 - ok
12:49:13.0664 2168 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:49:13.0664 2168 crcdisk - ok
12:49:13.0684 2168 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:49:13.0684 2168 CryptSvc - ok
12:49:13.0714 2168 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
12:49:13.0724 2168 CSC - ok
12:49:13.0754 2168 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
12:49:13.0764 2168 CscService - ok
12:49:13.0794 2168 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:49:13.0794 2168 DcomLaunch - ok
12:49:13.0814 2168 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:49:13.0814 2168 defragsvc - ok
12:49:13.0834 2168 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:49:13.0834 2168 DfsC - ok
12:49:13.0854 2168 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
12:49:13.0864 2168 Dhcp - ok
12:49:13.0874 2168 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:49:13.0874 2168 discache - ok
12:49:13.0884 2168 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:49:13.0884 2168 Disk - ok
12:49:13.0904 2168 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:49:13.0904 2168 Dnscache - ok
12:49:13.0934 2168 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
12:49:13.0934 2168 dot3svc - ok
12:49:13.0944 2168 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
12:49:13.0954 2168 DPS - ok
12:49:13.0984 2168 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:49:13.0984 2168 drmkaud - ok
12:49:14.0014 2168 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:49:14.0024 2168 DXGKrnl - ok
12:49:14.0054 2168 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:49:14.0054 2168 EapHost - ok
12:49:14.0134 2168 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:49:14.0164 2168 ebdrv - ok
12:49:14.0184 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
12:49:14.0194 2168 EFS - ok
12:49:14.0234 2168 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:49:14.0244 2168 ehRecvr - ok
12:49:14.0254 2168 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:49:14.0254 2168 ehSched - ok
12:49:14.0284 2168 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:49:14.0284 2168 elxstor - ok
12:49:14.0384 2168 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
12:49:14.0384 2168 EPSON_EB_RPCV4_01 - ok
12:49:14.0424 2168 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
12:49:14.0424 2168 EPSON_PM_RPCV4_01 - ok
12:49:14.0444 2168 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
12:49:14.0464 2168 ErrDev - ok
12:49:14.0514 2168 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:49:14.0524 2168 EventSystem - ok
12:49:14.0554 2168 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:49:14.0554 2168 exfat - ok
12:49:14.0574 2168 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:49:14.0574 2168 fastfat - ok
12:49:14.0614 2168 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
12:49:14.0624 2168 Fax - ok
12:49:14.0654 2168 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:49:14.0654 2168 fdc - ok
12:49:14.0664 2168 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:49:14.0664 2168 fdPHost - ok
12:49:14.0674 2168 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:49:14.0674 2168 FDResPub - ok
12:49:14.0684 2168 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:49:14.0684 2168 FileInfo - ok
12:49:14.0704 2168 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:49:14.0704 2168 Filetrace - ok
12:49:14.0714 2168 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:49:14.0714 2168 flpydisk - ok
12:49:14.0734 2168 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:49:14.0734 2168 FltMgr - ok
12:49:14.0774 2168 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
12:49:14.0784 2168 FontCache - ok
12:49:14.0844 2168 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:49:14.0844 2168 FontCache3.0.0.0 - ok
12:49:14.0864 2168 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:49:14.0864 2168 FsDepends - ok
12:49:14.0894 2168 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:49:14.0894 2168 Fs_Rec - ok
12:49:14.0914 2168 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:49:14.0914 2168 fvevol - ok
12:49:14.0944 2168 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:49:14.0944 2168 gagp30kx - ok
12:49:14.0954 2168 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:49:14.0954 2168 GEARAspiWDM - ok
12:49:14.0984 2168 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
12:49:14.0994 2168 gpsvc - ok
12:49:15.0014 2168 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:49:15.0014 2168 hcw85cir - ok
12:49:15.0044 2168 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:49:15.0054 2168 HdAudAddService - ok
12:49:15.0074 2168 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:49:15.0084 2168 HDAudBus - ok
12:49:15.0104 2168 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:49:15.0104 2168 HidBatt - ok
12:49:15.0104 2168 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:49:15.0104 2168 HidBth - ok
12:49:15.0124 2168 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:49:15.0124 2168 HidIr - ok
12:49:15.0144 2168 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:49:15.0144 2168 hidserv - ok
12:49:15.0164 2168 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:49:15.0164 2168 HidUsb - ok
12:49:15.0184 2168 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:49:15.0184 2168 hkmsvc - ok
12:49:15.0204 2168 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:49:15.0204 2168 HomeGroupListener - ok
12:49:15.0244 2168 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:49:15.0244 2168 HomeGroupProvider - ok
12:49:15.0244 2168 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
12:49:15.0244 2168 HpSAMD - ok
12:49:15.0294 2168 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:49:15.0294 2168 HTTP - ok
12:49:15.0314 2168 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:49:15.0314 2168 hwpolicy - ok
12:49:15.0354 2168 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:49:15.0354 2168 i8042prt - ok
12:49:15.0374 2168 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
12:49:15.0374 2168 iaStorV - ok
12:49:15.0464 2168 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:49:15.0484 2168 IDriverT - ok
12:49:15.0544 2168 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:49:15.0554 2168 idsvc - ok
12:49:15.0574 2168 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:49:15.0574 2168 iirsp - ok
12:49:15.0614 2168 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
12:49:15.0614 2168 IKEEXT - ok
12:49:15.0634 2168 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
12:49:15.0634 2168 intelide - ok
12:49:15.0654 2168 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:49:15.0654 2168 intelppm - ok
12:49:15.0664 2168 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:49:15.0664 2168 IPBusEnum - ok
12:49:15.0684 2168 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:49:15.0684 2168 IpFilterDriver - ok
12:49:15.0704 2168 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:49:15.0704 2168 IPMIDRV - ok
12:49:15.0724 2168 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:49:15.0724 2168 IPNAT - ok
12:49:15.0844 2168 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:49:15.0854 2168 iPod Service - ok
12:49:15.0874 2168 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:49:15.0874 2168 IRENUM - ok
12:49:15.0884 2168 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
12:49:15.0884 2168 isapnp - ok
12:49:15.0904 2168 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:49:15.0914 2168 iScsiPrt - ok
12:49:15.0944 2168 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:49:15.0944 2168 kbdclass - ok
12:49:15.0964 2168 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:49:15.0964 2168 kbdhid - ok
12:49:15.0984 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
12:49:15.0984 2168 KeyIso - ok
12:49:15.0994 2168 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:49:15.0994 2168 KSecDD - ok
12:49:16.0014 2168 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:49:16.0024 2168 KSecPkg - ok
12:49:16.0044 2168 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:49:16.0044 2168 ksthunk - ok
12:49:16.0054 2168 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:49:16.0054 2168 KtmRm - ok
12:49:16.0074 2168 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
12:49:16.0074 2168 L1E - ok
12:49:16.0094 2168 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:49:16.0094 2168 LanmanServer - ok
12:49:16.0124 2168 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:49:16.0124 2168 LanmanWorkstation - ok
12:49:16.0144 2168 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:49:16.0144 2168 lltdio - ok
12:49:16.0164 2168 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:49:16.0164 2168 lltdsvc - ok
12:49:16.0204 2168 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:49:16.0204 2168 lmhosts - ok
12:49:16.0224 2168 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:49:16.0224 2168 LSI_FC - ok
12:49:16.0234 2168 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:49:16.0234 2168 LSI_SAS - ok
12:49:16.0244 2168 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:49:16.0244 2168 LSI_SAS2 - ok
12:49:16.0264 2168 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:49:16.0264 2168 LSI_SCSI - ok
12:49:16.0294 2168 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:49:16.0294 2168 luafv - ok
12:49:16.0334 2168 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:49:16.0334 2168 MBAMProtector - ok
12:49:16.0384 2168 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:49:16.0384 2168 MBAMScheduler - ok
12:49:16.0414 2168 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:49:16.0424 2168 MBAMService - ok
12:49:16.0454 2168 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:49:16.0454 2168 Mcx2Svc - ok
12:49:16.0464 2168 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:49:16.0464 2168 megasas - ok
12:49:16.0524 2168 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:49:16.0524 2168 MegaSR - ok
12:49:16.0584 2168 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:49:16.0594 2168 Microsoft Office Groove Audit Service - ok
12:49:16.0614 2168 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:49:16.0614 2168 MMCSS - ok
12:49:16.0654 2168 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:49:16.0654 2168 Modem - ok
12:49:16.0664 2168 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:49:16.0664 2168 monitor - ok
12:49:16.0684 2168 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:49:16.0684 2168 mouclass - ok
12:49:16.0684 2168 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:49:16.0684 2168 mouhid - ok
12:49:16.0714 2168 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:49:16.0714 2168 mountmgr - ok
12:49:16.0734 2168 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
12:49:16.0744 2168 mpio - ok
12:49:16.0764 2168 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:49:16.0764 2168 mpsdrv - ok
12:49:16.0794 2168 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
12:49:16.0794 2168 MQAC - ok
12:49:16.0824 2168 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:49:16.0854 2168 MRxDAV - ok
12:49:16.0954 2168 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:49:16.0964 2168 mrxsmb - ok
12:49:16.0994 2168 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:49:16.0994 2168 mrxsmb10 - ok
12:49:17.0014 2168 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:49:17.0014 2168 mrxsmb20 - ok
12:49:17.0024 2168 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
12:49:17.0024 2168 msahci - ok
12:49:17.0034 2168 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
12:49:17.0034 2168 msdsm - ok
12:49:17.0044 2168 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:49:17.0044 2168 MSDTC - ok
12:49:17.0064 2168 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:49:17.0064 2168 Msfs - ok
12:49:17.0074 2168 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:49:17.0074 2168 mshidkmdf - ok
12:49:17.0084 2168 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
12:49:17.0084 2168 msisadrv - ok
12:49:17.0114 2168 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:49:17.0114 2168 MSiSCSI - ok
12:49:17.0114 2168 msiserver - ok
12:49:17.0144 2168 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:49:17.0144 2168 MSKSSRV - ok
12:49:17.0174 2168 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
12:49:17.0174 2168 MSMQ - ok
12:49:17.0184 2168 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:49:17.0184 2168 MSPCLOCK - ok
12:49:17.0204 2168 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:49:17.0204 2168 MSPQM - ok
12:49:17.0224 2168 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:49:17.0234 2168 MsRPC - ok
12:49:17.0254 2168 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:49:17.0254 2168 mssmbios - ok
12:49:17.0384 2168 MSSQL$SOPHOS - ok
12:49:17.0484 2168 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:49:17.0484 2168 MSSQLServerADHelper100 - ok
12:49:17.0514 2168 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:49:17.0514 2168 MSTEE - ok
12:49:17.0534 2168 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:49:17.0534 2168 MTConfig - ok
12:49:17.0554 2168 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:49:17.0554 2168 Mup - ok
12:49:17.0584 2168 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
12:49:17.0594 2168 napagent - ok
12:49:17.0644 2168 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:49:17.0644 2168 NativeWifiP - ok
12:49:17.0674 2168 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:49:17.0684 2168 NDIS - ok
12:49:17.0704 2168 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:49:17.0704 2168 NdisCap - ok
12:49:17.0734 2168 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:49:17.0734 2168 NdisTapi - ok
12:49:17.0754 2168 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:49:17.0754 2168 Ndisuio - ok
12:49:17.0764 2168 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:49:17.0764 2168 NdisWan - ok
12:49:17.0774 2168 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:49:17.0784 2168 NDProxy - ok
12:49:17.0794 2168 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:49:17.0794 2168 NetBIOS - ok
12:49:17.0804 2168 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:49:17.0804 2168 NetBT - ok
12:49:17.0824 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
12:49:17.0824 2168 Netlogon - ok
12:49:17.0874 2168 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:49:17.0874 2168 Netman - ok
12:49:17.0894 2168 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:49:17.0904 2168 netprofm - ok
12:49:17.0924 2168 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:49:17.0924 2168 NetTcpPortSharing - ok
12:49:17.0944 2168 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:49:17.0944 2168 nfrd960 - ok
12:49:17.0964 2168 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:49:17.0964 2168 NlaSvc - ok
12:49:17.0974 2168 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:49:17.0974 2168 Npfs - ok
12:49:17.0994 2168 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:49:17.0994 2168 nsi - ok
12:49:18.0004 2168 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:49:18.0004 2168 nsiproxy - ok
12:49:18.0044 2168 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:49:18.0064 2168 Ntfs - ok
12:49:18.0074 2168 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:49:18.0074 2168 Null - ok
12:49:18.0094 2168 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
12:49:18.0094 2168 nvraid - ok
12:49:18.0114 2168 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
12:49:18.0114 2168 nvstor - ok
12:49:18.0124 2168 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
12:49:18.0124 2168 nv_agp - ok
12:49:18.0204 2168 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:49:18.0214 2168 odserv - ok
12:49:18.0224 2168 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:49:18.0224 2168 ohci1394 - ok
12:49:18.0264 2168 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:49:18.0264 2168 ose - ok
12:49:18.0284 2168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:49:18.0294 2168 p2pimsvc - ok
12:49:18.0334 2168 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:49:18.0334 2168 p2psvc - ok
12:49:18.0344 2168 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:49:18.0344 2168 Parport - ok
12:49:18.0374 2168 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:49:18.0374 2168 partmgr - ok
12:49:18.0394 2168 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:49:18.0394 2168 PcaSvc - ok
12:49:18.0404 2168 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
12:49:18.0404 2168 pci - ok
12:49:18.0424 2168 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:49:18.0424 2168 pciide - ok
12:49:18.0434 2168 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:49:18.0434 2168 pcmcia - ok
12:49:18.0454 2168 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:49:18.0454 2168 pcw - ok
12:49:18.0474 2168 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:49:18.0474 2168 PEAUTH - ok
12:49:18.0544 2168 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:49:18.0554 2168 PeerDistSvc - ok
12:49:18.0624 2168 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:49:18.0624 2168 PerfHost - ok
12:49:18.0664 2168 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
12:49:18.0674 2168 pla - ok
12:49:18.0704 2168 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:49:18.0714 2168 PlugPlay - ok
12:49:18.0724 2168 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:49:18.0724 2168 PNRPAutoReg - ok
12:49:18.0734 2168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

12:49:18.0734 2168 PNRPsvc - ok
12:49:18.0764 2168 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:49:18.0764 2168 PolicyAgent - ok
12:49:18.0844 2168 postgresql-8.4 - ok
12:49:18.0874 2168 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:49:18.0874 2168 Power - ok
12:49:18.0894 2168 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:49:18.0904 2168 PptpMiniport - ok
12:49:18.0914 2168 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:49:18.0914 2168 Processor - ok
12:49:18.0934 2168 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
12:49:18.0934 2168 ProfSvc - ok
12:49:18.0954 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:49:18.0954 2168 ProtectedStorage - ok
12:49:18.0974 2168 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:49:18.0984 2168 Psched - ok
12:49:19.0044 2168 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:49:19.0054 2168 ql2300 - ok
12:49:19.0074 2168 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:49:19.0084 2168 ql40xx - ok
12:49:19.0094 2168 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:49:19.0104 2168 QWAVE - ok
12:49:19.0134 2168 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:49:19.0134 2168 QWAVEdrv - ok
12:49:19.0144 2168 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:49:19.0144 2168 RasAcd - ok
12:49:19.0174 2168 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:49:19.0174 2168 RasAgileVpn - ok
12:49:19.0194 2168 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:49:19.0194 2168 RasAuto - ok
12:49:19.0214 2168 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:49:19.0214 2168 Rasl2tp - ok
12:49:19.0224 2168 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
12:49:19.0224 2168 RasMan - ok
12:49:19.0244 2168 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:49:19.0244 2168 RasPppoe - ok
12:49:19.0274 2168 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:49:19.0274 2168 RasSstp - ok
12:49:19.0294 2168 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:49:19.0294 2168 rdbss - ok
12:49:19.0304 2168 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:49:19.0304 2168 rdpbus - ok
12:49:19.0314 2168 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:49:19.0314 2168 RDPCDD - ok
12:49:19.0344 2168 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:49:19.0344 2168 RDPDR - ok
12:49:19.0374 2168 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:49:19.0374 2168 RDPENCDD - ok
12:49:19.0384 2168 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:49:19.0384 2168 RDPREFMP - ok
12:49:19.0414 2168 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:49:19.0414 2168 RDPWD - ok
12:49:19.0424 2168 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:49:19.0434 2168 rdyboost - ok
12:49:19.0484 2168 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
12:49:19.0484 2168 Realtek11nSU - ok
12:49:19.0554 2168 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:49:19.0554 2168 RemoteAccess - ok
12:49:19.0564 2168 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:49:19.0564 2168 RemoteRegistry - ok
12:49:19.0594 2168 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:49:19.0594 2168 RpcEptMapper - ok
12:49:19.0624 2168 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:49:19.0624 2168 RpcLocator - ok
12:49:19.0644 2168 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
12:49:19.0644 2168 RpcSs - ok
12:49:19.0694 2168 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
12:49:19.0704 2168 RsFx0103 - ok
12:49:19.0714 2168 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:49:19.0714 2168 rspndr - ok
12:49:19.0734 2168 [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
12:49:19.0744 2168 RTL8192su - ok
12:49:19.0764 2168 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
12:49:19.0764 2168 s3cap - ok
12:49:19.0784 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
12:49:19.0784 2168 SamSs - ok
12:49:19.0864 2168 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:49:19.0864 2168 SASDIFSV - ok
12:49:19.0884 2168 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:49:19.0884 2168 SASKUTIL - ok
12:49:19.0894 2168 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
12:49:19.0894 2168 sbp2port - ok
12:49:19.0924 2168 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:49:19.0934 2168 SCardSvr - ok
12:49:19.0954 2168 [ 4B12E2E559641B0F26474BBC6D7CFAFF ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
12:49:19.0964 2168 SCDEmu - ok
12:49:19.0974 2168 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:49:19.0974 2168 scfilter - ok
12:49:20.0014 2168 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
12:49:20.0024 2168 Schedule - ok
12:49:20.0054 2168 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:49:20.0054 2168 SCPolicySvc - ok
12:49:20.0064 2168 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:49:20.0064 2168 SDRSVC - ok
12:49:20.0084 2168 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:49:20.0084 2168 secdrv - ok
12:49:20.0094 2168 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
12:49:20.0104 2168 seclogon - ok
12:49:20.0104 2168 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:49:20.0114 2168 SENS - ok
12:49:20.0114 2168 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:49:20.0114 2168 SensrSvc - ok
12:49:20.0124 2168 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:49:20.0124 2168 Serenum - ok
12:49:20.0134 2168 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:49:20.0134 2168 Serial - ok
12:49:20.0144 2168 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:49:20.0144 2168 sermouse - ok
12:49:20.0174 2168 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
12:49:20.0174 2168 SessionEnv - ok
12:49:20.0194 2168 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
12:49:20.0194 2168 sffdisk - ok
12:49:20.0204 2168 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:49:20.0204 2168 sffp_mmc - ok
12:49:20.0224 2168 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
12:49:20.0224 2168 sffp_sd - ok
12:49:20.0234 2168 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:49:20.0234 2168 sfloppy - ok
12:49:20.0264 2168 [ 41264E06A5CB8FF21D4D2FC59CFEE8EC ] SGNBusinessLogicService C:\Program Files (x86)\Sophos\Encryption\BLService.exe
12:49:20.0264 2168 SGNBusinessLogicService - ok
12:49:20.0274 2168 SGN_LogSystem - ok
12:49:20.0294 2168 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:49:20.0304 2168 SharedAccess - ok
12:49:20.0324 2168 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:49:20.0334 2168 ShellHWDetection - ok
12:49:20.0354 2168 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:49:20.0354 2168 SiSRaid2 - ok
12:49:20.0364 2168 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:49:20.0364 2168 SiSRaid4 - ok
12:49:20.0404 2168 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:49:20.0404 2168 Smb - ok
12:49:20.0434 2168 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:49:20.0434 2168 SNMPTRAP - ok
12:49:20.0594 2168 [ 1DD15CBAE4AA7B2F5166D0C2700AEF94 ] Sophos Agent C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
12:49:20.0594 2168 Sophos Agent - ok
12:49:20.0614 2168 [ F55A42C8A2FA52B2EFAB477C015AD24E ] Sophos Certification Manager C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
12:49:20.0614 2168 Sophos Certification Manager - ok
12:49:20.0734 2168 [ AB6E2BF3AD49DDB152A53201DFF42483 ] Sophos Management Service C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
12:49:20.0784 2168 Sophos Management Service - ok
12:49:20.0834 2168 [ 65F816D7534D25623DA909911FF7E7D8 ] Sophos Message Router C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
12:49:20.0844 2168 Sophos Message Router - ok
12:49:20.0884 2168 [ 1BE9D02F57AB179C2FB900E3B3938F41 ] SophosManagementHostService C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe
12:49:20.0884 2168 SophosManagementHostService - ok
12:49:20.0914 2168 [ D0BC85E0D204E42EE54867A8E6EFE7A6 ] SophosPatchEndpointCommunicator C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe
12:49:20.0914 2168 SophosPatchEndpointCommunicator - ok
12:49:20.0944 2168 [ AA87E68657D0AD06C5922A01D01B47FB ] SophosPatchOrchestratorService C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe
12:49:20.0944 2168 SophosPatchOrchestratorService - ok
12:49:20.0974 2168 [ C5816593AC80CA028EBD8A481E70B8DB ] SophosPatchServerCommunicator C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe
12:49:20.0974 2168 SophosPatchServerCommunicator - ok
12:49:20.0994 2168 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:49:20.0994 2168 spldr - ok
12:49:21.0014 2168 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
12:49:21.0024 2168 Spooler - ok
12:49:21.0094 2168 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
12:49:21.0124 2168 sppsvc - ok
12:49:21.0164 2168 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:49:21.0164 2168 sppuinotify - ok
12:49:21.0254 2168 [ A5609D0178B2FEC118A7F4A24ECD1BFB ] SQLAgent$SOPHOS c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE
12:49:21.0254 2168 SQLAgent$SOPHOS - ok
12:49:21.0324 2168 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:49:21.0324 2168 SQLBrowser - ok
12:49:21.0364 2168 [ C298D989D717CB153702E397B6D9AAAD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:49:21.0374 2168 SQLWriter - ok
12:49:21.0404 2168 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:49:21.0404 2168 srv - ok
12:49:21.0444 2168 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:49:21.0444 2168 srv2 - ok
12:49:21.0484 2168 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:49:21.0484 2168 srvnet - ok
12:49:21.0504 2168 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:49:21.0514 2168 SSDPSRV - ok
12:49:21.0524 2168 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:49:21.0524 2168 SstpSvc - ok
12:49:21.0544 2168 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:49:21.0544 2168 stexstor - ok
12:49:21.0604 2168 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
12:49:21.0614 2168 stisvc - ok
12:49:21.0624 2168 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
12:49:21.0624 2168 storflt - ok
12:49:21.0644 2168 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
12:49:21.0644 2168 storvsc - ok
12:49:21.0654 2168 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:49:21.0654 2168 swenum - ok
12:49:21.0684 2168 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:49:21.0694 2168 swprv - ok
12:49:21.0734 2168 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
12:49:21.0744 2168 SysMain - ok
12:49:21.0764 2168 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:49:21.0764 2168 TabletInputService - ok
12:49:21.0784 2168 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
12:49:21.0784 2168 TapiSrv - ok
12:49:21.0804 2168 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:49:21.0804 2168 TBS - ok
12:49:21.0854 2168 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:49:21.0874 2168 Tcpip - ok
12:49:21.0904 2168 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:49:21.0914 2168 TCPIP6 - ok
12:49:21.0934 2168 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:49:21.0934 2168 tcpipreg - ok
12:49:21.0944 2168 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:49:21.0944 2168 TDPIPE - ok
12:49:21.0964 2168 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:49:21.0984 2168 TDTCP - ok
12:49:22.0024 2168 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:49:22.0054 2168 tdx - ok
12:49:22.0104 2168 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:49:22.0124 2168 TermDD - ok
12:49:22.0154 2168 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
12:49:22.0164 2168 TermService - ok
12:49:22.0174 2168 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:49:22.0174 2168 Themes - ok
12:49:22.0204 2168 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:49:22.0204 2168 THREADORDER - ok
12:49:22.0214 2168 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:49:22.0214 2168 TrkWks - ok
12:49:22.0264 2168 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:49:22.0274 2168 TrustedInstaller - ok
12:49:22.0274 2168 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:49:22.0274 2168 tssecsrv - ok
12:49:22.0314 2168 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:49:22.0314 2168 tunnel - ok
12:49:22.0324 2168 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:49:22.0334 2168 uagp35 - ok
12:49:22.0354 2168 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:49:22.0354 2168 udfs - ok
12:49:22.0374 2168 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:49:22.0374 2168 UI0Detect - ok
12:49:22.0394 2168 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
12:49:22.0394 2168 uliagpkx - ok
12:49:22.0424 2168 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:49:22.0424 2168 umbus - ok
12:49:22.0464 2168 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:49:22.0464 2168 UmPass - ok
12:49:22.0484 2168 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
12:49:22.0484 2168 UmRdpService - ok
12:49:22.0514 2168 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:49:22.0514 2168 upnphost - ok
12:49:22.0534 2168 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:49:22.0534 2168 USBAAPL64 - ok
12:49:22.0564 2168 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:49:22.0564 2168 usbaudio - ok
12:49:22.0584 2168 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:49:22.0604 2168 usbccgp - ok
12:49:22.0624 2168 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:49:22.0624 2168 usbcir - ok
12:49:22.0644 2168 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:49:22.0644 2168 usbehci - ok
12:49:22.0664 2168 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:49:22.0674 2168 usbhub - ok
12:49:22.0684 2168 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:49:22.0684 2168 usbohci - ok
12:49:22.0704 2168 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:49:22.0704 2168 usbprint - ok
12:49:22.0714 2168 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:49:22.0714 2168 usbscan - ok
12:49:22.0734 2168 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:49:22.0734 2168 USBSTOR - ok
12:49:22.0754 2168 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:49:22.0754 2168 usbuhci - ok
12:49:22.0774 2168 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:49:22.0774 2168 UxSms - ok
12:49:22.0794 2168 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
12:49:22.0794 2168 VaultSvc - ok
12:49:22.0814 2168 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
12:49:22.0814 2168 vdrvroot - ok
12:49:22.0844 2168 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
12:49:22.0844 2168 vds - ok
12:49:22.0854 2168 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:49:22.0854 2168 vga - ok
12:49:22.0874 2168 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:49:22.0874 2168 VgaSave - ok
12:49:22.0884 2168 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
12:49:22.0884 2168 vhdmp - ok
12:49:22.0894 2168 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
12:49:22.0894 2168 viaide - ok
12:49:22.0914 2168 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
12:49:22.0914 2168 vmbus - ok
12:49:22.0934 2168 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
12:49:22.0934 2168 VMBusHID - ok
12:49:22.0944 2168 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
12:49:22.0944 2168 volmgr - ok
12:49:22.0964 2168 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:49:22.0974 2168 volmgrx - ok
12:49:22.0994 2168 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
12:49:22.0994 2168 volsnap - ok
12:49:23.0004 2168 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:49:23.0004 2168 vsmraid - ok
12:49:23.0044 2168 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
12:49:23.0054 2168 VSS - ok
12:49:23.0074 2168 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:49:23.0074 2168 vwifibus - ok
12:49:23.0094 2168 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:49:23.0094 2168 vwififlt - ok
12:49:23.0114 2168 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:49:23.0124 2168 W32Time - ok
12:49:23.0144 2168 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:49:23.0144 2168 WacomPen - ok
12:49:23.0164 2168 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:49:23.0164 2168 WANARP - ok
12:49:23.0174 2168 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:49:23.0174 2168 Wanarpv6 - ok
12:49:23.0204 2168 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
12:49:23.0224 2168 wbengine - ok
12:49:23.0244 2168 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:49:23.0244 2168 WbioSrvc - ok
12:49:23.0264 2168 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:49:23.0274 2168 wcncsvc - ok
12:49:23.0294 2168 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:49:23.0294 2168 WcsPlugInService - ok
12:49:23.0314 2168 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:49:23.0314 2168 Wd - ok
12:49:23.0334 2168 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:49:23.0344 2168 Wdf01000 - ok
12:49:23.0354 2168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:49:23.0354 2168 WdiServiceHost - ok
12:49:23.0354 2168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:49:23.0354 2168 WdiSystemHost - ok
12:49:23.0374 2168 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
12:49:23.0374 2168 WebClient - ok
12:49:23.0384 2168 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:49:23.0384 2168 Wecsvc - ok
12:49:23.0424 2168 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:49:23.0424 2168 wercplsupport - ok
12:49:23.0444 2168 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:49:23.0444 2168 WerSvc - ok
12:49:23.0464 2168 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:49:23.0464 2168 WfpLwf - ok
12:49:23.0474 2168 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:49:23.0474 2168 WIMMount - ok
12:49:23.0474 2168 WinHttpAutoProxySvc - ok
12:49:23.0534 2168 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:49:23.0534 2168 Winmgmt - ok
12:49:23.0664 2168 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
12:49:23.0684 2168 WinRM - ok
12:49:23.0724 2168 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:49:23.0724 2168 WinUsb - ok
12:49:23.0764 2168 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:49:23.0774 2168 Wlansvc - ok
12:49:23.0774 2168 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:49:23.0774 2168 WmiAcpi - ok
12:49:23.0794 2168 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:49:23.0804 2168 wmiApSrv - ok
12:49:23.0834 2168 WMPNetworkSvc - ok
12:49:23.0834 2168 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:49:23.0834 2168 WPCSvc - ok
12:49:23.0844 2168 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:49:23.0854 2168 WPDBusEnum - ok
12:49:23.0854 2168 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:49:23.0854 2168 ws2ifsl - ok
12:49:23.0864 2168 WSearch - ok
12:49:23.0934 2168 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:49:23.0954 2168 wuauserv - ok
12:49:23.0974 2168 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:49:23.0974 2168 WudfPf - ok
12:49:24.0014 2168 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:49:24.0014 2168 WUDFRd - ok
12:49:24.0044 2168 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:49:24.0044 2168 wudfsvc - ok
12:49:24.0074 2168 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:49:24.0074 2168 WwanSvc - ok
12:49:24.0094 2168 ================ Scan global ===============================
12:49:24.0124 2168 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:49:24.0144 2168 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:49:24.0154 2168 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
12:49:24.0164 2168 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:49:24.0194 2168 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:49:24.0204 2168 [Global] - ok
12:49:24.0204 2168 ================ Scan MBR ==================================
12:49:24.0214 2168 [ 0F84F2562620C40D8A3E1908C8075675 ] \Device\Harddisk0\DR0
12:49:24.0214 2168 Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:49:24.0254 2168 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:49:24.0254 2168 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:49:24.0254 2168 ================ Scan VBR ==================================
12:49:24.0264 2168 [ B500B05005FFF3872CC13A7D176C531B ] \Device\Harddisk0\DR0\Partition1
12:49:24.0264 2168 \Device\Harddisk0\DR0\Partition1 - ok
12:49:24.0274 2168 [ 359DFC2FEAD303787C79170B040CE9DD ] \Device\Harddisk0\DR0\Partition2
12:49:24.0274 2168 \Device\Harddisk0\DR0\Partition2 - ok
12:49:24.0274 2168 [ 1DCD00F7961C9059EFBD44E74902AD78 ] \Device\Harddisk0\DR0\Partition3
12:49:24.0274 2168 \Device\Harddisk0\DR0\Partition3 - ok
12:49:24.0274 2168 ============================================================
12:49:24.0274 2168 Scan finished
12:49:24.0274 2168 ============================================================
12:49:24.0284 2136 Detected object count: 1
12:49:24.0284 2136 Actual detected object count: 1
12:49:36.0534 2136 \Device\Harddisk0\DR0\# - copied to quarantine
12:49:36.0534 2136 \Device\Harddisk0\DR0 - copied to quarantine
12:49:36.0554 2136 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:49:36.0554 2136 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:49:36.0584 2136 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:49:36.0584 2136 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:49:36.0594 2136 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:49:36.0594 2136 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:49:36.0594 2136 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:49:36.0604 2136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:49:36.0604 2136 \Device\Harddisk0\DR0 - ok
12:49:42.0234 2136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:49:49.0444 5708 Deinitialize success

12:53:43.0032 4004 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:53:43.0766 4004 ============================================================
12:53:43.0766 4004 Current date / time: 2012/09/27 12:53:43.0766
12:53:43.0766 4004 SystemInfo:
12:53:43.0766 4004
12:53:43.0766 4004 OS Version: 6.1.7600 ServicePack: 0.0
12:53:43.0766 4004 Product type: Workstation
12:53:43.0766 4004 ComputerName: LINDSAY-PC
12:53:43.0766 4004 UserName: Admin
12:53:43.0766 4004 Windows directory: C:\Windows
12:53:43.0766 4004 System windows directory: C:\Windows
12:53:43.0766 4004 Running under WOW64
12:53:43.0766 4004 Processor architecture: Intel x64
12:53:43.0766 4004 Number of processors: 4
12:53:43.0766 4004 Page size: 0x1000
12:53:43.0766 4004 Boot type: Normal boot
12:53:43.0766 4004 ============================================================
12:53:48.0196 4004 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:53:48.0196 4004 ============================================================
12:53:48.0196 4004 \Device\Harddisk0\DR0:
12:53:48.0196 4004 MBR partitions:
12:53:48.0196 4004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:53:48.0196 4004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
12:53:48.0196 4004 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
12:53:48.0196 4004 ============================================================
12:53:48.0243 4004 C: <-> \Device\Harddisk0\DR0\Partition3
12:53:48.0305 4004 D: <-> \Device\Harddisk0\DR0\Partition2
12:53:48.0305 4004 ============================================================
12:53:48.0305 4004 Initialize success
12:53:48.0305 4004 ============================================================

ComboFix 12-10-04.02 - Admin 10/04/2012 13:13:50.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2519 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 05:44 . 2012-10-04 05:44 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\programdata\RosettaStoneLtdBackup
2012-10-03 06:32 . 2012-10-03 06:32 -------- d-----w- c:\programdata\FLEXnet
2012-10-03 06:26 . 2012-10-03 06:26 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-10-03 06:23 . 2012-10-04 05:34 -------- d-----w- c:\programdata\Rosetta Stone
2012-10-03 06:07 . 2012-10-03 07:12 -------- d-----w- c:\program files (x86)\Google
2012-10-03 06:07 . 2012-10-03 06:07 4096000 ----a-w- c:\program files (x86)\GUT17D6.tmp
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\program files (x86)\GUM17D5.tmp
2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
2012-09-27 05:31 . 2012-10-04 19:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-17 00:44 . 2012-10-04 20:03 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
2012-09-13 03:35 . 2012-09-13 03:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 03:35 . 2012-09-13 03:34 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 03:34 . 2012-09-13 03:34 -------- d-----w- c:\program files (x86)\Java
2012-09-13 03:33 . 2012-09-13 03:33 -------- d-----w- c:\programdata\McAfee
2012-09-13 03:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-13 03:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-13 03:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-13 03:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-13 03:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-13 03:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-13 03:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-13 03:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-13 03:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-13 03:26 . 2012-09-13 03:26 -------- d-----w- c:\programdata\!SASCORE
2012-09-13 03:22 . 2012-09-13 03:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46 . 2012-09-13 02:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-06 03:32 . 2012-09-06 03:32 -------- d-----w- c:\users\Lindsay\AppData\Roaming\ZoomBrowser EX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 08:12 . 2012-04-14 02:26 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 08:12 . 2012-02-04 22:08 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24286133
*Deregistered* - 24286133
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:12]
.
2012-10-04 c:\windows\Tasks\Sophos Patch Feed.job
- c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
.
2012-10-04 c:\windows\Tasks\Sophos Patch Purge.job
- c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6F2055D6-ADB1-4FDC-94C0-8138DA23D0F4&n=77ee1931&ind=2012092721&p2=^HJ^xdm003^S03103^us&si=CNu90_qf17ICFURxQgodmgQAmg&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-24286133.sys
SafeBoot-30756176.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-04 13:23:35
ComboFix-quarantined-files.txt 2012-10-04 20:23
ComboFix2.txt 2012-10-03 05:49
.
Pre-Run: 485,054,640,128 bytes free
Post-Run: 485,179,998,208 bytes free
.
- - End Of File - - ACDB10A95B1C7F2B11084A546419161B

No longer getting notice from MBAM about any threats when browsing!!!

I need more time please don't lock thread. Thanks!

Thanks, I was out of town. So the computer is way faster but here's the weird thing. There is like ads running in the background that I can hear without any windows open.

ComboFix 12-10-08.03 - Admin 10/08/2012 21:29:44.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2461 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files (x86)\GUM17D5.tmp"
"c:\program files (x86)\GUT17D6.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GUT17D6.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-03 06:07 . 2012-10-03 07:12 -------- d-----w- c:\program files (x86)\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\program files (x86)\GUM17D5.tmp
2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
2012-09-27 05:31 . 2012-10-04 19:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-17 00:44 . 2012-10-09 03:57 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
2012-09-13 03:35 . 2012-09-13 03:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 03:35 . 2012-09-13 03:34 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 03:34 . 2012-09-13 03:34 -------- d-----w- c:\program files (x86)\Java
2012-09-13 03:33 . 2012-09-13 03:33 -------- d-----w- c:\programdata\McAfee
2012-09-13 03:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-13 03:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-13 03:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-13 03:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-13 03:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-13 03:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-13 03:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-13 03:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-13 03:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-13 03:26 . 2012-09-13 03:26 -------- d-----w- c:\programdata\!SASCORE
2012-09-13 03:22 . 2012-09-13 03:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46 . 2012-09-13 02:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 04:12 . 2012-04-14 02:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 04:12 . 2012-02-04 22:08 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-04 129976]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 04:12]
.
2012-10-09 c:\windows\Tasks\Sophos Patch Feed.job
- c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
.
2012-10-05 c:\windows\Tasks\Sophos Patch Purge.job
- c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-08 21:57:19
ComboFix-quarantined-files.txt 2012-10-09 04:57
ComboFix2.txt 2012-10-04 20:23
ComboFix3.txt 2012-10-03 05:49
.
Pre-Run: 484,820,955,136 bytes free
Post-Run: 484,435,464,192 bytes free
.
- - End Of File - - 51635A3F8845C0CC947779778684EA82

Not hearing ads on reboot. I think I might be clean!


ComboFix 12-10-08.03 - Admin 10/08/2012 21:29:44.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2461 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files (x86)\GUM17D5.tmp"
"c:\program files (x86)\GUT17D6.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GUT17D6.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-03 06:07 . 2012-10-03 07:12 -------- d-----w- c:\program files (x86)\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\program files (x86)\GUM17D5.tmp
2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
2012-09-27 05:31 . 2012-10-04 19:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-17 00:44 . 2012-10-09 03:57 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
2012-09-13 03:35 . 2012-09-13 03:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 03:35 . 2012-09-13 03:34 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 03:34 . 2012-09-13 03:34 -------- d-----w- c:\program files (x86)\Java
2012-09-13 03:33 . 2012-09-13 03:33 -------- d-----w- c:\programdata\McAfee
2012-09-13 03:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-13 03:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-13 03:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-13 03:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-13 03:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-13 03:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-13 03:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-13 03:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-13 03:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-13 03:26 . 2012-09-13 03:26 -------- d-----w- c:\programdata\!SASCORE
2012-09-13 03:22 . 2012-09-13 03:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46 . 2012-09-13 02:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 04:12 . 2012-04-14 02:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 04:12 . 2012-02-04 22:08 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-04 129976]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 04:12]
.
2012-10-09 c:\windows\Tasks\Sophos Patch Feed.job
- c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
.
2012-10-05 c:\windows\Tasks\Sophos Patch Purge.job
- c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-08 21:57:19
ComboFix-quarantined-files.txt 2012-10-09 04:57
ComboFix2.txt 2012-10-04 20:23
ComboFix3.txt 2012-10-03 05:49
.
Pre-Run: 484,820,955,136 bytes free
Post-Run: 484,435,464,192 bytes free
.
- - End Of File - - 51635A3F8845C0CC947779778684EA82

Oh no. Ad's are back! Mywebsearch is back. Message is back:

Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website: 89.114.9.95

Type: outgoing
Port: 51944 Process: svchost.exe

This thing won't die.

20:24:26.0368 4228 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:24:27.0071 4228 ============================================================
20:24:27.0071 4228 Current date / time: 2012/10/09 20:24:27.0071
20:24:27.0071 4228 SystemInfo:
20:24:27.0071 4228
20:24:27.0071 4228 OS Version: 6.1.7600 ServicePack: 0.0
20:24:27.0071 4228 Product type: Workstation
20:24:27.0071 4228 ComputerName: LINDSAY-PC
20:24:27.0072 4228 UserName: Admin
20:24:27.0072 4228 Windows directory: C:\Windows
20:24:27.0072 4228 System windows directory: C:\Windows
20:24:27.0072 4228 Running under WOW64
20:24:27.0072 4228 Processor architecture: Intel x64
20:24:27.0072 4228 Number of processors: 4
20:24:27.0072 4228 Page size: 0x1000
20:24:27.0072 4228 Boot type: Normal boot
20:24:27.0072 4228 ============================================================
20:24:28.0322 4228 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:24:28.0325 4228 ============================================================
20:24:28.0325 4228 \Device\Harddisk0\DR0:
20:24:28.0325 4228 MBR partitions:
20:24:28.0325 4228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:24:28.0325 4228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
20:24:28.0325 4228 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
20:24:28.0325 4228 ============================================================
20:24:28.0344 4228 C: <-> \Device\Harddisk0\DR0\Partition3
20:24:28.0382 4228 D: <-> \Device\Harddisk0\DR0\Partition2
20:24:28.0382 4228 ============================================================
20:24:28.0382 4228 Initialize success
20:24:28.0382 4228 ============================================================
20:24:31.0431 2116 ============================================================
20:24:31.0431 2116 Scan started
20:24:31.0431 2116 Mode: Manual;
20:24:31.0431 2116 ============================================================
20:24:34.0131 2116 ================ Scan system memory ========================
20:24:34.0131 2116 System memory - ok
20:24:34.0131 2116 ================ Scan services =============================
20:24:34.0381 2116 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:24:34.0381 2116 !SASCORE - ok
20:24:34.0521 2116 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:24:34.0561 2116 1394ohci - ok
20:24:34.0611 2116 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:24:34.0611 2116 ACPI - ok
20:24:34.0651 2116 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:24:34.0661 2116 AcpiPmi - ok
20:24:34.0841 2116 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:24:34.0851 2116 AdobeFlashPlayerUpdateSvc - ok
20:24:34.0881 2116 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:34.0901 2116 adp94xx - ok
20:24:34.0921 2116 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:24:34.0921 2116 adpahci - ok
20:24:34.0971 2116 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:24:34.0991 2116 adpu320 - ok
20:24:35.0061 2116 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:24:35.0071 2116 AeLookupSvc - ok
20:24:35.0221 2116 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
20:24:35.0241 2116 AFD - ok
20:24:35.0261 2116 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:24:35.0261 2116 agp440 - ok
20:24:35.0291 2116 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:24:35.0291 2116 ALG - ok
20:24:35.0311 2116 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:24:35.0311 2116 aliide - ok
20:24:35.0321 2116 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:24:35.0321 2116 amdide - ok
20:24:35.0341 2116 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:24:35.0341 2116 AmdK8 - ok
20:24:35.0361 2116 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:24:35.0361 2116 AmdPPM - ok
20:24:35.0381 2116 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
20:24:35.0381 2116 amdsata - ok
20:24:35.0411 2116 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:35.0411 2116 amdsbs - ok
20:24:35.0431 2116 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
20:24:35.0451 2116 amdxata - ok
20:24:35.0471 2116 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:24:35.0471 2116 AppID - ok
20:24:35.0491 2116 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:24:35.0491 2116 AppIDSvc - ok
20:24:35.0521 2116 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
20:24:35.0521 2116 Appinfo - ok
20:24:35.0621 2116 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:24:35.0621 2116 Apple Mobile Device - ok
20:24:35.0661 2116 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:24:35.0661 2116 AppMgmt - ok
20:24:35.0681 2116 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:24:35.0681 2116 arc - ok
20:24:35.0701 2116 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:24:35.0701 2116 arcsas - ok
20:24:35.0721 2116 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:35.0721 2116 AsyncMac - ok
20:24:35.0731 2116 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:24:35.0731 2116 atapi - ok
20:24:35.0921 2116 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:24:35.0971 2116 atikmdag - ok
20:24:36.0111 2116 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:24:36.0121 2116 AudioEndpointBuilder - ok
20:24:36.0131 2116 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:24:36.0131 2116 AudioSrv - ok
20:24:36.0151 2116 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:24:36.0161 2116 AxInstSV - ok
20:24:36.0181 2116 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:24:36.0181 2116 b06bdrv - ok
20:24:36.0201 2116 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:24:36.0201 2116 b57nd60a - ok
20:24:36.0221 2116 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:24:36.0231 2116 BDESVC - ok
20:24:36.0241 2116 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:24:36.0241 2116 Beep - ok
20:24:36.0271 2116 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
20:24:36.0281 2116 BFE - ok
20:24:36.0401 2116 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
20:24:36.0421 2116 BITS - ok
20:24:36.0441 2116 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:36.0441 2116 blbdrive - ok
20:24:36.0501 2116 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:24:36.0501 2116 Bonjour Service - ok
20:24:36.0531 2116 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:24:36.0531 2116 bowser - ok
20:24:36.0541 2116 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:36.0541 2116 BrFiltLo - ok
20:24:36.0551 2116 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:36.0551 2116 BrFiltUp - ok
20:24:36.0561 2116 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:24:36.0561 2116 BridgeMP - ok
20:24:36.0581 2116 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
20:24:36.0581 2116 Browser - ok
20:24:36.0601 2116 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:24:36.0601 2116 Brserid - ok
20:24:36.0631 2116 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:36.0631 2116 BrSerWdm - ok
20:24:36.0651 2116 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:36.0651 2116 BrUsbMdm - ok
20:24:36.0651 2116 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:36.0651 2116 BrUsbSer - ok
20:24:36.0671 2116 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:36.0671 2116 BTHMODEM - ok
20:24:36.0691 2116 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:24:36.0691 2116 bthserv - ok
20:24:36.0701 2116 catchme - ok
20:24:36.0711 2116 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:24:36.0711 2116 cdfs - ok
20:24:36.0731 2116 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:24:36.0731 2116 cdrom - ok
20:24:36.0761 2116 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
20:24:36.0761 2116 CertPropSvc - ok
20:24:36.0781 2116 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:24:36.0781 2116 circlass - ok
20:24:36.0801 2116 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:24:36.0811 2116 CLFS - ok
20:24:36.0861 2116 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:36.0871 2116 clr_optimization_v2.0.50727_32 - ok
20:24:36.0921 2116 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:24:36.0921 2116 clr_optimization_v2.0.50727_64 - ok
20:24:36.0931 2116 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:36.0931 2116 CmBatt - ok
20:24:36.0941 2116 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:24:36.0941 2116 cmdide - ok
20:24:36.0971 2116 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
20:24:36.0991 2116 CNG - ok
20:24:37.0011 2116 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:24:37.0031 2116 Compbatt - ok
20:24:37.0061 2116 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:24:37.0061 2116 CompositeBus - ok
20:24:37.0071 2116 COMSysApp - ok
20:24:37.0091 2116 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
20:24:37.0091 2116 cpuz134 - ok
20:24:37.0101 2116 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:37.0101 2116 crcdisk - ok
20:24:37.0151 2116 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:24:37.0151 2116 CryptSvc - ok
20:24:37.0181 2116 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
20:24:37.0181 2116 CSC - ok
20:24:37.0211 2116 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
20:24:37.0221 2116 CscService - ok
20:24:37.0261 2116 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:24:37.0261 2116 DcomLaunch - ok
20:24:37.0311 2116 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:24:37.0311 2116 defragsvc - ok
20:24:37.0331 2116 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:24:37.0331 2116 DfsC - ok
20:24:37.0371 2116 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
20:24:37.0371 2116 Dhcp - ok
20:24:37.0381 2116 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:24:37.0381 2116 discache - ok
20:24:37.0411 2116 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:24:37.0421 2116 Disk - ok
20:24:37.0431 2116 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:24:37.0431 2116 Dnscache - ok
20:24:37.0451 2116 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
20:24:37.0461 2116 dot3svc - ok
20:24:37.0471 2116 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
20:24:37.0471 2116 DPS - ok
20:24:37.0501 2116 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:24:37.0501 2116 drmkaud - ok
20:24:37.0541 2116 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:24:37.0551 2116 DXGKrnl - ok
20:24:37.0571 2116 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:24:37.0571 2116 EapHost - ok
20:24:37.0651 2116 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:24:37.0681 2116 ebdrv - ok
20:24:37.0741 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
20:24:37.0751 2116 EFS - ok
20:24:37.0801 2116 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:24:37.0811 2116 ehRecvr - ok
20:24:37.0821 2116 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:24:37.0821 2116 ehSched - ok
20:24:37.0861 2116 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:24:37.0871 2116 elxstor - ok
20:24:38.0031 2116 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
20:24:38.0061 2116 EPSON_EB_RPCV4_01 - ok
20:24:38.0091 2116 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
20:24:38.0091 2116 EPSON_PM_RPCV4_01 - ok
20:24:38.0101 2116 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:24:38.0101 2116 ErrDev - ok
20:24:38.0121 2116 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:24:38.0131 2116 EventSystem - ok
20:24:38.0151 2116 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:24:38.0161 2116 exfat - ok
20:24:38.0171 2116 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:24:38.0171 2116 fastfat - ok
20:24:38.0211 2116 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
20:24:38.0221 2116 Fax - ok
20:24:38.0231 2116 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:24:38.0231 2116 fdc - ok
20:24:38.0231 2116 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:24:38.0231 2116 fdPHost - ok
20:24:38.0241 2116 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:24:38.0241 2116 FDResPub - ok
20:24:38.0251 2116 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:24:38.0251 2116 FileInfo - ok
20:24:38.0261 2116 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:24:38.0261 2116 Filetrace - ok
20:24:38.0321 2116 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:24:38.0331 2116 FLEXnet Licensing Service - ok
20:24:38.0341 2116 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:38.0341 2116 flpydisk - ok
20:24:38.0351 2116 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:24:38.0351 2116 FltMgr - ok
20:24:38.0381 2116 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
20:24:38.0391 2116 FontCache - ok
20:24:38.0431 2116 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:38.0441 2116 FontCache3.0.0.0 - ok
20:24:38.0461 2116 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:24:38.0471 2116 FsDepends - ok
20:24:38.0481 2116 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:24:38.0481 2116 Fs_Rec - ok
20:24:38.0501 2116 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:24:38.0501 2116 fvevol - ok
20:24:38.0521 2116 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:38.0521 2116 gagp30kx - ok
20:24:38.0531 2116 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:38.0531 2116 GEARAspiWDM - ok
20:24:38.0571 2116 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
20:24:38.0581 2116 gpsvc - ok
20:24:38.0591 2116 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:24:38.0591 2116 hcw85cir - ok
20:24:38.0621 2116 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:24:38.0631 2116 HdAudAddService - ok
20:24:38.0641 2116 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:38.0641 2116 HDAudBus - ok
20:24:38.0651 2116 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:38.0651 2116 HidBatt - ok
20:24:38.0661 2116 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:24:38.0661 2116 HidBth - ok
20:24:38.0681 2116 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:24:38.0681 2116 HidIr - ok
20:24:38.0691 2116 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:24:38.0691 2116 hidserv - ok
20:24:38.0711 2116 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:24:38.0711 2116 HidUsb - ok
20:24:38.0731 2116 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:24:38.0741 2116 hkmsvc - ok
20:24:38.0751 2116 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:24:38.0761 2116 HomeGroupListener - ok
20:24:38.0791 2116 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:24:38.0791 2116 HomeGroupProvider - ok
20:24:38.0811 2116 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:24:38.0811 2116 HpSAMD - ok
20:24:38.0841 2116 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:24:38.0851 2116 HTTP - ok
20:24:38.0871 2116 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:24:38.0871 2116 hwpolicy - ok
20:24:38.0901 2116 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:38.0911 2116 i8042prt - ok
20:24:38.0931 2116 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
20:24:38.0931 2116 iaStorV - ok
20:24:39.0021 2116 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:24:39.0031 2116 IDriverT - ok
20:24:39.0171 2116 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:24:39.0191 2116 idsvc - ok
20:24:39.0201 2116 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:24:39.0201 2116 iirsp - ok
20:24:39.0241 2116 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
20:24:39.0251 2116 IKEEXT - ok
20:24:39.0271 2116 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:24:39.0271 2116 intelide - ok
20:24:39.0281 2116 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:24:39.0281 2116 intelppm - ok
20:24:39.0291 2116 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:24:39.0291 2116 IPBusEnum - ok
20:24:39.0301 2116 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:39.0301 2116 IpFilterDriver - ok
20:24:39.0331 2116 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:24:39.0351 2116 iphlpsvc - ok
20:24:39.0361 2116 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:24:39.0391 2116 IPMIDRV - ok
20:24:39.0411 2116 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:24:39.0411 2116 IPNAT - ok
20:24:39.0481 2116 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:24:39.0491 2116 iPod Service - ok
20:24:39.0501 2116 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:24:39.0501 2116 IRENUM - ok
20:24:39.0511 2116 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:24:39.0511 2116 isapnp - ok
20:24:39.0531 2116 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:39.0531 2116 iScsiPrt - ok
20:24:39.0551 2116 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:39.0551 2116 kbdclass - ok
20:24:39.0571 2116 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:39.0571 2116 kbdhid - ok
20:24:39.0581 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
20:24:39.0581 2116 KeyIso - ok
20:24:39.0591 2116 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:24:39.0591 2116 KSecDD - ok
20:24:39.0611 2116 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:24:39.0611 2116 KSecPkg - ok
20:24:39.0631 2116 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:24:39.0631 2116 ksthunk - ok
20:24:39.0651 2116 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:24:39.0651 2116 KtmRm - ok
20:24:39.0671 2116 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
20:24:39.0671 2116 L1E - ok
20:24:39.0711 2116 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:24:39.0711 2116 LanmanServer - ok
20:24:39.0741 2116 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:24:39.0741 2116 LanmanWorkstation - ok
20:24:39.0771 2116 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:24:39.0771 2116 lltdio - ok
20:24:39.0791 2116 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:24:39.0791 2116 lltdsvc - ok
20:24:39.0811 2116 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:24:39.0811 2116 lmhosts - ok
20:24:39.0841 2116 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:39.0841 2116 LSI_FC - ok
20:24:39.0851 2116 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:39.0861 2116 LSI_SAS - ok
20:24:39.0861 2116 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:39.0861 2116 LSI_SAS2 - ok
20:24:39.0871 2116 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:39.0871 2116 LSI_SCSI - ok
20:24:39.0891 2116 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:24:39.0891 2116 luafv - ok
20:24:39.0921 2116 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:24:39.0921 2116 MBAMProtector - ok
20:24:39.0971 2116 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:24:39.0971 2116 MBAMScheduler - ok
20:24:40.0001 2116 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:24:40.0011 2116 MBAMService - ok
20:24:40.0031 2116 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:24:40.0031 2116 Mcx2Svc - ok
20:24:40.0041 2116 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:24:40.0041 2116 megasas - ok
20:24:40.0061 2116 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:40.0061 2116 MegaSR - ok
20:24:40.0301 2116 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:24:40.0311 2116 Microsoft Office Groove Audit Service - ok
20:24:40.0351 2116 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:24:40.0351 2116 MMCSS - ok
20:24:40.0381 2116 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:24:40.0381 2116 Modem - ok
20:24:40.0411 2116 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:24:40.0411 2116 monitor - ok
20:24:40.0431 2116 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:24:40.0431 2116 mouclass - ok
20:24:40.0441 2116 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:24:40.0451 2116 mouhid - ok
20:24:40.0461 2116 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:24:40.0461 2116 mountmgr - ok
20:24:40.0491 2116 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:40.0491 2116 MozillaMaintenance - ok
20:24:40.0511 2116 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:24:40.0511 2116 mpio - ok
20:24:40.0531 2116 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:24:40.0541 2116 mpsdrv - ok
20:24:40.0561 2116 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:24:40.0571 2116 MpsSvc - ok
20:24:40.0591 2116 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
20:24:40.0591 2116 MQAC - ok
20:24:40.0631 2116 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:24:40.0631 2116 MRxDAV - ok
20:24:40.0651 2116 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:40.0651 2116 mrxsmb - ok
20:24:40.0681 2116 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:40.0691 2116 mrxsmb10 - ok
20:24:40.0711 2116 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:40.0711 2116 mrxsmb20 - ok
20:24:40.0731 2116 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:24:40.0731 2116 msahci - ok
20:24:40.0741 2116 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

20:24:40.0751 2116 msdsm - ok
20:24:40.0761 2116 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:24:40.0761 2116 MSDTC - ok
20:24:40.0801 2116 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:24:40.0811 2116 Msfs - ok
20:24:40.0831 2116 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:24:40.0831 2116 mshidkmdf - ok
20:24:40.0841 2116 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:24:40.0841 2116 msisadrv - ok
20:24:40.0861 2116 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:24:40.0861 2116 MSiSCSI - ok
20:24:40.0861 2116 msiserver - ok
20:24:40.0891 2116 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:24:40.0891 2116 MSKSSRV - ok
20:24:40.0921 2116 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
20:24:40.0921 2116 MSMQ - ok
20:24:40.0931 2116 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:40.0931 2116 MSPCLOCK - ok
20:24:40.0931 2116 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:24:40.0931 2116 MSPQM - ok
20:24:40.0961 2116 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:24:40.0961 2116 MsRPC - ok
20:24:40.0981 2116 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:40.0981 2116 mssmbios - ok
20:24:41.0041 2116 MSSQL$SOPHOS - ok
20:24:41.0141 2116 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:24:41.0161 2116 MSSQLServerADHelper100 - ok
20:24:41.0161 2116 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:24:41.0171 2116 MSTEE - ok
20:24:41.0181 2116 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:41.0181 2116 MTConfig - ok
20:24:41.0201 2116 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:24:41.0211 2116 Mup - ok
20:24:41.0271 2116 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
20:24:41.0281 2116 napagent - ok
20:24:41.0321 2116 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:24:41.0321 2116 NativeWifiP - ok
20:24:41.0361 2116 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:24:41.0371 2116 NDIS - ok
20:24:41.0381 2116 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:41.0381 2116 NdisCap - ok
20:24:41.0411 2116 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:41.0411 2116 NdisTapi - ok
20:24:41.0431 2116 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:41.0431 2116 Ndisuio - ok
20:24:41.0451 2116 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:41.0451 2116 NdisWan - ok
20:24:41.0461 2116 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:24:41.0471 2116 NDProxy - ok
20:24:41.0481 2116 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:24:41.0481 2116 NetBIOS - ok
20:24:41.0491 2116 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:24:41.0491 2116 NetBT - ok
20:24:41.0501 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
20:24:41.0501 2116 Netlogon - ok
20:24:41.0571 2116 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:24:41.0581 2116 Netman - ok
20:24:41.0591 2116 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:24:41.0601 2116 netprofm - ok
20:24:41.0611 2116 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:24:41.0611 2116 NetTcpPortSharing - ok
20:24:41.0621 2116 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:41.0621 2116 nfrd960 - ok
20:24:41.0631 2116 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:24:41.0641 2116 NlaSvc - ok
20:24:41.0651 2116 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:24:41.0651 2116 Npfs - ok
20:24:41.0671 2116 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:24:41.0671 2116 nsi - ok
20:24:41.0681 2116 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:24:41.0681 2116 nsiproxy - ok
20:24:41.0721 2116 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:24:41.0741 2116 Ntfs - ok
20:24:41.0751 2116 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:24:41.0751 2116 Null - ok
20:24:41.0791 2116 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
20:24:41.0791 2116 nvraid - ok
20:24:41.0811 2116 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
20:24:41.0811 2116 nvstor - ok
20:24:41.0821 2116 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:24:41.0821 2116 nv_agp - ok
20:24:41.0901 2116 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:24:41.0911 2116 odserv - ok
20:24:41.0921 2116 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:24:41.0931 2116 ohci1394 - ok
20:24:41.0951 2116 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:41.0951 2116 ose - ok
20:24:41.0981 2116 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:24:41.0981 2116 p2pimsvc - ok
20:24:42.0001 2116 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:24:42.0001 2116 p2psvc - ok
20:24:42.0011 2116 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:24:42.0011 2116 Parport - ok
20:24:42.0041 2116 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:24:42.0041 2116 partmgr - ok
20:24:42.0051 2116 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:24:42.0061 2116 PcaSvc - ok
20:24:42.0071 2116 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
20:24:42.0071 2116 pci - ok
20:24:42.0081 2116 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:24:42.0091 2116 pciide - ok
20:24:42.0131 2116 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:42.0131 2116 pcmcia - ok
20:24:42.0151 2116 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:24:42.0151 2116 pcw - ok
20:24:42.0171 2116 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:24:42.0171 2116 PEAUTH - ok
20:24:42.0211 2116 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:24:42.0231 2116 PeerDistSvc - ok
20:24:42.0291 2116 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:24:42.0301 2116 PerfHost - ok
20:24:42.0341 2116 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
20:24:42.0361 2116 pla - ok
20:24:42.0421 2116 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:24:42.0421 2116 PlugPlay - ok
20:24:42.0441 2116 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:24:42.0441 2116 PNRPAutoReg - ok
20:24:42.0451 2116 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:24:42.0451 2116 PNRPsvc - ok
20:24:42.0511 2116 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:24:42.0521 2116 PolicyAgent - ok
20:24:42.0641 2116 postgresql-8.4 - ok
20:24:42.0661 2116 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:24:42.0661 2116 Power - ok
20:24:42.0681 2116 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:24:42.0691 2116 PptpMiniport - ok
20:24:42.0701 2116 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:24:42.0701 2116 Processor - ok
20:24:42.0711 2116 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
20:24:42.0711 2116 ProfSvc - ok
20:24:42.0731 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:24:42.0731 2116 ProtectedStorage - ok
20:24:42.0751 2116 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:24:42.0751 2116 Psched - ok
20:24:42.0801 2116 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:24:42.0821 2116 ql2300 - ok
20:24:42.0831 2116 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:42.0841 2116 ql40xx - ok
20:24:42.0841 2116 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:24:42.0851 2116 QWAVE - ok
20:24:42.0861 2116 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:24:42.0861 2116 QWAVEdrv - ok
20:24:42.0881 2116 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:24:42.0881 2116 RasAcd - ok
20:24:42.0901 2116 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:42.0901 2116 RasAgileVpn - ok
20:24:42.0911 2116 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:24:42.0921 2116 RasAuto - ok
20:24:42.0941 2116 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:42.0941 2116 Rasl2tp - ok
20:24:42.0951 2116 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
20:24:42.0961 2116 RasMan - ok
20:24:42.0971 2116 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:42.0971 2116 RasPppoe - ok
20:24:43.0011 2116 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:24:43.0021 2116 RasSstp - ok
20:24:43.0031 2116 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:24:43.0041 2116 rdbss - ok
20:24:43.0051 2116 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:43.0051 2116 rdpbus - ok
20:24:43.0061 2116 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:43.0061 2116 RDPCDD - ok
20:24:43.0081 2116 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:24:43.0081 2116 RDPDR - ok
20:24:43.0101 2116 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:24:43.0101 2116 RDPENCDD - ok
20:24:43.0111 2116 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:24:43.0111 2116 RDPREFMP - ok
20:24:43.0171 2116 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:24:43.0181 2116 RDPWD - ok
20:24:43.0211 2116 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:24:43.0221 2116 rdyboost - ok
20:24:43.0271 2116 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
20:24:43.0271 2116 Realtek11nSU - ok
20:24:43.0301 2116 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:24:43.0301 2116 RemoteAccess - ok
20:24:43.0321 2116 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:24:43.0321 2116 RemoteRegistry - ok
20:24:43.0341 2116 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:24:43.0341 2116 RpcEptMapper - ok
20:24:43.0371 2116 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:24:43.0371 2116 RpcLocator - ok
20:24:43.0391 2116 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
20:24:43.0401 2116 RpcSs - ok
20:24:43.0431 2116 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
20:24:43.0441 2116 RsFx0103 - ok
20:24:43.0451 2116 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:24:43.0451 2116 rspndr - ok
20:24:43.0491 2116 [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
20:24:43.0501 2116 RTL8192su - ok
20:24:43.0531 2116 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
20:24:43.0531 2116 s3cap - ok
20:24:43.0541 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
20:24:43.0541 2116 SamSs - ok
20:24:43.0591 2116 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:24:43.0591 2116 SASDIFSV - ok
20:24:43.0631 2116 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:24:43.0631 2116 SASKUTIL - ok
20:24:43.0641 2116 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:24:43.0641 2116 sbp2port - ok
20:24:43.0671 2116 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:24:43.0671 2116 SCardSvr - ok
20:24:43.0701 2116 [ 4B12E2E559641B0F26474BBC6D7CFAFF ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
20:24:43.0701 2116 SCDEmu - ok
20:24:43.0711 2116 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:24:43.0711 2116 scfilter - ok
20:24:43.0751 2116 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
20:24:43.0771 2116 Schedule - ok
20:24:43.0801 2116 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:24:43.0811 2116 SCPolicySvc - ok
20:24:43.0821 2116 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:24:43.0821 2116 SDRSVC - ok
20:24:43.0831 2116 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:24:43.0831 2116 secdrv - ok
20:24:43.0851 2116 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
20:24:43.0851 2116 seclogon - ok
20:24:43.0861 2116 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:24:43.0861 2116 SENS - ok
20:24:43.0871 2116 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:24:43.0871 2116 SensrSvc - ok
20:24:43.0891 2116 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:24:43.0891 2116 Serenum - ok
20:24:43.0891 2116 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:24:43.0901 2116 Serial - ok
20:24:43.0911 2116 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:24:43.0911 2116 sermouse - ok
20:24:43.0951 2116 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
20:24:43.0951 2116 SessionEnv - ok
20:24:43.0971 2116 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:24:43.0971 2116 sffdisk - ok
20:24:43.0981 2116 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:24:43.0981 2116 sffp_mmc - ok
20:24:43.0991 2116 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:24:43.0991 2116 sffp_sd - ok
20:24:44.0001 2116 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:44.0001 2116 sfloppy - ok
20:24:44.0061 2116 [ 41264E06A5CB8FF21D4D2FC59CFEE8EC ] SGNBusinessLogicService C:\Program Files (x86)\Sophos\Encryption\BLService.exe
20:24:44.0061 2116 SGNBusinessLogicService - ok
20:24:44.0071 2116 SGN_LogSystem - ok
20:24:44.0111 2116 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:24:44.0111 2116 SharedAccess - ok
20:24:44.0161 2116 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:24:44.0171 2116 ShellHWDetection - ok
20:24:44.0181 2116 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:44.0191 2116 SiSRaid2 - ok
20:24:44.0201 2116 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:44.0201 2116 SiSRaid4 - ok
20:24:44.0221 2116 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:24:44.0231 2116 Smb - ok
20:24:44.0241 2116 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:24:44.0241 2116 SNMPTRAP - ok
20:24:44.0291 2116 [ 1DD15CBAE4AA7B2F5166D0C2700AEF94 ] Sophos Agent C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
20:24:44.0301 2116 Sophos Agent - ok
20:24:44.0311 2116 [ F55A42C8A2FA52B2EFAB477C015AD24E ] Sophos Certification Manager C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
20:24:44.0321 2116 Sophos Certification Manager - ok
20:24:44.0441 2116 [ AB6E2BF3AD49DDB152A53201DFF42483 ] Sophos Management Service C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
20:24:44.0521 2116 Sophos Management Service - ok
20:24:44.0621 2116 [ 65F816D7534D25623DA909911FF7E7D8 ] Sophos Message Router C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
20:24:44.0631 2116 Sophos Message Router - ok
20:24:44.0741 2116 [ 1BE9D02F57AB179C2FB900E3B3938F41 ] SophosManagementHostService C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe
20:24:44.0741 2116 SophosManagementHostService - ok
20:24:44.0761 2116 [ D0BC85E0D204E42EE54867A8E6EFE7A6 ] SophosPatchEndpointCommunicator C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe
20:24:44.0761 2116 SophosPatchEndpointCommunicator - ok
20:24:44.0781 2116 [ AA87E68657D0AD06C5922A01D01B47FB ] SophosPatchOrchestratorService C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe
20:24:44.0791 2116 SophosPatchOrchestratorService - ok
20:24:44.0811 2116 [ C5816593AC80CA028EBD8A481E70B8DB ] SophosPatchServerCommunicator C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe
20:24:44.0811 2116 SophosPatchServerCommunicator - ok
20:24:44.0821 2116 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:24:44.0821 2116 spldr - ok
20:24:44.0851 2116 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
20:24:44.0851 2116 Spooler - ok
20:24:44.0921 2116 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
20:24:44.0951 2116 sppsvc - ok
20:24:44.0991 2116 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:24:44.0991 2116 sppuinotify - ok
20:24:45.0051 2116 [ A5609D0178B2FEC118A7F4A24ECD1BFB ] SQLAgent$SOPHOS c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE
20:24:45.0061 2116 SQLAgent$SOPHOS - ok
20:24:45.0111 2116 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:24:45.0111 2116 SQLBrowser - ok
20:24:45.0171 2116 [ C298D989D717CB153702E397B6D9AAAD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:24:45.0171 2116 SQLWriter - ok
20:24:45.0211 2116 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:24:45.0211 2116 srv - ok
20:24:45.0231 2116 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:24:45.0231 2116 srv2 - ok
20:24:45.0251 2116 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:24:45.0251 2116 srvnet - ok
20:24:45.0271 2116 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:24:45.0271 2116 SSDPSRV - ok
20:24:45.0281 2116 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:24:45.0281 2116 SstpSvc - ok
20:24:45.0311 2116 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:24:45.0321 2116 stexstor - ok
20:24:45.0351 2116 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
20:24:45.0351 2116 stisvc - ok
20:24:45.0361 2116 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
20:24:45.0361 2116 storflt - ok
20:24:45.0371 2116 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
20:24:45.0371 2116 storvsc - ok
20:24:45.0391 2116 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:24:45.0391 2116 swenum - ok
20:24:45.0401 2116 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:24:45.0411 2116 swprv - ok
20:24:45.0451 2116 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
20:24:45.0471 2116 SysMain - ok
20:24:45.0481 2116 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:24:45.0481 2116 TabletInputService - ok
20:24:45.0501 2116 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:24:45.0511 2116 TapiSrv - ok
20:24:45.0521 2116 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:24:45.0521 2116 TBS - ok
20:24:45.0571 2116 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:24:45.0591 2116 Tcpip - ok
20:24:45.0621 2116 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:24:45.0631 2116 TCPIP6 - ok
20:24:45.0661 2116 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:24:45.0661 2116 tcpipreg - ok
20:24:45.0671 2116 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:24:45.0671 2116 TDPIPE - ok
20:24:45.0701 2116 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:24:45.0701 2116 TDTCP - ok
20:24:45.0711 2116 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:24:45.0721 2116 tdx - ok
20:24:45.0731 2116 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:24:45.0731 2116 TermDD - ok
20:24:45.0751 2116 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
20:24:45.0761 2116 TermService - ok
20:24:45.0771 2116 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:24:45.0771 2116 Themes - ok
20:24:45.0801 2116 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:24:45.0801 2116 THREADORDER - ok
20:24:45.0811 2116 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:24:45.0821 2116 TrkWks - ok
20:24:45.0881 2116 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:24:45.0881 2116 TrustedInstaller - ok
20:24:45.0881 2116 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:45.0891 2116 tssecsrv - ok
20:24:45.0901 2116 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:24:45.0901 2116 tunnel - ok
20:24:45.0921 2116 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:24:45.0921 2116 uagp35 - ok
20:24:45.0941 2116 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:24:45.0941 2116 udfs - ok
20:24:45.0961 2116 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:24:45.0961 2116 UI0Detect - ok
20:24:45.0981 2116 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:24:45.0981 2116 uliagpkx - ok
20:24:45.0991 2116 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:24:45.0991 2116 umbus - ok
20:24:46.0001 2116 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:24:46.0001 2116 UmPass - ok
20:24:46.0021 2116 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
20:24:46.0031 2116 UmRdpService - ok
20:24:46.0041 2116 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:24:46.0051 2116 upnphost - ok
20:24:46.0071 2116 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:24:46.0071 2116 USBAAPL64 - ok
20:24:46.0111 2116 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:24:46.0111 2116 usbaudio - ok
20:24:46.0121 2116 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:46.0121 2116 usbccgp - ok
20:24:46.0141 2116 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:24:46.0141 2116 usbcir - ok
20:24:46.0151 2116 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:24:46.0161 2116 usbehci - ok
20:24:46.0201 2116 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:24:46.0201 2116 usbhub - ok
20:24:46.0211 2116 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:24:46.0211 2116 usbohci - ok
20:24:46.0221 2116 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:24:46.0221 2116 usbprint - ok
20:24:46.0241 2116 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:24:46.0241 2116 usbscan - ok
20:24:46.0251 2116 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:46.0251 2116 USBSTOR - ok
20:24:46.0271 2116 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:24:46.0271 2116 usbuhci - ok
20:24:46.0301 2116 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:24:46.0301 2116 UxSms - ok
20:24:46.0311 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
20:24:46.0311 2116 VaultSvc - ok
20:24:46.0331 2116 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:24:46.0331 2116 vdrvroot - ok
20:24:46.0361 2116 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
20:24:46.0371 2116 vds - ok
20:24:46.0381 2116 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:46.0391 2116 vga - ok
20:24:46.0411 2116 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:24:46.0411 2116 VgaSave - ok
20:24:46.0421 2116 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:24:46.0431 2116 vhdmp - ok
20:24:46.0441 2116 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:24:46.0441 2116 viaide - ok
20:24:46.0461 2116 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
20:24:46.0461 2116 vmbus - ok
20:24:46.0471 2116 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
20:24:46.0471 2116 VMBusHID - ok
20:24:46.0491 2116 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:24:46.0491 2116 volmgr - ok
20:24:46.0511 2116 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:24:46.0511 2116 volmgrx - ok
20:24:46.0531 2116 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:24:46.0531 2116 volsnap - ok
20:24:46.0551 2116 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:46.0551 2116 vsmraid - ok
20:24:46.0581 2116 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
20:24:46.0611 2116 VSS - ok
20:24:46.0621 2116 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:46.0621 2116 vwifibus - ok
20:24:46.0631 2116 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:46.0631 2116 vwififlt - ok
20:24:46.0651 2116 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:24:46.0651 2116 W32Time - ok
20:24:46.0671 2116 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:24:46.0681 2116 WacomPen - ok
20:24:46.0731 2116 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:24:46.0731 2116 WANARP - ok
20:24:46.0741 2116 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:24:46.0741 2116 Wanarpv6 - ok
20:24:46.0771 2116 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
20:24:46.0791 2116 wbengine - ok
20:24:46.0811 2116 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:24:46.0811 2116 WbioSrvc - ok
20:24:46.0831 2116 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:24:46.0831 2116 wcncsvc - ok
20:24:46.0871 2116 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:24:46.0871 2116 WcsPlugInService - ok
20:24:46.0891 2116 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:24:46.0891 2116 Wd - ok
20:24:46.0911 2116 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:24:46.0921 2116 Wdf01000 - ok
20:24:46.0951 2116 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:24:46.0951 2116 WdiServiceHost - ok
20:24:46.0951 2116 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:24:46.0961 2116 WdiSystemHost - ok
20:24:46.0981 2116 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
20:24:46.0991 2116 WebClient - ok
20:24:47.0011 2116 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:24:47.0021 2116 Wecsvc - ok
20:24:47.0041 2116 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:24:47.0041 2116 wercplsupport - ok
20:24:47.0061 2116 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:24:47.0071 2116 WerSvc - ok
20:24:47.0081 2116 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:47.0081 2116 WfpLwf - ok
20:24:47.0091 2116 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:24:47.0101 2116 WIMMount - ok
20:24:47.0111 2116 WinDefend - ok
20:24:47.0121 2116 WinHttpAutoProxySvc - ok
20:24:47.0161 2116 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:24:47.0171 2116 Winmgmt - ok
20:24:47.0241 2116 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
20:24:47.0271 2116 WinRM - ok
20:24:47.0301 2116 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:24:47.0301 2116 WinUsb - ok
20:24:47.0331 2116 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:24:47.0341 2116 Wlansvc - ok
20:24:47.0341 2116 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:24:47.0341 2116 WmiAcpi - ok
20:24:47.0371 2116 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:24:47.0371 2116 wmiApSrv - ok
20:24:47.0381 2116 WMPNetworkSvc - ok
20:24:47.0391 2116 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:24:47.0391 2116 WPCSvc - ok
20:24:47.0401 2116 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:24:47.0401 2116 WPDBusEnum - ok
20:24:47.0411 2116 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:24:47.0411 2116 ws2ifsl - ok
20:24:47.0451 2116 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:24:47.0451 2116 wscsvc - ok
20:24:47.0461 2116 WSearch - ok
20:24:47.0601 2116 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:24:47.0631 2116 wuauserv - ok
20:24:47.0651 2116 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:24:47.0651 2116 WudfPf - ok
20:24:47.0681 2116 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:47.0681 2116 WUDFRd - ok
20:24:47.0691 2116 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:24:47.0691 2116 wudfsvc - ok
20:24:47.0711 2116 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:24:47.0711 2116 WwanSvc - ok
20:24:47.0741 2116 ================ Scan global ===============================
20:24:47.0761 2116 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:24:47.0801 2116 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:24:47.0811 2116 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:24:47.0821 2116 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:24:47.0851 2116 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:24:47.0851 2116 [Global] - ok
20:24:47.0851 2116 ================ Scan MBR ==================================
20:24:47.0891 2116 [ 0F84F2562620C40D8A3E1908C8075675 ] \Device\Harddisk0\DR0
20:24:47.0891 2116 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:24:47.0951 2116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:24:47.0951 2116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:24:47.0951 2116 ================ Scan VBR ==================================
20:24:47.0951 2116 [ B500B05005FFF3872CC13A7D176C531B ] \Device\Harddisk0\DR0\Partition1
20:24:47.0971 2116 \Device\Harddisk0\DR0\Partition1 - ok
20:24:47.0991 2116 [ 359DFC2FEAD303787C79170B040CE9DD ] \Device\Harddisk0\DR0\Partition2
20:24:48.0011 2116 \Device\Harddisk0\DR0\Partition2 - ok
20:24:48.0011 2116 [ 1DCD00F7961C9059EFBD44E74902AD78 ] \Device\Harddisk0\DR0\Partition3
20:24:48.0011 2116 \Device\Harddisk0\DR0\Partition3 - ok
20:24:48.0011 2116 ============================================================
20:24:48.0011 2116 Scan finished
20:24:48.0011 2116 ============================================================
20:24:48.0021 4660 Detected object count: 1
20:24:48.0021 4660 Actual detected object count: 1
20:24:51.0861 4660 \Device\Harddisk0\DR0\# - copied to quarantine
20:24:51.0861 4660 \Device\Harddisk0\DR0 - copied to quarantine
20:24:51.0881 4660 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:24:51.0891 4660 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:24:51.0901 4660 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:24:51.0901 4660 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:24:51.0981 4660 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:24:52.0201 4660 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:24:52.0201 4660 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:24:52.0211 4660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:24:52.0211 4660 \Device\Harddisk0\DR0 - ok
20:24:57.0761 4660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:25:07.0181 6440 Deinitialize success

20:26:44.0619 2152 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:26:46.0619 2152 ============================================================
20:26:46.0619 2152 Current date / time: 2012/10/09 20:26:46.0619
20:26:46.0619 2152 SystemInfo:
20:26:46.0619 2152
20:26:46.0619 2152 OS Version: 6.1.7600 ServicePack: 0.0
20:26:46.0619 2152 Product type: Workstation
20:26:46.0619 2152 ComputerName: LINDSAY-PC
20:26:46.0619 2152 UserName: Admin
20:26:46.0619 2152 Windows directory: C:\Windows
20:26:46.0619 2152 System windows directory: C:\Windows
20:26:46.0619 2152 Running under WOW64
20:26:46.0619 2152 Processor architecture: Intel x64
20:26:46.0619 2152 Number of processors: 4
20:26:46.0619 2152 Page size: 0x1000
20:26:46.0619 2152 Boot type: Normal boot
20:26:46.0619 2152 ============================================================
20:26:48.0851 2152 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:26:48.0851 2152 ============================================================
20:26:48.0851 2152 \Device\Harddisk0\DR0:
20:26:48.0851 2152 MBR partitions:
20:26:48.0851 2152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:26:48.0851 2152 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
20:26:48.0851 2152 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
20:26:48.0851 2152 ============================================================
20:26:48.0898 2152 C: <-> \Device\Harddisk0\DR0\Partition3
20:26:49.0007 2152 D: <-> \Device\Harddisk0\DR0\Partition2
20:26:49.0007 2152 ============================================================
20:26:49.0007 2152 Initialize success
20:26:49.0007 2152 ============================================================

Same ads after running tdskiller. Same error message. I never had these audio ads in the background before yesterday.

20:45:15.0000 4936 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:45:17.0012 4936 ============================================================
20:45:17.0012 4936 Current date / time: 2012/10/09 20:45:17.0012
20:45:17.0012 4936 SystemInfo:
20:45:17.0012 4936
20:45:17.0012 4936 OS Version: 6.1.7600 ServicePack: 0.0
20:45:17.0012 4936 Product type: Workstation
20:45:17.0012 4936 ComputerName: LINDSAY-PC
20:45:17.0012 4936 UserName: Admin
20:45:17.0012 4936 Windows directory: C:\Windows
20:45:17.0012 4936 System windows directory: C:\Windows
20:45:17.0012 4936 Running under WOW64
20:45:17.0012 4936 Processor architecture: Intel x64
20:45:17.0012 4936 Number of processors: 4
20:45:17.0012 4936 Page size: 0x1000
20:45:17.0012 4936 Boot type: Normal boot
20:45:17.0012 4936 ============================================================
20:45:17.0792 4936 BG loaded
20:45:17.0964 4936 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:45:17.0964 4936 ============================================================
20:45:17.0964 4936 \Device\Harddisk0\DR0:
20:45:17.0964 4936 MBR partitions:
20:45:17.0964 4936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:45:17.0964 4936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
20:45:17.0964 4936 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
20:45:17.0964 4936 ============================================================
20:45:18.0011 4936 C: <-> \Device\Harddisk0\DR0\Partition3
20:45:18.0058 4936 D: <-> \Device\Harddisk0\DR0\Partition2
20:45:18.0058 4936 ============================================================
20:45:18.0058 4936 Initialize success
20:45:18.0058 4936 ============================================================
20:46:26.0150 4872 ============================================================
20:46:26.0150 4872 Scan started
20:46:26.0150 4872 Mode: Manual;
20:46:26.0150 4872 ============================================================
20:46:27.0242 4872 ================ Scan system memory ========================
20:46:27.0242 4872 System memory - ok
20:46:27.0242 4872 ================ Scan services =============================
20:46:27.0305 4872 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:46:27.0305 4872 !SASCORE - ok
20:46:27.0445 4872 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:46:27.0445 4872 1394ohci - ok
20:46:27.0476 4872 [ F146E2BA475893DD77B2370DC1211FC6 ] 26916800 C:\Windows\system32\drivers\01598415.sys
20:46:27.0476 4872 26916800 - ok
20:46:27.0507 4872 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:46:27.0507 4872 ACPI - ok
20:46:27.0539 4872 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:46:27.0539 4872 AcpiPmi - ok
20:46:27.0648 4872 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:46:27.0648 4872 AdobeFlashPlayerUpdateSvc - ok
20:46:27.0663 4872 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:46:27.0679 4872 adp94xx - ok
20:46:27.0695 4872 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:46:27.0695 4872 adpahci - ok
20:46:27.0710 4872 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:46:27.0710 4872 adpu320 - ok
20:46:27.0726 4872 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:46:27.0741 4872 AeLookupSvc - ok
20:46:27.0773 4872 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
20:46:27.0773 4872 AFD - ok
20:46:27.0788 4872 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:46:27.0788 4872 agp440 - ok
20:46:27.0819 4872 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:46:27.0819 4872 ALG - ok
20:46:27.0819 4872 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:46:27.0819 4872 aliide - ok
20:46:27.0835 4872 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:46:27.0835 4872 amdide - ok
20:46:27.0851 4872 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:46:27.0851 4872 AmdK8 - ok
20:46:27.0882 4872 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:46:27.0882 4872 AmdPPM - ok
20:46:27.0897 4872 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
20:46:27.0897 4872 amdsata - ok
20:46:27.0913 4872 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:46:27.0913 4872 amdsbs - ok
20:46:27.0929 4872 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
20:46:27.0929 4872 amdxata - ok
20:46:27.0944 4872 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:46:27.0944 4872 AppID - ok
20:46:27.0975 4872 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:46:27.0975 4872 AppIDSvc - ok
20:46:28.0007 4872 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
20:46:28.0007 4872 Appinfo - ok
20:46:28.0100 4872 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:28.0100 4872 Apple Mobile Device - ok
20:46:28.0131 4872 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:46:28.0131 4872 AppMgmt - ok
20:46:28.0147 4872 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:46:28.0147 4872 arc - ok
20:46:28.0163 4872 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:46:28.0163 4872 arcsas - ok
20:46:28.0194 4872 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:28.0194 4872 AsyncMac - ok
20:46:28.0194 4872 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:46:28.0194 4872 atapi - ok
20:46:28.0287 4872 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:46:28.0303 4872 atikmdag - ok
20:46:28.0350 4872 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:46:28.0350 4872 AudioEndpointBuilder - ok
20:46:28.0381 4872 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:46:28.0381 4872 AudioSrv - ok
20:46:28.0428 4872 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:46:28.0428 4872 AxInstSV - ok
20:46:28.0459 4872 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:46:28.0459 4872 b06bdrv - ok
20:46:28.0475 4872 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:46:28.0475 4872 b57nd60a - ok
20:46:28.0490 4872 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:46:28.0506 4872 BDESVC - ok
20:46:28.0506 4872 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:46:28.0521 4872 Beep - ok
20:46:28.0537 4872 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
20:46:28.0553 4872 BFE - ok
20:46:28.0584 4872 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
20:46:28.0599 4872 BITS - ok
20:46:28.0631 4872 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:28.0646 4872 blbdrive - ok
20:46:28.0724 4872 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:46:28.0724 4872 Bonjour Service - ok
20:46:28.0787 4872 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:46:28.0787 4872 bowser - ok
20:46:28.0787 4872 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:46:28.0787 4872 BrFiltLo - ok
20:46:28.0802 4872 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:46:28.0802 4872 BrFiltUp - ok
20:46:28.0818 4872 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:46:28.0818 4872 BridgeMP - ok
20:46:28.0833 4872 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
20:46:28.0833 4872 Browser - ok
20:46:28.0849 4872 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:46:28.0849 4872 Brserid - ok
20:46:28.0865 4872 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:28.0865 4872 BrSerWdm - ok
20:46:28.0880 4872 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:28.0880 4872 BrUsbMdm - ok
20:46:28.0880 4872 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:28.0880 4872 BrUsbSer - ok
20:46:28.0896 4872 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:46:28.0896 4872 BTHMODEM - ok
20:46:28.0911 4872 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:46:28.0911 4872 bthserv - ok
20:46:28.0927 4872 catchme - ok
20:46:28.0958 4872 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:46:28.0958 4872 cdfs - ok
20:46:28.0989 4872 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:46:28.0989 4872 cdrom - ok
20:46:29.0005 4872 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
20:46:29.0005 4872 CertPropSvc - ok
20:46:29.0036 4872 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:46:29.0036 4872 circlass - ok
20:46:29.0052 4872 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:46:29.0052 4872 CLFS - ok
20:46:29.0114 4872 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:29.0114 4872 clr_optimization_v2.0.50727_32 - ok
20:46:29.0161 4872 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:46:29.0161 4872 clr_optimization_v2.0.50727_64 - ok
20:46:29.0177 4872 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:46:29.0177 4872 CmBatt - ok
20:46:29.0177 4872 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:46:29.0177 4872 cmdide - ok
20:46:29.0223 4872 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
20:46:29.0223 4872 CNG - ok
20:46:29.0270 4872 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:46:29.0270 4872 Compbatt - ok
20:46:29.0301 4872 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:46:29.0301 4872 CompositeBus - ok
20:46:29.0348 4872 COMSysApp - ok
20:46:29.0411 4872 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
20:46:29.0411 4872 cpuz134 - ok
20:46:29.0442 4872 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:46:29.0442 4872 crcdisk - ok
20:46:29.0551 4872 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:46:29.0551 4872 CryptSvc - ok
20:46:29.0691 4872 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
20:46:29.0691 4872 CSC - ok
20:46:29.0863 4872 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
20:46:29.0863 4872 CscService - ok
20:46:29.0988 4872 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:46:30.0003 4872 DcomLaunch - ok
20:46:30.0081 4872 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:46:30.0081 4872 defragsvc - ok
20:46:30.0097 4872 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:46:30.0097 4872 DfsC - ok
20:46:30.0144 4872 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
20:46:30.0144 4872 Dhcp - ok
20:46:30.0159 4872 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:46:30.0159 4872 discache - ok
20:46:30.0191 4872 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:46:30.0191 4872 Disk - ok
20:46:30.0206 4872 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:46:30.0206 4872 Dnscache - ok
20:46:30.0222 4872 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
20:46:30.0222 4872 dot3svc - ok
20:46:30.0269 4872 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
20:46:30.0269 4872 DPS - ok
20:46:30.0331 4872 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:46:30.0331 4872 drmkaud - ok
20:46:30.0378 4872 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:46:30.0378 4872 DXGKrnl - ok
20:46:30.0518 4872 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:46:30.0518 4872 EapHost - ok
20:46:30.0627 4872 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:46:30.0643 4872 ebdrv - ok
20:46:30.0674 4872 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
20:46:30.0674 4872 EFS - ok
20:46:30.0721 4872 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:46:30.0721 4872 ehRecvr - ok
20:46:30.0768 4872 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:46:30.0768 4872 ehSched - ok
20:46:30.0815 4872 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:46:30.0815 4872 elxstor - ok
20:46:30.0893 4872 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
20:46:30.0893 4872 EPSON_EB_RPCV4_01 - ok
20:46:30.0924 4872 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
20:46:30.0924 4872 EPSON_PM_RPCV4_01 - ok
20:46:30.0939 4872 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:46:30.0939 4872 ErrDev - ok
20:46:30.0971 4872 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:46:30.0971 4872 EventSystem - ok
20:46:31.0002 4872 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:46:31.0002 4872 exfat - ok
20:46:31.0017 4872 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:46:31.0017 4872 fastfat - ok
20:46:31.0064 4872 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
20:46:31.0064 4872 Fax - ok
20:46:31.0080 4872 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:46:31.0080 4872 fdc - ok
20:46:31.0095 4872 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:46:31.0095 4872 fdPHost - ok
20:46:31.0095 4872 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:46:31.0095 4872 FDResPub - ok
20:46:31.0111 4872 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:46:31.0111 4872 FileInfo - ok
20:46:31.0127 4872 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:46:31.0127 4872 Filetrace - ok
20:46:31.0173 4872 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:46:31.0189 4872 FLEXnet Licensing Service - ok
20:46:31.0189 4872 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:46:31.0189 4872 flpydisk - ok
20:46:31.0205 4872 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:46:31.0205 4872 FltMgr - ok
20:46:31.0236 4872 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
20:46:31.0251 4872 FontCache - ok
20:46:31.0298 4872 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:46:31.0298 4872 FontCache3.0.0.0 - ok
20:46:31.0329 4872 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:46:31.0329 4872 FsDepends - ok
20:46:31.0345 4872 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:46:31.0345 4872 Fs_Rec - ok
20:46:31.0361 4872 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:46:31.0361 4872 fvevol - ok
20:46:31.0376 4872 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:46:31.0376 4872 gagp30kx - ok
20:46:31.0392 4872 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:31.0392 4872 GEARAspiWDM - ok
20:46:31.0423 4872 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
20:46:31.0423 4872 gpsvc - ok
20:46:31.0439 4872 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:46:31.0439 4872 hcw85cir - ok
20:46:31.0470 4872 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:46:31.0470 4872 HdAudAddService - ok
20:46:31.0517 4872 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:46:31.0532 4872 HDAudBus - ok
20:46:31.0532 4872 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:46:31.0532 4872 HidBatt - ok
20:46:31.0548 4872 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:46:31.0548 4872 HidBth - ok
20:46:31.0563 4872 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:46:31.0563 4872 HidIr - ok
20:46:31.0579 4872 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:46:31.0579 4872 hidserv - ok
20:46:31.0610 4872 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:46:31.0610 4872 HidUsb - ok
20:46:31.0641 4872 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:46:31.0641 4872 hkmsvc - ok
20:46:31.0657 4872 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:46:31.0657 4872 HomeGroupListener - ok
20:46:31.0688 4872 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:46:31.0688 4872 HomeGroupProvider - ok
20:46:31.0704 4872 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:46:31.0704 4872 HpSAMD - ok
20:46:31.0735 4872 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:46:31.0735 4872 HTTP - ok
20:46:31.0751 4872 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:46:31.0751 4872 hwpolicy - ok
20:46:31.0782 4872 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:46:31.0782 4872 i8042prt - ok
20:46:31.0797 4872 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
20:46:31.0797 4872 iaStorV - ok
20:46:31.0875 4872 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:46:31.0875 4872 IDriverT - ok
20:46:31.0907 4872 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:46:31.0922 4872 idsvc - ok
20:46:31.0922 4872 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:46:31.0922 4872 iirsp - ok
20:46:31.0953 4872 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
20:46:31.0969 4872 IKEEXT - ok
20:46:31.0969 4872 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:46:31.0969 4872 intelide - ok
20:46:31.0969 4872 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:46:31.0985 4872 intelppm - ok
20:46:31.0985 4872 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:46:31.0985 4872 IPBusEnum - ok
20:46:32.0016 4872 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:32.0016 4872 IpFilterDriver - ok
20:46:32.0047 4872 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:46:32.0047 4872 iphlpsvc - ok
20:46:32.0063 4872 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:46:32.0063 4872 IPMIDRV - ok
20:46:32.0078 4872 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:46:32.0078 4872 IPNAT - ok
20:46:32.0141 4872 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:46:32.0141 4872 iPod Service - ok
20:46:32.0156 4872 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:46:32.0156 4872 IRENUM - ok
20:46:32.0172 4872 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:46:32.0172 4872 isapnp - ok
20:46:32.0187 4872 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:46:32.0187 4872 iScsiPrt - ok
20:46:32.0203 4872 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:32.0203 4872 kbdclass - ok
20:46:32.0234 4872 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:32.0234 4872 kbdhid - ok
20:46:32.0250 4872 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
20:46:32.0250 4872 KeyIso - ok
20:46:32.0265 4872 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:46:32.0265 4872 KSecDD - ok
20:46:32.0328 4872 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:46:32.0328 4872 KSecPkg - ok
20:46:32.0343 4872 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:46:32.0343 4872 ksthunk - ok
20:46:32.0437 4872 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:46:32.0531 4872 KtmRm - ok
20:46:32.0593 4872 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
20:46:32.0593 4872 L1E - ok
20:46:32.0624 4872 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:46:32.0624 4872 LanmanServer - ok
20:46:32.0655 4872 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:46:32.0655 4872 LanmanWorkstation - ok
20:46:32.0687 4872 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:46:32.0687 4872 lltdio - ok
20:46:32.0733 4872 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:46:32.0733 4872 lltdsvc - ok
20:46:32.0749 4872 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:46:32.0749 4872 lmhosts - ok
20:46:32.0780 4872 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:46:32.0780 4872 LSI_FC - ok
20:46:32.0796 4872 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:46:32.0796 4872 LSI_SAS - ok
20:46:32.0796 4872 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:46:32.0796 4872 LSI_SAS2 - ok
20:46:32.0796 4872 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:46:32.0796 4872 LSI_SCSI - ok
20:46:32.0811 4872 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:46:32.0811 4872 luafv - ok
20:46:32.0827 4872 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:46:32.0827 4872 MBAMProtector - ok
20:46:32.0874 4872 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:46:32.0874 4872 MBAMScheduler - ok
20:46:32.0889 4872 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:46:32.0905 4872 MBAMService - ok
20:46:32.0921 4872 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:46:32.0921 4872 Mcx2Svc - ok
20:46:32.0936 4872 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:46:32.0936 4872 megasas - ok
20:46:32.0952 4872 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:46:32.0952 4872 MegaSR - ok
20:46:32.0999 4872 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:46:32.0999 4872 Microsoft Office Groove Audit Service - ok
20:46:33.0014 4872 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:46:33.0014 4872 MMCSS - ok
20:46:33.0030 4872 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:46:33.0030 4872 Modem - ok
20:46:33.0061 4872 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:46:33.0061 4872 monitor - ok
20:46:33.0077 4872 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:46:33.0077 4872 mouclass - ok
20:46:33.0077 4872 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:46:33.0077 4872 mouhid - ok
20:46:33.0092 4872 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:46:33.0092 4872 mountmgr - ok
20:46:33.0139 4872 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:46:33.0139 4872 MozillaMaintenance - ok
20:46:33.0155 4872 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:46:33.0155 4872 mpio - ok
20:46:33.0170 4872 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:46:33.0170 4872 mpsdrv - ok
20:46:33.0201 4872 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:46:33.0201 4872 MpsSvc - ok
20:46:33.0233 4872 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
20:46:33.0233 4872 MQAC - ok
20:46:33.0248 4872 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:46:33.0248 4872 MRxDAV - ok