Solved Help computer infected! log files requested in sticky are pasted

ComboFix 12-10-04.02 - Admin 10/04/2012 13:13:50.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2519 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 05:44 . 2012-10-04 05:44 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\programdata\RosettaStoneLtdBackup
2012-10-03 06:32 . 2012-10-03 06:32 -------- d-----w- c:\programdata\FLEXnet
2012-10-03 06:26 . 2012-10-03 06:26 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-10-03 06:23 . 2012-10-04 05:34 -------- d-----w- c:\programdata\Rosetta Stone
2012-10-03 06:07 . 2012-10-03 07:12 -------- d-----w- c:\program files (x86)\Google
2012-10-03 06:07 . 2012-10-03 06:07 4096000 ----a-w- c:\program files (x86)\GUT17D6.tmp
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\program files (x86)\GUM17D5.tmp
2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
2012-09-27 05:31 . 2012-10-04 19:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-17 00:44 . 2012-10-04 20:03 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
2012-09-13 03:35 . 2012-09-13 03:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 03:35 . 2012-09-13 03:34 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 03:34 . 2012-09-13 03:34 -------- d-----w- c:\program files (x86)\Java
2012-09-13 03:33 . 2012-09-13 03:33 -------- d-----w- c:\programdata\McAfee
2012-09-13 03:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-13 03:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-13 03:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-13 03:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-13 03:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-13 03:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-13 03:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-13 03:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-13 03:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-13 03:26 . 2012-09-13 03:26 -------- d-----w- c:\programdata\!SASCORE
2012-09-13 03:22 . 2012-09-13 03:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46 . 2012-09-13 02:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-06 03:32 . 2012-09-06 03:32 -------- d-----w- c:\users\Lindsay\AppData\Roaming\ZoomBrowser EX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 08:12 . 2012-04-14 02:26 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 08:12 . 2012-02-04 22:08 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24286133
*Deregistered* - 24286133
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:12]
.
2012-10-04 c:\windows\Tasks\Sophos Patch Feed.job
- c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
.
2012-10-04 c:\windows\Tasks\Sophos Patch Purge.job
- c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6F2055D6-ADB1-4FDC-94C0-8138DA23D0F4&n=77ee1931&ind=2012092721&p2=^HJ^xdm003^S03103^us&si=CNu90_qf17ICFURxQgodmgQAmg&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-24286133.sys
SafeBoot-30756176.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-04 13:23:35
ComboFix-quarantined-files.txt 2012-10-04 20:23
ComboFix2.txt 2012-10-03 05:49
.
Pre-Run: 485,054,640,128 bytes free
Post-Run: 485,179,998,208 bytes free
.
- - End Of File - - ACDB10A95B1C7F2B11084A546419161B
 
Very well...

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\program files (x86)\GUT17D6.tmp
c:\program files (x86)\GUM17D5.tmp

FireFox::
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6F2055D6-ADB1-4FDC-94C0-8138DA23D0F4&n=77ee1931&ind=2012092721&p2=^HJ^xdm003^S03103^us&si=CNu90_qf17ICFURxQgodmgQAmg&searchfor=

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Thanks, I was out of town. So the computer is way faster but here's the weird thing. There is like ads running in the background that I can hear without any windows open.

ComboFix 12-10-08.03 - Admin 10/08/2012 21:29:44.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2461 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files (x86)\GUM17D5.tmp"
"c:\program files (x86)\GUT17D6.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GUT17D6.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-03 06:07 . 2012-10-03 07:12 -------- d-----w- c:\program files (x86)\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\program files (x86)\GUM17D5.tmp
2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
2012-09-27 05:31 . 2012-10-04 19:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-17 00:44 . 2012-10-09 03:57 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
2012-09-13 03:35 . 2012-09-13 03:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 03:35 . 2012-09-13 03:34 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 03:34 . 2012-09-13 03:34 -------- d-----w- c:\program files (x86)\Java
2012-09-13 03:33 . 2012-09-13 03:33 -------- d-----w- c:\programdata\McAfee
2012-09-13 03:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-13 03:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-13 03:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-13 03:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-13 03:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-13 03:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-13 03:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-13 03:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-13 03:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-13 03:26 . 2012-09-13 03:26 -------- d-----w- c:\programdata\!SASCORE
2012-09-13 03:22 . 2012-09-13 03:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46 . 2012-09-13 02:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 04:12 . 2012-04-14 02:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 04:12 . 2012-02-04 22:08 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-04 129976]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 04:12]
.
2012-10-09 c:\windows\Tasks\Sophos Patch Feed.job
- c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
.
2012-10-05 c:\windows\Tasks\Sophos Patch Purge.job
- c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-08 21:57:19
ComboFix-quarantined-files.txt 2012-10-09 04:57
ComboFix2.txt 2012-10-04 20:23
ComboFix3.txt 2012-10-03 05:49
.
Pre-Run: 484,820,955,136 bytes free
Post-Run: 484,435,464,192 bytes free
.
- - End Of File - - 51635A3F8845C0CC947779778684EA82
 
Not hearing ads on reboot. I think I might be clean!


ComboFix 12-10-08.03 - Admin 10/08/2012 21:29:44.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2461 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files (x86)\GUM17D5.tmp"
"c:\program files (x86)\GUT17D6.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GUT17D6.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-09 04:40 . 2012-10-09 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-03 06:07 . 2012-10-03 07:12 -------- d-----w- c:\program files (x86)\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\program files (x86)\GUM17D5.tmp
2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
2012-09-27 05:31 . 2012-10-04 19:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-17 00:44 . 2012-10-09 03:57 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
2012-09-13 03:35 . 2012-09-13 03:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 03:35 . 2012-09-13 03:34 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 03:34 . 2012-09-13 03:34 -------- d-----w- c:\program files (x86)\Java
2012-09-13 03:33 . 2012-09-13 03:33 -------- d-----w- c:\programdata\McAfee
2012-09-13 03:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-13 03:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-13 03:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-13 03:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-13 03:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-13 03:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-13 03:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-13 03:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-13 03:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-13 03:26 . 2012-09-13 03:26 -------- d-----w- c:\programdata\!SASCORE
2012-09-13 03:22 . 2012-09-13 03:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46 . 2012-09-13 02:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 04:12 . 2012-04-14 02:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 04:12 . 2012-02-04 22:08 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-04 129976]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 04:12]
.
2012-10-09 c:\windows\Tasks\Sophos Patch Feed.job
- c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
.
2012-10-05 c:\windows\Tasks\Sophos Patch Purge.job
- c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-08 21:57:19
ComboFix-quarantined-files.txt 2012-10-09 04:57
ComboFix2.txt 2012-10-04 20:23
ComboFix3.txt 2012-10-03 05:49
.
Pre-Run: 484,820,955,136 bytes free
Post-Run: 484,435,464,192 bytes free
.
- - End Of File - - 51635A3F8845C0CC947779778684EA82
 
Oh no. Ad's are back! Mywebsearch is back. Message is back:

Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website: 89.114.9.95

Type: outgoing
Port: 51944 Process: svchost.exe

This thing won't die.
 
20:24:26.0368 4228 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:24:27.0071 4228 ============================================================
20:24:27.0071 4228 Current date / time: 2012/10/09 20:24:27.0071
20:24:27.0071 4228 SystemInfo:
20:24:27.0071 4228
20:24:27.0071 4228 OS Version: 6.1.7600 ServicePack: 0.0
20:24:27.0071 4228 Product type: Workstation
20:24:27.0071 4228 ComputerName: LINDSAY-PC
20:24:27.0072 4228 UserName: Admin
20:24:27.0072 4228 Windows directory: C:\Windows
20:24:27.0072 4228 System windows directory: C:\Windows
20:24:27.0072 4228 Running under WOW64
20:24:27.0072 4228 Processor architecture: Intel x64
20:24:27.0072 4228 Number of processors: 4
20:24:27.0072 4228 Page size: 0x1000
20:24:27.0072 4228 Boot type: Normal boot
20:24:27.0072 4228 ============================================================
20:24:28.0322 4228 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:24:28.0325 4228 ============================================================
20:24:28.0325 4228 \Device\Harddisk0\DR0:
20:24:28.0325 4228 MBR partitions:
20:24:28.0325 4228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:24:28.0325 4228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
20:24:28.0325 4228 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
20:24:28.0325 4228 ============================================================
20:24:28.0344 4228 C: <-> \Device\Harddisk0\DR0\Partition3
20:24:28.0382 4228 D: <-> \Device\Harddisk0\DR0\Partition2
20:24:28.0382 4228 ============================================================
20:24:28.0382 4228 Initialize success
20:24:28.0382 4228 ============================================================
20:24:31.0431 2116 ============================================================
20:24:31.0431 2116 Scan started
20:24:31.0431 2116 Mode: Manual;
20:24:31.0431 2116 ============================================================
20:24:34.0131 2116 ================ Scan system memory ========================
20:24:34.0131 2116 System memory - ok
20:24:34.0131 2116 ================ Scan services =============================
20:24:34.0381 2116 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:24:34.0381 2116 !SASCORE - ok
20:24:34.0521 2116 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:24:34.0561 2116 1394ohci - ok
20:24:34.0611 2116 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:24:34.0611 2116 ACPI - ok
20:24:34.0651 2116 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:24:34.0661 2116 AcpiPmi - ok
20:24:34.0841 2116 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:24:34.0851 2116 AdobeFlashPlayerUpdateSvc - ok
20:24:34.0881 2116 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:34.0901 2116 adp94xx - ok
20:24:34.0921 2116 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:24:34.0921 2116 adpahci - ok
20:24:34.0971 2116 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:24:34.0991 2116 adpu320 - ok
20:24:35.0061 2116 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:24:35.0071 2116 AeLookupSvc - ok
20:24:35.0221 2116 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
20:24:35.0241 2116 AFD - ok
20:24:35.0261 2116 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:24:35.0261 2116 agp440 - ok
20:24:35.0291 2116 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:24:35.0291 2116 ALG - ok
20:24:35.0311 2116 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:24:35.0311 2116 aliide - ok
20:24:35.0321 2116 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:24:35.0321 2116 amdide - ok
20:24:35.0341 2116 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:24:35.0341 2116 AmdK8 - ok
20:24:35.0361 2116 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:24:35.0361 2116 AmdPPM - ok
20:24:35.0381 2116 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
20:24:35.0381 2116 amdsata - ok
20:24:35.0411 2116 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:35.0411 2116 amdsbs - ok
20:24:35.0431 2116 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
20:24:35.0451 2116 amdxata - ok
20:24:35.0471 2116 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:24:35.0471 2116 AppID - ok
20:24:35.0491 2116 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:24:35.0491 2116 AppIDSvc - ok
20:24:35.0521 2116 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
20:24:35.0521 2116 Appinfo - ok
20:24:35.0621 2116 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:24:35.0621 2116 Apple Mobile Device - ok
20:24:35.0661 2116 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:24:35.0661 2116 AppMgmt - ok
20:24:35.0681 2116 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:24:35.0681 2116 arc - ok
20:24:35.0701 2116 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:24:35.0701 2116 arcsas - ok
20:24:35.0721 2116 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:35.0721 2116 AsyncMac - ok
20:24:35.0731 2116 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:24:35.0731 2116 atapi - ok
20:24:35.0921 2116 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:24:35.0971 2116 atikmdag - ok
20:24:36.0111 2116 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:24:36.0121 2116 AudioEndpointBuilder - ok
20:24:36.0131 2116 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:24:36.0131 2116 AudioSrv - ok
20:24:36.0151 2116 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:24:36.0161 2116 AxInstSV - ok
20:24:36.0181 2116 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:24:36.0181 2116 b06bdrv - ok
20:24:36.0201 2116 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:24:36.0201 2116 b57nd60a - ok
20:24:36.0221 2116 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:24:36.0231 2116 BDESVC - ok
20:24:36.0241 2116 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:24:36.0241 2116 Beep - ok
20:24:36.0271 2116 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
20:24:36.0281 2116 BFE - ok
20:24:36.0401 2116 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
20:24:36.0421 2116 BITS - ok
20:24:36.0441 2116 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:36.0441 2116 blbdrive - ok
20:24:36.0501 2116 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:24:36.0501 2116 Bonjour Service - ok
20:24:36.0531 2116 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:24:36.0531 2116 bowser - ok
20:24:36.0541 2116 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:36.0541 2116 BrFiltLo - ok
20:24:36.0551 2116 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:36.0551 2116 BrFiltUp - ok
20:24:36.0561 2116 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:24:36.0561 2116 BridgeMP - ok
20:24:36.0581 2116 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
20:24:36.0581 2116 Browser - ok
20:24:36.0601 2116 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:24:36.0601 2116 Brserid - ok
20:24:36.0631 2116 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:36.0631 2116 BrSerWdm - ok
20:24:36.0651 2116 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:36.0651 2116 BrUsbMdm - ok
20:24:36.0651 2116 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:36.0651 2116 BrUsbSer - ok
20:24:36.0671 2116 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:36.0671 2116 BTHMODEM - ok
20:24:36.0691 2116 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:24:36.0691 2116 bthserv - ok
20:24:36.0701 2116 catchme - ok
20:24:36.0711 2116 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:24:36.0711 2116 cdfs - ok
20:24:36.0731 2116 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:24:36.0731 2116 cdrom - ok
20:24:36.0761 2116 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
20:24:36.0761 2116 CertPropSvc - ok
20:24:36.0781 2116 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:24:36.0781 2116 circlass - ok
20:24:36.0801 2116 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:24:36.0811 2116 CLFS - ok
20:24:36.0861 2116 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:36.0871 2116 clr_optimization_v2.0.50727_32 - ok
20:24:36.0921 2116 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:24:36.0921 2116 clr_optimization_v2.0.50727_64 - ok
20:24:36.0931 2116 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:36.0931 2116 CmBatt - ok
20:24:36.0941 2116 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:24:36.0941 2116 cmdide - ok
20:24:36.0971 2116 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
20:24:36.0991 2116 CNG - ok
20:24:37.0011 2116 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:24:37.0031 2116 Compbatt - ok
20:24:37.0061 2116 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:24:37.0061 2116 CompositeBus - ok
20:24:37.0071 2116 COMSysApp - ok
20:24:37.0091 2116 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
20:24:37.0091 2116 cpuz134 - ok
20:24:37.0101 2116 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:37.0101 2116 crcdisk - ok
20:24:37.0151 2116 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:24:37.0151 2116 CryptSvc - ok
20:24:37.0181 2116 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
20:24:37.0181 2116 CSC - ok
20:24:37.0211 2116 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
20:24:37.0221 2116 CscService - ok
20:24:37.0261 2116 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:24:37.0261 2116 DcomLaunch - ok
20:24:37.0311 2116 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:24:37.0311 2116 defragsvc - ok
20:24:37.0331 2116 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:24:37.0331 2116 DfsC - ok
20:24:37.0371 2116 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
20:24:37.0371 2116 Dhcp - ok
20:24:37.0381 2116 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:24:37.0381 2116 discache - ok
20:24:37.0411 2116 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:24:37.0421 2116 Disk - ok
20:24:37.0431 2116 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:24:37.0431 2116 Dnscache - ok
20:24:37.0451 2116 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
20:24:37.0461 2116 dot3svc - ok
20:24:37.0471 2116 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
20:24:37.0471 2116 DPS - ok
20:24:37.0501 2116 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:24:37.0501 2116 drmkaud - ok
20:24:37.0541 2116 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:24:37.0551 2116 DXGKrnl - ok
20:24:37.0571 2116 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:24:37.0571 2116 EapHost - ok
20:24:37.0651 2116 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:24:37.0681 2116 ebdrv - ok
20:24:37.0741 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
20:24:37.0751 2116 EFS - ok
20:24:37.0801 2116 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:24:37.0811 2116 ehRecvr - ok
20:24:37.0821 2116 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:24:37.0821 2116 ehSched - ok
20:24:37.0861 2116 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:24:37.0871 2116 elxstor - ok
20:24:38.0031 2116 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
20:24:38.0061 2116 EPSON_EB_RPCV4_01 - ok
20:24:38.0091 2116 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
20:24:38.0091 2116 EPSON_PM_RPCV4_01 - ok
20:24:38.0101 2116 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:24:38.0101 2116 ErrDev - ok
20:24:38.0121 2116 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:24:38.0131 2116 EventSystem - ok
20:24:38.0151 2116 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:24:38.0161 2116 exfat - ok
20:24:38.0171 2116 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:24:38.0171 2116 fastfat - ok
20:24:38.0211 2116 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
20:24:38.0221 2116 Fax - ok
20:24:38.0231 2116 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:24:38.0231 2116 fdc - ok
20:24:38.0231 2116 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:24:38.0231 2116 fdPHost - ok
20:24:38.0241 2116 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:24:38.0241 2116 FDResPub - ok
20:24:38.0251 2116 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:24:38.0251 2116 FileInfo - ok
20:24:38.0261 2116 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:24:38.0261 2116 Filetrace - ok
20:24:38.0321 2116 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:24:38.0331 2116 FLEXnet Licensing Service - ok
20:24:38.0341 2116 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:38.0341 2116 flpydisk - ok
20:24:38.0351 2116 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:24:38.0351 2116 FltMgr - ok
20:24:38.0381 2116 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
20:24:38.0391 2116 FontCache - ok
20:24:38.0431 2116 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:38.0441 2116 FontCache3.0.0.0 - ok
20:24:38.0461 2116 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:24:38.0471 2116 FsDepends - ok
20:24:38.0481 2116 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:24:38.0481 2116 Fs_Rec - ok
20:24:38.0501 2116 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:24:38.0501 2116 fvevol - ok
20:24:38.0521 2116 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:38.0521 2116 gagp30kx - ok
20:24:38.0531 2116 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:38.0531 2116 GEARAspiWDM - ok
20:24:38.0571 2116 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
20:24:38.0581 2116 gpsvc - ok
20:24:38.0591 2116 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:24:38.0591 2116 hcw85cir - ok
20:24:38.0621 2116 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:24:38.0631 2116 HdAudAddService - ok
20:24:38.0641 2116 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:38.0641 2116 HDAudBus - ok
20:24:38.0651 2116 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:38.0651 2116 HidBatt - ok
20:24:38.0661 2116 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:24:38.0661 2116 HidBth - ok
20:24:38.0681 2116 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:24:38.0681 2116 HidIr - ok
20:24:38.0691 2116 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:24:38.0691 2116 hidserv - ok
20:24:38.0711 2116 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:24:38.0711 2116 HidUsb - ok
20:24:38.0731 2116 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:24:38.0741 2116 hkmsvc - ok
20:24:38.0751 2116 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:24:38.0761 2116 HomeGroupListener - ok
20:24:38.0791 2116 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:24:38.0791 2116 HomeGroupProvider - ok
20:24:38.0811 2116 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:24:38.0811 2116 HpSAMD - ok
20:24:38.0841 2116 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:24:38.0851 2116 HTTP - ok
20:24:38.0871 2116 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:24:38.0871 2116 hwpolicy - ok
20:24:38.0901 2116 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:38.0911 2116 i8042prt - ok
20:24:38.0931 2116 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
20:24:38.0931 2116 iaStorV - ok
20:24:39.0021 2116 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:24:39.0031 2116 IDriverT - ok
20:24:39.0171 2116 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:24:39.0191 2116 idsvc - ok
20:24:39.0201 2116 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:24:39.0201 2116 iirsp - ok
20:24:39.0241 2116 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
20:24:39.0251 2116 IKEEXT - ok
20:24:39.0271 2116 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:24:39.0271 2116 intelide - ok
20:24:39.0281 2116 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:24:39.0281 2116 intelppm - ok
20:24:39.0291 2116 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:24:39.0291 2116 IPBusEnum - ok
20:24:39.0301 2116 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:39.0301 2116 IpFilterDriver - ok
20:24:39.0331 2116 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:24:39.0351 2116 iphlpsvc - ok
20:24:39.0361 2116 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:24:39.0391 2116 IPMIDRV - ok
20:24:39.0411 2116 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:24:39.0411 2116 IPNAT - ok
20:24:39.0481 2116 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:24:39.0491 2116 iPod Service - ok
20:24:39.0501 2116 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:24:39.0501 2116 IRENUM - ok
20:24:39.0511 2116 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:24:39.0511 2116 isapnp - ok
20:24:39.0531 2116 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:39.0531 2116 iScsiPrt - ok
20:24:39.0551 2116 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:39.0551 2116 kbdclass - ok
20:24:39.0571 2116 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:39.0571 2116 kbdhid - ok
20:24:39.0581 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
20:24:39.0581 2116 KeyIso - ok
20:24:39.0591 2116 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:24:39.0591 2116 KSecDD - ok
20:24:39.0611 2116 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:24:39.0611 2116 KSecPkg - ok
20:24:39.0631 2116 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:24:39.0631 2116 ksthunk - ok
20:24:39.0651 2116 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:24:39.0651 2116 KtmRm - ok
20:24:39.0671 2116 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
20:24:39.0671 2116 L1E - ok
20:24:39.0711 2116 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:24:39.0711 2116 LanmanServer - ok
20:24:39.0741 2116 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:24:39.0741 2116 LanmanWorkstation - ok
20:24:39.0771 2116 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:24:39.0771 2116 lltdio - ok
20:24:39.0791 2116 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:24:39.0791 2116 lltdsvc - ok
20:24:39.0811 2116 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:24:39.0811 2116 lmhosts - ok
20:24:39.0841 2116 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:39.0841 2116 LSI_FC - ok
20:24:39.0851 2116 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:39.0861 2116 LSI_SAS - ok
20:24:39.0861 2116 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:39.0861 2116 LSI_SAS2 - ok
20:24:39.0871 2116 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:39.0871 2116 LSI_SCSI - ok
20:24:39.0891 2116 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:24:39.0891 2116 luafv - ok
20:24:39.0921 2116 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:24:39.0921 2116 MBAMProtector - ok
20:24:39.0971 2116 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:24:39.0971 2116 MBAMScheduler - ok
20:24:40.0001 2116 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:24:40.0011 2116 MBAMService - ok
20:24:40.0031 2116 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:24:40.0031 2116 Mcx2Svc - ok
20:24:40.0041 2116 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:24:40.0041 2116 megasas - ok
20:24:40.0061 2116 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:40.0061 2116 MegaSR - ok
20:24:40.0301 2116 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:24:40.0311 2116 Microsoft Office Groove Audit Service - ok
20:24:40.0351 2116 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:24:40.0351 2116 MMCSS - ok
20:24:40.0381 2116 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:24:40.0381 2116 Modem - ok
20:24:40.0411 2116 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:24:40.0411 2116 monitor - ok
20:24:40.0431 2116 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:24:40.0431 2116 mouclass - ok
20:24:40.0441 2116 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:24:40.0451 2116 mouhid - ok
20:24:40.0461 2116 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:24:40.0461 2116 mountmgr - ok
20:24:40.0491 2116 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:40.0491 2116 MozillaMaintenance - ok
20:24:40.0511 2116 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:24:40.0511 2116 mpio - ok
20:24:40.0531 2116 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:24:40.0541 2116 mpsdrv - ok
20:24:40.0561 2116 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:24:40.0571 2116 MpsSvc - ok
20:24:40.0591 2116 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
20:24:40.0591 2116 MQAC - ok
20:24:40.0631 2116 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:24:40.0631 2116 MRxDAV - ok
20:24:40.0651 2116 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:40.0651 2116 mrxsmb - ok
20:24:40.0681 2116 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:40.0691 2116 mrxsmb10 - ok
20:24:40.0711 2116 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:40.0711 2116 mrxsmb20 - ok
20:24:40.0731 2116 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:24:40.0731 2116 msahci - ok
20:24:40.0741 2116 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
 
20:24:40.0751 2116 msdsm - ok
20:24:40.0761 2116 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:24:40.0761 2116 MSDTC - ok
20:24:40.0801 2116 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:24:40.0811 2116 Msfs - ok
20:24:40.0831 2116 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:24:40.0831 2116 mshidkmdf - ok
20:24:40.0841 2116 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:24:40.0841 2116 msisadrv - ok
20:24:40.0861 2116 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:24:40.0861 2116 MSiSCSI - ok
20:24:40.0861 2116 msiserver - ok
20:24:40.0891 2116 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:24:40.0891 2116 MSKSSRV - ok
20:24:40.0921 2116 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
20:24:40.0921 2116 MSMQ - ok
20:24:40.0931 2116 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:40.0931 2116 MSPCLOCK - ok
20:24:40.0931 2116 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:24:40.0931 2116 MSPQM - ok
20:24:40.0961 2116 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:24:40.0961 2116 MsRPC - ok
20:24:40.0981 2116 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:40.0981 2116 mssmbios - ok
20:24:41.0041 2116 MSSQL$SOPHOS - ok
20:24:41.0141 2116 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:24:41.0161 2116 MSSQLServerADHelper100 - ok
20:24:41.0161 2116 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:24:41.0171 2116 MSTEE - ok
20:24:41.0181 2116 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:41.0181 2116 MTConfig - ok
20:24:41.0201 2116 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:24:41.0211 2116 Mup - ok
20:24:41.0271 2116 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
20:24:41.0281 2116 napagent - ok
20:24:41.0321 2116 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:24:41.0321 2116 NativeWifiP - ok
20:24:41.0361 2116 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:24:41.0371 2116 NDIS - ok
20:24:41.0381 2116 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:41.0381 2116 NdisCap - ok
20:24:41.0411 2116 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:41.0411 2116 NdisTapi - ok
20:24:41.0431 2116 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:41.0431 2116 Ndisuio - ok
20:24:41.0451 2116 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:41.0451 2116 NdisWan - ok
20:24:41.0461 2116 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:24:41.0471 2116 NDProxy - ok
20:24:41.0481 2116 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:24:41.0481 2116 NetBIOS - ok
20:24:41.0491 2116 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:24:41.0491 2116 NetBT - ok
20:24:41.0501 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
20:24:41.0501 2116 Netlogon - ok
20:24:41.0571 2116 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:24:41.0581 2116 Netman - ok
20:24:41.0591 2116 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:24:41.0601 2116 netprofm - ok
20:24:41.0611 2116 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:24:41.0611 2116 NetTcpPortSharing - ok
20:24:41.0621 2116 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:41.0621 2116 nfrd960 - ok
20:24:41.0631 2116 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:24:41.0641 2116 NlaSvc - ok
20:24:41.0651 2116 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:24:41.0651 2116 Npfs - ok
20:24:41.0671 2116 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:24:41.0671 2116 nsi - ok
20:24:41.0681 2116 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:24:41.0681 2116 nsiproxy - ok
20:24:41.0721 2116 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:24:41.0741 2116 Ntfs - ok
20:24:41.0751 2116 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:24:41.0751 2116 Null - ok
20:24:41.0791 2116 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
20:24:41.0791 2116 nvraid - ok
20:24:41.0811 2116 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
20:24:41.0811 2116 nvstor - ok
20:24:41.0821 2116 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:24:41.0821 2116 nv_agp - ok
20:24:41.0901 2116 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:24:41.0911 2116 odserv - ok
20:24:41.0921 2116 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:24:41.0931 2116 ohci1394 - ok
20:24:41.0951 2116 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:41.0951 2116 ose - ok
20:24:41.0981 2116 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:24:41.0981 2116 p2pimsvc - ok
20:24:42.0001 2116 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:24:42.0001 2116 p2psvc - ok
20:24:42.0011 2116 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:24:42.0011 2116 Parport - ok
20:24:42.0041 2116 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:24:42.0041 2116 partmgr - ok
20:24:42.0051 2116 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:24:42.0061 2116 PcaSvc - ok
20:24:42.0071 2116 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
20:24:42.0071 2116 pci - ok
20:24:42.0081 2116 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:24:42.0091 2116 pciide - ok
20:24:42.0131 2116 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:42.0131 2116 pcmcia - ok
20:24:42.0151 2116 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:24:42.0151 2116 pcw - ok
20:24:42.0171 2116 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:24:42.0171 2116 PEAUTH - ok
20:24:42.0211 2116 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:24:42.0231 2116 PeerDistSvc - ok
20:24:42.0291 2116 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:24:42.0301 2116 PerfHost - ok
20:24:42.0341 2116 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
20:24:42.0361 2116 pla - ok
20:24:42.0421 2116 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:24:42.0421 2116 PlugPlay - ok
20:24:42.0441 2116 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:24:42.0441 2116 PNRPAutoReg - ok
20:24:42.0451 2116 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:24:42.0451 2116 PNRPsvc - ok
20:24:42.0511 2116 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:24:42.0521 2116 PolicyAgent - ok
20:24:42.0641 2116 postgresql-8.4 - ok
20:24:42.0661 2116 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:24:42.0661 2116 Power - ok
20:24:42.0681 2116 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:24:42.0691 2116 PptpMiniport - ok
20:24:42.0701 2116 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:24:42.0701 2116 Processor - ok
20:24:42.0711 2116 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
20:24:42.0711 2116 ProfSvc - ok
20:24:42.0731 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:24:42.0731 2116 ProtectedStorage - ok
20:24:42.0751 2116 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:24:42.0751 2116 Psched - ok
20:24:42.0801 2116 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:24:42.0821 2116 ql2300 - ok
20:24:42.0831 2116 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:42.0841 2116 ql40xx - ok
20:24:42.0841 2116 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:24:42.0851 2116 QWAVE - ok
20:24:42.0861 2116 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:24:42.0861 2116 QWAVEdrv - ok
20:24:42.0881 2116 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:24:42.0881 2116 RasAcd - ok
20:24:42.0901 2116 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:42.0901 2116 RasAgileVpn - ok
20:24:42.0911 2116 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:24:42.0921 2116 RasAuto - ok
20:24:42.0941 2116 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:42.0941 2116 Rasl2tp - ok
20:24:42.0951 2116 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
20:24:42.0961 2116 RasMan - ok
20:24:42.0971 2116 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:42.0971 2116 RasPppoe - ok
20:24:43.0011 2116 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:24:43.0021 2116 RasSstp - ok
20:24:43.0031 2116 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:24:43.0041 2116 rdbss - ok
20:24:43.0051 2116 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:43.0051 2116 rdpbus - ok
20:24:43.0061 2116 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:43.0061 2116 RDPCDD - ok
20:24:43.0081 2116 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:24:43.0081 2116 RDPDR - ok
20:24:43.0101 2116 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:24:43.0101 2116 RDPENCDD - ok
20:24:43.0111 2116 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:24:43.0111 2116 RDPREFMP - ok
20:24:43.0171 2116 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:24:43.0181 2116 RDPWD - ok
20:24:43.0211 2116 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:24:43.0221 2116 rdyboost - ok
20:24:43.0271 2116 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
20:24:43.0271 2116 Realtek11nSU - ok
20:24:43.0301 2116 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:24:43.0301 2116 RemoteAccess - ok
20:24:43.0321 2116 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:24:43.0321 2116 RemoteRegistry - ok
20:24:43.0341 2116 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:24:43.0341 2116 RpcEptMapper - ok
20:24:43.0371 2116 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:24:43.0371 2116 RpcLocator - ok
20:24:43.0391 2116 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
20:24:43.0401 2116 RpcSs - ok
20:24:43.0431 2116 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
20:24:43.0441 2116 RsFx0103 - ok
20:24:43.0451 2116 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:24:43.0451 2116 rspndr - ok
20:24:43.0491 2116 [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
20:24:43.0501 2116 RTL8192su - ok
20:24:43.0531 2116 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
20:24:43.0531 2116 s3cap - ok
20:24:43.0541 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
20:24:43.0541 2116 SamSs - ok
20:24:43.0591 2116 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:24:43.0591 2116 SASDIFSV - ok
20:24:43.0631 2116 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:24:43.0631 2116 SASKUTIL - ok
20:24:43.0641 2116 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:24:43.0641 2116 sbp2port - ok
20:24:43.0671 2116 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:24:43.0671 2116 SCardSvr - ok
20:24:43.0701 2116 [ 4B12E2E559641B0F26474BBC6D7CFAFF ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
20:24:43.0701 2116 SCDEmu - ok
20:24:43.0711 2116 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:24:43.0711 2116 scfilter - ok
20:24:43.0751 2116 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
20:24:43.0771 2116 Schedule - ok
20:24:43.0801 2116 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:24:43.0811 2116 SCPolicySvc - ok
20:24:43.0821 2116 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:24:43.0821 2116 SDRSVC - ok
20:24:43.0831 2116 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:24:43.0831 2116 secdrv - ok
20:24:43.0851 2116 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
20:24:43.0851 2116 seclogon - ok
20:24:43.0861 2116 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:24:43.0861 2116 SENS - ok
20:24:43.0871 2116 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:24:43.0871 2116 SensrSvc - ok
20:24:43.0891 2116 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:24:43.0891 2116 Serenum - ok
20:24:43.0891 2116 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:24:43.0901 2116 Serial - ok
20:24:43.0911 2116 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:24:43.0911 2116 sermouse - ok
20:24:43.0951 2116 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
20:24:43.0951 2116 SessionEnv - ok
20:24:43.0971 2116 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:24:43.0971 2116 sffdisk - ok
20:24:43.0981 2116 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:24:43.0981 2116 sffp_mmc - ok
20:24:43.0991 2116 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:24:43.0991 2116 sffp_sd - ok
20:24:44.0001 2116 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:44.0001 2116 sfloppy - ok
20:24:44.0061 2116 [ 41264E06A5CB8FF21D4D2FC59CFEE8EC ] SGNBusinessLogicService C:\Program Files (x86)\Sophos\Encryption\BLService.exe
20:24:44.0061 2116 SGNBusinessLogicService - ok
20:24:44.0071 2116 SGN_LogSystem - ok
20:24:44.0111 2116 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:24:44.0111 2116 SharedAccess - ok
20:24:44.0161 2116 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:24:44.0171 2116 ShellHWDetection - ok
20:24:44.0181 2116 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:44.0191 2116 SiSRaid2 - ok
20:24:44.0201 2116 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:44.0201 2116 SiSRaid4 - ok
20:24:44.0221 2116 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:24:44.0231 2116 Smb - ok
20:24:44.0241 2116 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:24:44.0241 2116 SNMPTRAP - ok
20:24:44.0291 2116 [ 1DD15CBAE4AA7B2F5166D0C2700AEF94 ] Sophos Agent C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
20:24:44.0301 2116 Sophos Agent - ok
20:24:44.0311 2116 [ F55A42C8A2FA52B2EFAB477C015AD24E ] Sophos Certification Manager C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
20:24:44.0321 2116 Sophos Certification Manager - ok
20:24:44.0441 2116 [ AB6E2BF3AD49DDB152A53201DFF42483 ] Sophos Management Service C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
20:24:44.0521 2116 Sophos Management Service - ok
20:24:44.0621 2116 [ 65F816D7534D25623DA909911FF7E7D8 ] Sophos Message Router C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
20:24:44.0631 2116 Sophos Message Router - ok
20:24:44.0741 2116 [ 1BE9D02F57AB179C2FB900E3B3938F41 ] SophosManagementHostService C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe
20:24:44.0741 2116 SophosManagementHostService - ok
20:24:44.0761 2116 [ D0BC85E0D204E42EE54867A8E6EFE7A6 ] SophosPatchEndpointCommunicator C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe
20:24:44.0761 2116 SophosPatchEndpointCommunicator - ok
20:24:44.0781 2116 [ AA87E68657D0AD06C5922A01D01B47FB ] SophosPatchOrchestratorService C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe
20:24:44.0791 2116 SophosPatchOrchestratorService - ok
20:24:44.0811 2116 [ C5816593AC80CA028EBD8A481E70B8DB ] SophosPatchServerCommunicator C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe
20:24:44.0811 2116 SophosPatchServerCommunicator - ok
20:24:44.0821 2116 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:24:44.0821 2116 spldr - ok
20:24:44.0851 2116 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
20:24:44.0851 2116 Spooler - ok
20:24:44.0921 2116 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
20:24:44.0951 2116 sppsvc - ok
20:24:44.0991 2116 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:24:44.0991 2116 sppuinotify - ok
20:24:45.0051 2116 [ A5609D0178B2FEC118A7F4A24ECD1BFB ] SQLAgent$SOPHOS c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE
20:24:45.0061 2116 SQLAgent$SOPHOS - ok
20:24:45.0111 2116 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:24:45.0111 2116 SQLBrowser - ok
20:24:45.0171 2116 [ C298D989D717CB153702E397B6D9AAAD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:24:45.0171 2116 SQLWriter - ok
20:24:45.0211 2116 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:24:45.0211 2116 srv - ok
20:24:45.0231 2116 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:24:45.0231 2116 srv2 - ok
20:24:45.0251 2116 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:24:45.0251 2116 srvnet - ok
20:24:45.0271 2116 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:24:45.0271 2116 SSDPSRV - ok
20:24:45.0281 2116 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:24:45.0281 2116 SstpSvc - ok
20:24:45.0311 2116 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:24:45.0321 2116 stexstor - ok
20:24:45.0351 2116 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
20:24:45.0351 2116 stisvc - ok
20:24:45.0361 2116 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
20:24:45.0361 2116 storflt - ok
20:24:45.0371 2116 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
20:24:45.0371 2116 storvsc - ok
20:24:45.0391 2116 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:24:45.0391 2116 swenum - ok
20:24:45.0401 2116 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:24:45.0411 2116 swprv - ok
20:24:45.0451 2116 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
20:24:45.0471 2116 SysMain - ok
20:24:45.0481 2116 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:24:45.0481 2116 TabletInputService - ok
20:24:45.0501 2116 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:24:45.0511 2116 TapiSrv - ok
20:24:45.0521 2116 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:24:45.0521 2116 TBS - ok
20:24:45.0571 2116 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:24:45.0591 2116 Tcpip - ok
20:24:45.0621 2116 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:24:45.0631 2116 TCPIP6 - ok
20:24:45.0661 2116 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:24:45.0661 2116 tcpipreg - ok
20:24:45.0671 2116 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:24:45.0671 2116 TDPIPE - ok
20:24:45.0701 2116 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:24:45.0701 2116 TDTCP - ok
20:24:45.0711 2116 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:24:45.0721 2116 tdx - ok
20:24:45.0731 2116 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:24:45.0731 2116 TermDD - ok
20:24:45.0751 2116 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
20:24:45.0761 2116 TermService - ok
20:24:45.0771 2116 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:24:45.0771 2116 Themes - ok
20:24:45.0801 2116 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:24:45.0801 2116 THREADORDER - ok
20:24:45.0811 2116 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:24:45.0821 2116 TrkWks - ok
20:24:45.0881 2116 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:24:45.0881 2116 TrustedInstaller - ok
20:24:45.0881 2116 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:45.0891 2116 tssecsrv - ok
20:24:45.0901 2116 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:24:45.0901 2116 tunnel - ok
20:24:45.0921 2116 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:24:45.0921 2116 uagp35 - ok
20:24:45.0941 2116 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:24:45.0941 2116 udfs - ok
20:24:45.0961 2116 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:24:45.0961 2116 UI0Detect - ok
20:24:45.0981 2116 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:24:45.0981 2116 uliagpkx - ok
20:24:45.0991 2116 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:24:45.0991 2116 umbus - ok
20:24:46.0001 2116 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:24:46.0001 2116 UmPass - ok
20:24:46.0021 2116 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
20:24:46.0031 2116 UmRdpService - ok
20:24:46.0041 2116 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:24:46.0051 2116 upnphost - ok
20:24:46.0071 2116 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:24:46.0071 2116 USBAAPL64 - ok
20:24:46.0111 2116 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:24:46.0111 2116 usbaudio - ok
20:24:46.0121 2116 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:46.0121 2116 usbccgp - ok
20:24:46.0141 2116 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:24:46.0141 2116 usbcir - ok
20:24:46.0151 2116 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:24:46.0161 2116 usbehci - ok
20:24:46.0201 2116 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:24:46.0201 2116 usbhub - ok
20:24:46.0211 2116 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:24:46.0211 2116 usbohci - ok
20:24:46.0221 2116 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:24:46.0221 2116 usbprint - ok
20:24:46.0241 2116 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:24:46.0241 2116 usbscan - ok
20:24:46.0251 2116 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:46.0251 2116 USBSTOR - ok
20:24:46.0271 2116 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:24:46.0271 2116 usbuhci - ok
20:24:46.0301 2116 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:24:46.0301 2116 UxSms - ok
20:24:46.0311 2116 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
20:24:46.0311 2116 VaultSvc - ok
20:24:46.0331 2116 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:24:46.0331 2116 vdrvroot - ok
20:24:46.0361 2116 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
20:24:46.0371 2116 vds - ok
20:24:46.0381 2116 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:46.0391 2116 vga - ok
20:24:46.0411 2116 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:24:46.0411 2116 VgaSave - ok
20:24:46.0421 2116 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:24:46.0431 2116 vhdmp - ok
20:24:46.0441 2116 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:24:46.0441 2116 viaide - ok
20:24:46.0461 2116 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
20:24:46.0461 2116 vmbus - ok
20:24:46.0471 2116 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
20:24:46.0471 2116 VMBusHID - ok
20:24:46.0491 2116 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:24:46.0491 2116 volmgr - ok
20:24:46.0511 2116 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:24:46.0511 2116 volmgrx - ok
20:24:46.0531 2116 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:24:46.0531 2116 volsnap - ok
20:24:46.0551 2116 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:46.0551 2116 vsmraid - ok
20:24:46.0581 2116 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
20:24:46.0611 2116 VSS - ok
20:24:46.0621 2116 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:46.0621 2116 vwifibus - ok
20:24:46.0631 2116 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:46.0631 2116 vwififlt - ok
20:24:46.0651 2116 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:24:46.0651 2116 W32Time - ok
20:24:46.0671 2116 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:24:46.0681 2116 WacomPen - ok
20:24:46.0731 2116 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:24:46.0731 2116 WANARP - ok
20:24:46.0741 2116 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:24:46.0741 2116 Wanarpv6 - ok
20:24:46.0771 2116 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
20:24:46.0791 2116 wbengine - ok
20:24:46.0811 2116 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:24:46.0811 2116 WbioSrvc - ok
20:24:46.0831 2116 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:24:46.0831 2116 wcncsvc - ok
20:24:46.0871 2116 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:24:46.0871 2116 WcsPlugInService - ok
20:24:46.0891 2116 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:24:46.0891 2116 Wd - ok
20:24:46.0911 2116 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:24:46.0921 2116 Wdf01000 - ok
20:24:46.0951 2116 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:24:46.0951 2116 WdiServiceHost - ok
20:24:46.0951 2116 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:24:46.0961 2116 WdiSystemHost - ok
20:24:46.0981 2116 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
20:24:46.0991 2116 WebClient - ok
20:24:47.0011 2116 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:24:47.0021 2116 Wecsvc - ok
20:24:47.0041 2116 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:24:47.0041 2116 wercplsupport - ok
20:24:47.0061 2116 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:24:47.0071 2116 WerSvc - ok
20:24:47.0081 2116 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:47.0081 2116 WfpLwf - ok
20:24:47.0091 2116 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:24:47.0101 2116 WIMMount - ok
20:24:47.0111 2116 WinDefend - ok
20:24:47.0121 2116 WinHttpAutoProxySvc - ok
20:24:47.0161 2116 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:24:47.0171 2116 Winmgmt - ok
20:24:47.0241 2116 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
20:24:47.0271 2116 WinRM - ok
20:24:47.0301 2116 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:24:47.0301 2116 WinUsb - ok
20:24:47.0331 2116 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:24:47.0341 2116 Wlansvc - ok
20:24:47.0341 2116 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:24:47.0341 2116 WmiAcpi - ok
20:24:47.0371 2116 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:24:47.0371 2116 wmiApSrv - ok
20:24:47.0381 2116 WMPNetworkSvc - ok
20:24:47.0391 2116 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:24:47.0391 2116 WPCSvc - ok
20:24:47.0401 2116 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:24:47.0401 2116 WPDBusEnum - ok
20:24:47.0411 2116 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:24:47.0411 2116 ws2ifsl - ok
20:24:47.0451 2116 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:24:47.0451 2116 wscsvc - ok
20:24:47.0461 2116 WSearch - ok
20:24:47.0601 2116 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:24:47.0631 2116 wuauserv - ok
20:24:47.0651 2116 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:24:47.0651 2116 WudfPf - ok
20:24:47.0681 2116 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:47.0681 2116 WUDFRd - ok
20:24:47.0691 2116 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:24:47.0691 2116 wudfsvc - ok
20:24:47.0711 2116 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:24:47.0711 2116 WwanSvc - ok
20:24:47.0741 2116 ================ Scan global ===============================
20:24:47.0761 2116 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:24:47.0801 2116 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:24:47.0811 2116 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:24:47.0821 2116 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:24:47.0851 2116 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:24:47.0851 2116 [Global] - ok
20:24:47.0851 2116 ================ Scan MBR ==================================
20:24:47.0891 2116 [ 0F84F2562620C40D8A3E1908C8075675 ] \Device\Harddisk0\DR0
20:24:47.0891 2116 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:24:47.0951 2116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:24:47.0951 2116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:24:47.0951 2116 ================ Scan VBR ==================================
20:24:47.0951 2116 [ B500B05005FFF3872CC13A7D176C531B ] \Device\Harddisk0\DR0\Partition1
20:24:47.0971 2116 \Device\Harddisk0\DR0\Partition1 - ok
20:24:47.0991 2116 [ 359DFC2FEAD303787C79170B040CE9DD ] \Device\Harddisk0\DR0\Partition2
20:24:48.0011 2116 \Device\Harddisk0\DR0\Partition2 - ok
20:24:48.0011 2116 [ 1DCD00F7961C9059EFBD44E74902AD78 ] \Device\Harddisk0\DR0\Partition3
20:24:48.0011 2116 \Device\Harddisk0\DR0\Partition3 - ok
20:24:48.0011 2116 ============================================================
20:24:48.0011 2116 Scan finished
20:24:48.0011 2116 ============================================================
20:24:48.0021 4660 Detected object count: 1
20:24:48.0021 4660 Actual detected object count: 1
20:24:51.0861 4660 \Device\Harddisk0\DR0\# - copied to quarantine
20:24:51.0861 4660 \Device\Harddisk0\DR0 - copied to quarantine
20:24:51.0881 4660 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:24:51.0891 4660 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:24:51.0901 4660 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:24:51.0901 4660 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:24:51.0981 4660 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:24:52.0191 4660 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:24:52.0201 4660 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:24:52.0201 4660 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:24:52.0211 4660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:24:52.0211 4660 \Device\Harddisk0\DR0 - ok
20:24:57.0761 4660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:25:07.0181 6440 Deinitialize success
 
20:26:44.0619 2152 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:26:46.0619 2152 ============================================================
20:26:46.0619 2152 Current date / time: 2012/10/09 20:26:46.0619
20:26:46.0619 2152 SystemInfo:
20:26:46.0619 2152
20:26:46.0619 2152 OS Version: 6.1.7600 ServicePack: 0.0
20:26:46.0619 2152 Product type: Workstation
20:26:46.0619 2152 ComputerName: LINDSAY-PC
20:26:46.0619 2152 UserName: Admin
20:26:46.0619 2152 Windows directory: C:\Windows
20:26:46.0619 2152 System windows directory: C:\Windows
20:26:46.0619 2152 Running under WOW64
20:26:46.0619 2152 Processor architecture: Intel x64
20:26:46.0619 2152 Number of processors: 4
20:26:46.0619 2152 Page size: 0x1000
20:26:46.0619 2152 Boot type: Normal boot
20:26:46.0619 2152 ============================================================
20:26:48.0851 2152 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:26:48.0851 2152 ============================================================
20:26:48.0851 2152 \Device\Harddisk0\DR0:
20:26:48.0851 2152 MBR partitions:
20:26:48.0851 2152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:26:48.0851 2152 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
20:26:48.0851 2152 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
20:26:48.0851 2152 ============================================================
20:26:48.0898 2152 C: <-> \Device\Harddisk0\DR0\Partition3
20:26:49.0007 2152 D: <-> \Device\Harddisk0\DR0\Partition2
20:26:49.0007 2152 ============================================================
20:26:49.0007 2152 Initialize success
20:26:49.0007 2152 ============================================================
 
Same ads after running tdskiller. Same error message. I never had these audio ads in the background before yesterday.
 
20:45:15.0000 4936 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:45:17.0012 4936 ============================================================
20:45:17.0012 4936 Current date / time: 2012/10/09 20:45:17.0012
20:45:17.0012 4936 SystemInfo:
20:45:17.0012 4936
20:45:17.0012 4936 OS Version: 6.1.7600 ServicePack: 0.0
20:45:17.0012 4936 Product type: Workstation
20:45:17.0012 4936 ComputerName: LINDSAY-PC
20:45:17.0012 4936 UserName: Admin
20:45:17.0012 4936 Windows directory: C:\Windows
20:45:17.0012 4936 System windows directory: C:\Windows
20:45:17.0012 4936 Running under WOW64
20:45:17.0012 4936 Processor architecture: Intel x64
20:45:17.0012 4936 Number of processors: 4
20:45:17.0012 4936 Page size: 0x1000
20:45:17.0012 4936 Boot type: Normal boot
20:45:17.0012 4936 ============================================================
20:45:17.0792 4936 BG loaded
20:45:17.0964 4936 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:45:17.0964 4936 ============================================================
20:45:17.0964 4936 \Device\Harddisk0\DR0:
20:45:17.0964 4936 MBR partitions:
20:45:17.0964 4936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:45:17.0964 4936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
20:45:17.0964 4936 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
20:45:17.0964 4936 ============================================================
20:45:18.0011 4936 C: <-> \Device\Harddisk0\DR0\Partition3
20:45:18.0058 4936 D: <-> \Device\Harddisk0\DR0\Partition2
20:45:18.0058 4936 ============================================================
20:45:18.0058 4936 Initialize success
20:45:18.0058 4936 ============================================================
20:46:26.0150 4872 ============================================================
20:46:26.0150 4872 Scan started
20:46:26.0150 4872 Mode: Manual;
20:46:26.0150 4872 ============================================================
20:46:27.0242 4872 ================ Scan system memory ========================
20:46:27.0242 4872 System memory - ok
20:46:27.0242 4872 ================ Scan services =============================
20:46:27.0305 4872 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:46:27.0305 4872 !SASCORE - ok
20:46:27.0445 4872 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:46:27.0445 4872 1394ohci - ok
20:46:27.0476 4872 [ F146E2BA475893DD77B2370DC1211FC6 ] 26916800 C:\Windows\system32\drivers\01598415.sys
20:46:27.0476 4872 26916800 - ok
20:46:27.0507 4872 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:46:27.0507 4872 ACPI - ok
20:46:27.0539 4872 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:46:27.0539 4872 AcpiPmi - ok
20:46:27.0648 4872 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:46:27.0648 4872 AdobeFlashPlayerUpdateSvc - ok
20:46:27.0663 4872 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:46:27.0679 4872 adp94xx - ok
20:46:27.0695 4872 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:46:27.0695 4872 adpahci - ok
20:46:27.0710 4872 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:46:27.0710 4872 adpu320 - ok
20:46:27.0726 4872 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:46:27.0741 4872 AeLookupSvc - ok
20:46:27.0773 4872 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
20:46:27.0773 4872 AFD - ok
20:46:27.0788 4872 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:46:27.0788 4872 agp440 - ok
20:46:27.0819 4872 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:46:27.0819 4872 ALG - ok
20:46:27.0819 4872 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:46:27.0819 4872 aliide - ok
20:46:27.0835 4872 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:46:27.0835 4872 amdide - ok
20:46:27.0851 4872 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:46:27.0851 4872 AmdK8 - ok
20:46:27.0882 4872 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:46:27.0882 4872 AmdPPM - ok
20:46:27.0897 4872 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
20:46:27.0897 4872 amdsata - ok
20:46:27.0913 4872 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:46:27.0913 4872 amdsbs - ok
20:46:27.0929 4872 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
20:46:27.0929 4872 amdxata - ok
20:46:27.0944 4872 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:46:27.0944 4872 AppID - ok
20:46:27.0975 4872 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:46:27.0975 4872 AppIDSvc - ok
20:46:28.0007 4872 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
20:46:28.0007 4872 Appinfo - ok
20:46:28.0100 4872 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:28.0100 4872 Apple Mobile Device - ok
20:46:28.0131 4872 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:46:28.0131 4872 AppMgmt - ok
20:46:28.0147 4872 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:46:28.0147 4872 arc - ok
20:46:28.0163 4872 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:46:28.0163 4872 arcsas - ok
20:46:28.0194 4872 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:28.0194 4872 AsyncMac - ok
20:46:28.0194 4872 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:46:28.0194 4872 atapi - ok
20:46:28.0287 4872 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:46:28.0303 4872 atikmdag - ok
20:46:28.0350 4872 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:46:28.0350 4872 AudioEndpointBuilder - ok
20:46:28.0381 4872 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:46:28.0381 4872 AudioSrv - ok
20:46:28.0428 4872 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:46:28.0428 4872 AxInstSV - ok
20:46:28.0459 4872 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:46:28.0459 4872 b06bdrv - ok
20:46:28.0475 4872 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:46:28.0475 4872 b57nd60a - ok
20:46:28.0490 4872 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:46:28.0506 4872 BDESVC - ok
20:46:28.0506 4872 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:46:28.0521 4872 Beep - ok
20:46:28.0537 4872 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
20:46:28.0553 4872 BFE - ok
20:46:28.0584 4872 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
20:46:28.0599 4872 BITS - ok
20:46:28.0631 4872 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:28.0646 4872 blbdrive - ok
20:46:28.0724 4872 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:46:28.0724 4872 Bonjour Service - ok
20:46:28.0787 4872 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:46:28.0787 4872 bowser - ok
20:46:28.0787 4872 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:46:28.0787 4872 BrFiltLo - ok
20:46:28.0802 4872 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:46:28.0802 4872 BrFiltUp - ok
20:46:28.0818 4872 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:46:28.0818 4872 BridgeMP - ok
20:46:28.0833 4872 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
20:46:28.0833 4872 Browser - ok
20:46:28.0849 4872 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:46:28.0849 4872 Brserid - ok
20:46:28.0865 4872 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:28.0865 4872 BrSerWdm - ok
20:46:28.0880 4872 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:28.0880 4872 BrUsbMdm - ok
20:46:28.0880 4872 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:28.0880 4872 BrUsbSer - ok
20:46:28.0896 4872 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:46:28.0896 4872 BTHMODEM - ok
20:46:28.0911 4872 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:46:28.0911 4872 bthserv - ok
20:46:28.0927 4872 catchme - ok
20:46:28.0958 4872 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:46:28.0958 4872 cdfs - ok
20:46:28.0989 4872 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:46:28.0989 4872 cdrom - ok
20:46:29.0005 4872 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
20:46:29.0005 4872 CertPropSvc - ok
20:46:29.0036 4872 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:46:29.0036 4872 circlass - ok
20:46:29.0052 4872 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:46:29.0052 4872 CLFS - ok
20:46:29.0114 4872 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:29.0114 4872 clr_optimization_v2.0.50727_32 - ok
20:46:29.0161 4872 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:46:29.0161 4872 clr_optimization_v2.0.50727_64 - ok
20:46:29.0177 4872 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:46:29.0177 4872 CmBatt - ok
20:46:29.0177 4872 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:46:29.0177 4872 cmdide - ok
20:46:29.0223 4872 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
20:46:29.0223 4872 CNG - ok
20:46:29.0270 4872 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:46:29.0270 4872 Compbatt - ok
20:46:29.0301 4872 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:46:29.0301 4872 CompositeBus - ok
20:46:29.0348 4872 COMSysApp - ok
20:46:29.0411 4872 [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134 C:\Windows\system32\drivers\cpuz134_x64.sys
20:46:29.0411 4872 cpuz134 - ok
20:46:29.0442 4872 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:46:29.0442 4872 crcdisk - ok
20:46:29.0551 4872 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:46:29.0551 4872 CryptSvc - ok
20:46:29.0691 4872 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
20:46:29.0691 4872 CSC - ok
20:46:29.0863 4872 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
20:46:29.0863 4872 CscService - ok
20:46:29.0988 4872 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:46:30.0003 4872 DcomLaunch - ok
20:46:30.0081 4872 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:46:30.0081 4872 defragsvc - ok
20:46:30.0097 4872 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:46:30.0097 4872 DfsC - ok
20:46:30.0144 4872 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
20:46:30.0144 4872 Dhcp - ok
20:46:30.0159 4872 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:46:30.0159 4872 discache - ok
20:46:30.0191 4872 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:46:30.0191 4872 Disk - ok
20:46:30.0206 4872 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:46:30.0206 4872 Dnscache - ok
20:46:30.0222 4872 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
20:46:30.0222 4872 dot3svc - ok
20:46:30.0269 4872 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
20:46:30.0269 4872 DPS - ok
20:46:30.0331 4872 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:46:30.0331 4872 drmkaud - ok
20:46:30.0378 4872 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:46:30.0378 4872 DXGKrnl - ok
20:46:30.0518 4872 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:46:30.0518 4872 EapHost - ok
20:46:30.0627 4872 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:46:30.0643 4872 ebdrv - ok
20:46:30.0674 4872 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
20:46:30.0674 4872 EFS - ok
20:46:30.0721 4872 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:46:30.0721 4872 ehRecvr - ok
20:46:30.0768 4872 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:46:30.0768 4872 ehSched - ok
20:46:30.0815 4872 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:46:30.0815 4872 elxstor - ok
20:46:30.0893 4872 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
20:46:30.0893 4872 EPSON_EB_RPCV4_01 - ok
20:46:30.0924 4872 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
20:46:30.0924 4872 EPSON_PM_RPCV4_01 - ok
20:46:30.0939 4872 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:46:30.0939 4872 ErrDev - ok
20:46:30.0971 4872 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:46:30.0971 4872 EventSystem - ok
20:46:31.0002 4872 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:46:31.0002 4872 exfat - ok
20:46:31.0017 4872 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:46:31.0017 4872 fastfat - ok
20:46:31.0064 4872 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
20:46:31.0064 4872 Fax - ok
20:46:31.0080 4872 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:46:31.0080 4872 fdc - ok
20:46:31.0095 4872 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:46:31.0095 4872 fdPHost - ok
20:46:31.0095 4872 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:46:31.0095 4872 FDResPub - ok
20:46:31.0111 4872 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:46:31.0111 4872 FileInfo - ok
20:46:31.0127 4872 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:46:31.0127 4872 Filetrace - ok
20:46:31.0173 4872 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:46:31.0189 4872 FLEXnet Licensing Service - ok
20:46:31.0189 4872 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:46:31.0189 4872 flpydisk - ok
20:46:31.0205 4872 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:46:31.0205 4872 FltMgr - ok
20:46:31.0236 4872 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
20:46:31.0251 4872 FontCache - ok
20:46:31.0298 4872 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:46:31.0298 4872 FontCache3.0.0.0 - ok
20:46:31.0329 4872 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:46:31.0329 4872 FsDepends - ok
20:46:31.0345 4872 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:46:31.0345 4872 Fs_Rec - ok
20:46:31.0361 4872 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:46:31.0361 4872 fvevol - ok
20:46:31.0376 4872 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:46:31.0376 4872 gagp30kx - ok
20:46:31.0392 4872 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:31.0392 4872 GEARAspiWDM - ok
20:46:31.0423 4872 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
20:46:31.0423 4872 gpsvc - ok
20:46:31.0439 4872 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:46:31.0439 4872 hcw85cir - ok
20:46:31.0470 4872 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:46:31.0470 4872 HdAudAddService - ok
20:46:31.0517 4872 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:46:31.0532 4872 HDAudBus - ok
20:46:31.0532 4872 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:46:31.0532 4872 HidBatt - ok
20:46:31.0548 4872 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:46:31.0548 4872 HidBth - ok
20:46:31.0563 4872 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:46:31.0563 4872 HidIr - ok
20:46:31.0579 4872 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:46:31.0579 4872 hidserv - ok
20:46:31.0610 4872 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:46:31.0610 4872 HidUsb - ok
20:46:31.0641 4872 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:46:31.0641 4872 hkmsvc - ok
20:46:31.0657 4872 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:46:31.0657 4872 HomeGroupListener - ok
20:46:31.0688 4872 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:46:31.0688 4872 HomeGroupProvider - ok
20:46:31.0704 4872 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:46:31.0704 4872 HpSAMD - ok
20:46:31.0735 4872 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:46:31.0735 4872 HTTP - ok
20:46:31.0751 4872 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:46:31.0751 4872 hwpolicy - ok
20:46:31.0782 4872 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:46:31.0782 4872 i8042prt - ok
20:46:31.0797 4872 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
20:46:31.0797 4872 iaStorV - ok
20:46:31.0875 4872 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:46:31.0875 4872 IDriverT - ok
20:46:31.0907 4872 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:46:31.0922 4872 idsvc - ok
20:46:31.0922 4872 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:46:31.0922 4872 iirsp - ok
20:46:31.0953 4872 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
20:46:31.0969 4872 IKEEXT - ok
20:46:31.0969 4872 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:46:31.0969 4872 intelide - ok
20:46:31.0969 4872 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:46:31.0985 4872 intelppm - ok
20:46:31.0985 4872 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:46:31.0985 4872 IPBusEnum - ok
20:46:32.0016 4872 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:32.0016 4872 IpFilterDriver - ok
20:46:32.0047 4872 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:46:32.0047 4872 iphlpsvc - ok
20:46:32.0063 4872 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:46:32.0063 4872 IPMIDRV - ok
20:46:32.0078 4872 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:46:32.0078 4872 IPNAT - ok
20:46:32.0141 4872 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:46:32.0141 4872 iPod Service - ok
20:46:32.0156 4872 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:46:32.0156 4872 IRENUM - ok
20:46:32.0172 4872 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:46:32.0172 4872 isapnp - ok
20:46:32.0187 4872 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:46:32.0187 4872 iScsiPrt - ok
20:46:32.0203 4872 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:32.0203 4872 kbdclass - ok
20:46:32.0234 4872 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:32.0234 4872 kbdhid - ok
20:46:32.0250 4872 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
20:46:32.0250 4872 KeyIso - ok
20:46:32.0265 4872 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:46:32.0265 4872 KSecDD - ok
20:46:32.0328 4872 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:46:32.0328 4872 KSecPkg - ok
20:46:32.0343 4872 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:46:32.0343 4872 ksthunk - ok
20:46:32.0437 4872 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:46:32.0531 4872 KtmRm - ok
20:46:32.0593 4872 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
20:46:32.0593 4872 L1E - ok
20:46:32.0624 4872 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:46:32.0624 4872 LanmanServer - ok
20:46:32.0655 4872 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:46:32.0655 4872 LanmanWorkstation - ok
20:46:32.0687 4872 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:46:32.0687 4872 lltdio - ok
20:46:32.0733 4872 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:46:32.0733 4872 lltdsvc - ok
20:46:32.0749 4872 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:46:32.0749 4872 lmhosts - ok
20:46:32.0780 4872 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:46:32.0780 4872 LSI_FC - ok
20:46:32.0796 4872 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:46:32.0796 4872 LSI_SAS - ok
20:46:32.0796 4872 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:46:32.0796 4872 LSI_SAS2 - ok
20:46:32.0796 4872 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:46:32.0796 4872 LSI_SCSI - ok
20:46:32.0811 4872 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:46:32.0811 4872 luafv - ok
20:46:32.0827 4872 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:46:32.0827 4872 MBAMProtector - ok
20:46:32.0874 4872 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:46:32.0874 4872 MBAMScheduler - ok
20:46:32.0889 4872 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:46:32.0905 4872 MBAMService - ok
20:46:32.0921 4872 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:46:32.0921 4872 Mcx2Svc - ok
20:46:32.0936 4872 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:46:32.0936 4872 megasas - ok
20:46:32.0952 4872 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:46:32.0952 4872 MegaSR - ok
20:46:32.0999 4872 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:46:32.0999 4872 Microsoft Office Groove Audit Service - ok
20:46:33.0014 4872 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:46:33.0014 4872 MMCSS - ok
20:46:33.0030 4872 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:46:33.0030 4872 Modem - ok
20:46:33.0061 4872 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:46:33.0061 4872 monitor - ok
20:46:33.0077 4872 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:46:33.0077 4872 mouclass - ok
20:46:33.0077 4872 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:46:33.0077 4872 mouhid - ok
20:46:33.0092 4872 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:46:33.0092 4872 mountmgr - ok
20:46:33.0139 4872 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:46:33.0139 4872 MozillaMaintenance - ok
20:46:33.0155 4872 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:46:33.0155 4872 mpio - ok
20:46:33.0170 4872 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:46:33.0170 4872 mpsdrv - ok
20:46:33.0201 4872 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:46:33.0201 4872 MpsSvc - ok
20:46:33.0233 4872 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
20:46:33.0233 4872 MQAC - ok
20:46:33.0248 4872 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:46:33.0248 4872 MRxDAV - ok
 
20:46:33.0264 4872 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:46:33.0264 4872 mrxsmb - ok
20:46:33.0295 4872 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:46:33.0295 4872 mrxsmb10 - ok
20:46:33.0311 4872 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:46:33.0311 4872 mrxsmb20 - ok
20:46:33.0326 4872 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:46:33.0326 4872 msahci - ok
20:46:33.0342 4872 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:46:33.0357 4872 msdsm - ok
20:46:33.0357 4872 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:46:33.0373 4872 MSDTC - ok
20:46:33.0389 4872 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:46:33.0389 4872 Msfs - ok
20:46:33.0404 4872 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:46:33.0404 4872 mshidkmdf - ok
20:46:33.0404 4872 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:46:33.0404 4872 msisadrv - ok
20:46:33.0435 4872 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:46:33.0435 4872 MSiSCSI - ok
20:46:33.0435 4872 msiserver - ok
20:46:33.0467 4872 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:46:33.0467 4872 MSKSSRV - ok
20:46:33.0482 4872 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
20:46:33.0482 4872 MSMQ - ok
20:46:33.0498 4872 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:46:33.0498 4872 MSPCLOCK - ok
20:46:33.0498 4872 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:46:33.0498 4872 MSPQM - ok
20:46:33.0529 4872 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:46:33.0529 4872 MsRPC - ok
20:46:33.0545 4872 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:46:33.0545 4872 mssmbios - ok
20:46:33.0607 4872 MSSQL$SOPHOS - ok
20:46:33.0669 4872 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:46:33.0669 4872 MSSQLServerADHelper100 - ok
20:46:33.0669 4872 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:46:33.0669 4872 MSTEE - ok
20:46:33.0685 4872 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:46:33.0685 4872 MTConfig - ok
20:46:33.0716 4872 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:46:33.0716 4872 Mup - ok
20:46:33.0747 4872 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
20:46:33.0747 4872 napagent - ok
20:46:33.0794 4872 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:46:33.0794 4872 NativeWifiP - ok
20:46:33.0825 4872 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:46:33.0841 4872 NDIS - ok
20:46:33.0841 4872 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:46:33.0841 4872 NdisCap - ok
20:46:33.0888 4872 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:46:33.0888 4872 NdisTapi - ok
20:46:33.0903 4872 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:46:33.0903 4872 Ndisuio - ok
20:46:33.0919 4872 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:46:33.0919 4872 NdisWan - ok
20:46:33.0935 4872 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:46:33.0935 4872 NDProxy - ok
20:46:33.0950 4872 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:46:33.0950 4872 NetBIOS - ok
20:46:33.0966 4872 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:46:33.0966 4872 NetBT - ok
20:46:33.0981 4872 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
20:46:33.0981 4872 Netlogon - ok
20:46:33.0981 4872 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:46:33.0981 4872 Netman - ok
20:46:34.0013 4872 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:46:34.0013 4872 netprofm - ok
20:46:34.0028 4872 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:46:34.0028 4872 NetTcpPortSharing - ok
20:46:34.0044 4872 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:46:34.0044 4872 nfrd960 - ok
20:46:34.0059 4872 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:46:34.0059 4872 NlaSvc - ok
20:46:34.0075 4872 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:46:34.0075 4872 Npfs - ok
20:46:34.0075 4872 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:46:34.0075 4872 nsi - ok
20:46:34.0091 4872 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:46:34.0091 4872 nsiproxy - ok
20:46:34.0122 4872 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:46:34.0137 4872 Ntfs - ok
20:46:34.0153 4872 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:46:34.0153 4872 Null - ok
20:46:34.0200 4872 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
20:46:34.0200 4872 nvraid - ok
20:46:34.0215 4872 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
20:46:34.0215 4872 nvstor - ok
20:46:34.0231 4872 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:46:34.0231 4872 nv_agp - ok
20:46:34.0293 4872 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:46:34.0309 4872 odserv - ok
20:46:34.0325 4872 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:46:34.0325 4872 ohci1394 - ok
20:46:34.0356 4872 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:34.0356 4872 ose - ok
20:46:34.0387 4872 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:46:34.0387 4872 p2pimsvc - ok
20:46:34.0418 4872 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:46:34.0418 4872 p2psvc - ok
20:46:34.0434 4872 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:46:34.0434 4872 Parport - ok
20:46:34.0449 4872 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:46:34.0449 4872 partmgr - ok
20:46:34.0465 4872 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:46:34.0465 4872 PcaSvc - ok
20:46:34.0496 4872 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
20:46:34.0496 4872 pci - ok
20:46:34.0512 4872 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:46:34.0512 4872 pciide - ok
20:46:34.0527 4872 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:46:34.0527 4872 pcmcia - ok
20:46:34.0543 4872 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:46:34.0543 4872 pcw - ok
20:46:34.0559 4872 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:46:34.0559 4872 PEAUTH - ok
20:46:34.0621 4872 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:46:34.0637 4872 PeerDistSvc - ok
20:46:34.0715 4872 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:46:34.0730 4872 PerfHost - ok
20:46:34.0761 4872 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
20:46:34.0777 4872 pla - ok
20:46:34.0808 4872 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:46:34.0808 4872 PlugPlay - ok
20:46:34.0824 4872 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:46:34.0824 4872 PNRPAutoReg - ok
20:46:34.0839 4872 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:46:34.0839 4872 PNRPsvc - ok
20:46:34.0871 4872 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:46:34.0871 4872 PolicyAgent - ok
20:46:34.0949 4872 postgresql-8.4 - ok
20:46:34.0980 4872 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:46:34.0980 4872 Power - ok
20:46:34.0995 4872 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:46:34.0995 4872 PptpMiniport - ok
20:46:35.0011 4872 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:46:35.0011 4872 Processor - ok
20:46:35.0027 4872 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
20:46:35.0027 4872 ProfSvc - ok
20:46:35.0042 4872 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:46:35.0042 4872 ProtectedStorage - ok
20:46:35.0073 4872 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:46:35.0073 4872 Psched - ok
20:46:35.0120 4872 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:46:35.0136 4872 ql2300 - ok
20:46:35.0136 4872 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:46:35.0136 4872 ql40xx - ok
20:46:35.0151 4872 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:46:35.0151 4872 QWAVE - ok
20:46:35.0167 4872 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:46:35.0167 4872 QWAVEdrv - ok
20:46:35.0183 4872 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:46:35.0183 4872 RasAcd - ok
20:46:35.0214 4872 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:46:35.0214 4872 RasAgileVpn - ok
20:46:35.0214 4872 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:46:35.0229 4872 RasAuto - ok
20:46:35.0229 4872 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:46:35.0229 4872 Rasl2tp - ok
20:46:35.0245 4872 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
20:46:35.0245 4872 RasMan - ok
20:46:35.0261 4872 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:46:35.0261 4872 RasPppoe - ok
20:46:35.0292 4872 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:46:35.0292 4872 RasSstp - ok
20:46:35.0323 4872 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:46:35.0323 4872 rdbss - ok
20:46:35.0323 4872 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:46:35.0323 4872 rdpbus - ok
20:46:35.0339 4872 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:46:35.0339 4872 RDPCDD - ok
20:46:35.0354 4872 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:46:35.0354 4872 RDPDR - ok
20:46:35.0385 4872 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:46:35.0385 4872 RDPENCDD - ok
20:46:35.0401 4872 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:46:35.0401 4872 RDPREFMP - ok
20:46:35.0417 4872 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:46:35.0432 4872 RDPWD - ok
20:46:35.0448 4872 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:46:35.0448 4872 rdyboost - ok
20:46:35.0495 4872 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
20:46:35.0495 4872 Realtek11nSU - ok
20:46:35.0526 4872 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:46:35.0526 4872 RemoteAccess - ok
20:46:35.0541 4872 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:46:35.0557 4872 RemoteRegistry - ok
20:46:35.0557 4872 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:46:35.0557 4872 RpcEptMapper - ok
20:46:35.0588 4872 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:46:35.0588 4872 RpcLocator - ok
20:46:35.0651 4872 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
20:46:35.0651 4872 RpcSs - ok
20:46:35.0682 4872 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
20:46:35.0682 4872 RsFx0103 - ok
20:46:35.0697 4872 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:46:35.0713 4872 rspndr - ok
20:46:35.0729 4872 [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
20:46:35.0729 4872 RTL8192su - ok
20:46:35.0760 4872 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
20:46:35.0760 4872 s3cap - ok
20:46:35.0760 4872 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
20:46:35.0760 4872 SamSs - ok
20:46:35.0822 4872 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:46:35.0822 4872 SASDIFSV - ok
20:46:35.0853 4872 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:46:35.0853 4872 SASKUTIL - ok
20:46:35.0869 4872 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:46:35.0869 4872 sbp2port - ok
20:46:35.0900 4872 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:46:35.0900 4872 SCardSvr - ok
20:46:35.0931 4872 [ 4B12E2E559641B0F26474BBC6D7CFAFF ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
20:46:35.0931 4872 SCDEmu - ok
20:46:35.0947 4872 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:46:35.0947 4872 scfilter - ok
20:46:35.0978 4872 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
20:46:35.0994 4872 Schedule - ok
20:46:36.0041 4872 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:46:36.0041 4872 SCPolicySvc - ok
20:46:36.0041 4872 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:46:36.0041 4872 SDRSVC - ok
20:46:36.0056 4872 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:46:36.0056 4872 secdrv - ok
20:46:36.0072 4872 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
20:46:36.0072 4872 seclogon - ok
20:46:36.0072 4872 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:46:36.0072 4872 SENS - ok
20:46:36.0087 4872 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:46:36.0087 4872 SensrSvc - ok
20:46:36.0087 4872 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:46:36.0087 4872 Serenum - ok
20:46:36.0103 4872 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:46:36.0103 4872 Serial - ok
20:46:36.0134 4872 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:46:36.0134 4872 sermouse - ok
20:46:36.0150 4872 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
20:46:36.0150 4872 SessionEnv - ok
20:46:36.0165 4872 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:46:36.0181 4872 sffdisk - ok
20:46:36.0181 4872 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:46:36.0181 4872 sffp_mmc - ok
20:46:36.0197 4872 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:46:36.0197 4872 sffp_sd - ok
20:46:36.0197 4872 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:46:36.0197 4872 sfloppy - ok
20:46:36.0243 4872 [ 41264E06A5CB8FF21D4D2FC59CFEE8EC ] SGNBusinessLogicService C:\Program Files (x86)\Sophos\Encryption\BLService.exe
20:46:36.0243 4872 SGNBusinessLogicService - ok
20:46:36.0243 4872 SGN_LogSystem - ok
20:46:36.0290 4872 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:46:36.0290 4872 SharedAccess - ok
20:46:36.0306 4872 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:46:36.0306 4872 ShellHWDetection - ok
20:46:36.0321 4872 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:46:36.0321 4872 SiSRaid2 - ok
20:46:36.0337 4872 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:46:36.0337 4872 SiSRaid4 - ok
20:46:36.0353 4872 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:46:36.0353 4872 Smb - ok
20:46:36.0368 4872 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:46:36.0368 4872 SNMPTRAP - ok
20:46:36.0415 4872 [ 1DD15CBAE4AA7B2F5166D0C2700AEF94 ] Sophos Agent C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
20:46:36.0415 4872 Sophos Agent - ok
20:46:36.0431 4872 [ F55A42C8A2FA52B2EFAB477C015AD24E ] Sophos Certification Manager C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
20:46:36.0431 4872 Sophos Certification Manager - ok
20:46:36.0524 4872 [ AB6E2BF3AD49DDB152A53201DFF42483 ] Sophos Management Service C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
20:46:36.0555 4872 Sophos Management Service - ok
20:46:36.0602 4872 [ 65F816D7534D25623DA909911FF7E7D8 ] Sophos Message Router C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
20:46:36.0602 4872 Sophos Message Router - ok
20:46:36.0633 4872 [ 1BE9D02F57AB179C2FB900E3B3938F41 ] SophosManagementHostService C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe
20:46:36.0633 4872 SophosManagementHostService - ok
20:46:36.0680 4872 [ D0BC85E0D204E42EE54867A8E6EFE7A6 ] SophosPatchEndpointCommunicator C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe
20:46:36.0680 4872 SophosPatchEndpointCommunicator - ok
20:46:36.0711 4872 [ AA87E68657D0AD06C5922A01D01B47FB ] SophosPatchOrchestratorService C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe
20:46:36.0711 4872 SophosPatchOrchestratorService - ok
20:46:36.0727 4872 [ C5816593AC80CA028EBD8A481E70B8DB ] SophosPatchServerCommunicator C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe
20:46:36.0727 4872 SophosPatchServerCommunicator - ok
20:46:36.0743 4872 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:46:36.0743 4872 spldr - ok
20:46:36.0774 4872 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
20:46:36.0774 4872 Spooler - ok
20:46:36.0852 4872 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
20:46:36.0867 4872 sppsvc - ok
20:46:36.0899 4872 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:46:36.0914 4872 sppuinotify - ok
20:46:36.0961 4872 [ A5609D0178B2FEC118A7F4A24ECD1BFB ] SQLAgent$SOPHOS c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE
20:46:36.0977 4872 SQLAgent$SOPHOS - ok
20:46:37.0023 4872 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:46:37.0023 4872 SQLBrowser - ok
20:46:37.0039 4872 [ C298D989D717CB153702E397B6D9AAAD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:46:37.0039 4872 SQLWriter - ok
20:46:37.0070 4872 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:46:37.0070 4872 srv - ok
20:46:37.0086 4872 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:46:37.0086 4872 srv2 - ok
20:46:37.0117 4872 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:46:37.0117 4872 srvnet - ok
20:46:37.0133 4872 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:46:37.0133 4872 SSDPSRV - ok
20:46:37.0148 4872 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:46:37.0148 4872 SstpSvc - ok
20:46:37.0179 4872 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:46:37.0179 4872 stexstor - ok
20:46:37.0195 4872 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
20:46:37.0211 4872 stisvc - ok
20:46:37.0211 4872 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
20:46:37.0211 4872 storflt - ok
20:46:37.0226 4872 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
20:46:37.0226 4872 storvsc - ok
20:46:37.0242 4872 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:46:37.0242 4872 swenum - ok
20:46:37.0257 4872 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:46:37.0257 4872 swprv - ok
20:46:37.0304 4872 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
20:46:37.0304 4872 SysMain - ok
20:46:37.0335 4872 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:46:37.0335 4872 TabletInputService - ok
20:46:37.0351 4872 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:46:37.0351 4872 TapiSrv - ok
20:46:37.0367 4872 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:46:37.0367 4872 TBS - ok
20:46:37.0429 4872 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:46:37.0429 4872 Tcpip - ok
20:46:37.0476 4872 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:46:37.0491 4872 TCPIP6 - ok
20:46:37.0507 4872 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:46:37.0507 4872 tcpipreg - ok
20:46:37.0523 4872 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:46:37.0523 4872 TDPIPE - ok
20:46:37.0554 4872 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:46:37.0554 4872 TDTCP - ok
20:46:37.0569 4872 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:46:37.0569 4872 tdx - ok
20:46:37.0585 4872 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:46:37.0585 4872 TermDD - ok
20:46:37.0601 4872 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
20:46:37.0616 4872 TermService - ok
20:46:37.0632 4872 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:46:37.0632 4872 Themes - ok
20:46:37.0647 4872 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:46:37.0647 4872 THREADORDER - ok
20:46:37.0679 4872 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:46:37.0694 4872 TrkWks - ok
20:46:37.0741 4872 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:46:37.0741 4872 TrustedInstaller - ok
20:46:37.0741 4872 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:46:37.0757 4872 tssecsrv - ok
20:46:37.0757 4872 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:46:37.0757 4872 tunnel - ok
20:46:37.0788 4872 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:46:37.0788 4872 uagp35 - ok
20:46:37.0803 4872 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:46:37.0803 4872 udfs - ok
20:46:37.0819 4872 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:46:37.0835 4872 UI0Detect - ok
20:46:37.0835 4872 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:46:37.0835 4872 uliagpkx - ok
20:46:37.0850 4872 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:46:37.0850 4872 umbus - ok
20:46:37.0866 4872 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:46:37.0866 4872 UmPass - ok
20:46:37.0881 4872 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
20:46:37.0881 4872 UmRdpService - ok
20:46:37.0897 4872 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:46:37.0897 4872 upnphost - ok
20:46:37.0928 4872 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:46:37.0928 4872 USBAAPL64 - ok
20:46:37.0959 4872 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:46:37.0959 4872 usbaudio - ok
20:46:37.0975 4872 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:46:37.0975 4872 usbccgp - ok
20:46:37.0991 4872 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:46:37.0991 4872 usbcir - ok
20:46:38.0006 4872 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:46:38.0006 4872 usbehci - ok
20:46:38.0022 4872 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:46:38.0022 4872 usbhub - ok
20:46:38.0037 4872 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:46:38.0053 4872 usbohci - ok
20:46:38.0069 4872 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:46:38.0069 4872 usbprint - ok
20:46:38.0084 4872 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:46:38.0084 4872 usbscan - ok
20:46:38.0100 4872 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:46:38.0100 4872 USBSTOR - ok
20:46:38.0115 4872 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:46:38.0115 4872 usbuhci - ok
20:46:38.0147 4872 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:46:38.0147 4872 UxSms - ok
20:46:38.0162 4872 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
20:46:38.0162 4872 VaultSvc - ok
20:46:38.0162 4872 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:46:38.0162 4872 vdrvroot - ok
20:46:38.0193 4872 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
20:46:38.0193 4872 vds - ok
20:46:38.0209 4872 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:46:38.0209 4872 vga - ok
20:46:38.0225 4872 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:46:38.0225 4872 VgaSave - ok
20:46:38.0240 4872 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:46:38.0240 4872 vhdmp - ok
20:46:38.0256 4872 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:46:38.0256 4872 viaide - ok
20:46:38.0287 4872 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
20:46:38.0287 4872 vmbus - ok
20:46:38.0287 4872 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
20:46:38.0287 4872 VMBusHID - ok
20:46:38.0303 4872 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:46:38.0303 4872 volmgr - ok
20:46:38.0334 4872 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:46:38.0334 4872 volmgrx - ok
20:46:38.0349 4872 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:46:38.0349 4872 volsnap - ok
20:46:38.0365 4872 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:46:38.0365 4872 vsmraid - ok
20:46:38.0396 4872 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
20:46:38.0427 4872 VSS - ok
20:46:38.0427 4872 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:46:38.0427 4872 vwifibus - ok
20:46:38.0443 4872 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:46:38.0443 4872 vwififlt - ok
20:46:38.0459 4872 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:46:38.0459 4872 W32Time - ok
20:46:38.0474 4872 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:46:38.0474 4872 WacomPen - ok
20:46:38.0490 4872 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:46:38.0490 4872 WANARP - ok
20:46:38.0490 4872 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:46:38.0505 4872 Wanarpv6 - ok
20:46:38.0537 4872 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
20:46:38.0552 4872 wbengine - ok
20:46:38.0583 4872 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:46:38.0583 4872 WbioSrvc - ok
20:46:38.0599 4872 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:46:38.0615 4872 wcncsvc - ok
20:46:38.0646 4872 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:46:38.0646 4872 WcsPlugInService - ok
20:46:38.0677 4872 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:46:38.0677 4872 Wd - ok
20:46:38.0724 4872 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:46:38.0739 4872 Wdf01000 - ok
20:46:38.0755 4872 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:46:38.0755 4872 WdiServiceHost - ok
20:46:38.0755 4872 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:46:38.0771 4872 WdiSystemHost - ok
20:46:38.0771 4872 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
20:46:38.0786 4872 WebClient - ok
20:46:38.0786 4872 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:46:38.0786 4872 Wecsvc - ok
20:46:38.0817 4872 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:46:38.0817 4872 wercplsupport - ok
20:46:38.0849 4872 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:46:38.0849 4872 WerSvc - ok
20:46:38.0864 4872 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:46:38.0864 4872 WfpLwf - ok
20:46:38.0880 4872 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:46:38.0880 4872 WIMMount - ok
20:46:38.0895 4872 WinDefend - ok
20:46:38.0895 4872 WinHttpAutoProxySvc - ok
20:46:38.0942 4872 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:46:38.0958 4872 Winmgmt - ok
20:46:39.0005 4872 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
20:46:39.0020 4872 WinRM - ok
20:46:39.0067 4872 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:46:39.0067 4872 WinUsb - ok
20:46:39.0098 4872 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:46:39.0098 4872 Wlansvc - ok
20:46:39.0098 4872 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:46:39.0098 4872 WmiAcpi - ok
20:46:39.0114 4872 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:46:39.0114 4872 wmiApSrv - ok
20:46:39.0129 4872 WMPNetworkSvc - ok
20:46:39.0145 4872 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:46:39.0145 4872 WPCSvc - ok
20:46:39.0161 4872 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:46:39.0161 4872 WPDBusEnum - ok
20:46:39.0161 4872 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:46:39.0161 4872 ws2ifsl - ok
20:46:39.0207 4872 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:46:39.0207 4872 wscsvc - ok
20:46:39.0207 4872 WSearch - ok
20:46:39.0270 4872 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:46:39.0301 4872 wuauserv - ok
20:46:39.0317 4872 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:46:39.0317 4872 WudfPf - ok
20:46:39.0348 4872 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:46:39.0348 4872 WUDFRd - ok
20:46:39.0363 4872 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:46:39.0363 4872 wudfsvc - ok
20:46:39.0379 4872 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:46:39.0379 4872 WwanSvc - ok
20:46:39.0395 4872 ================ Scan global ===============================
20:46:39.0426 4872 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:46:39.0457 4872 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:46:39.0457 4872 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:46:39.0473 4872 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:46:39.0504 4872 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:46:39.0504 4872 [Global] - ok
20:46:39.0504 4872 ================ Scan MBR ==================================
20:46:39.0519 4872 [ 0F84F2562620C40D8A3E1908C8075675 ] \Device\Harddisk0\DR0
20:46:39.0519 4872 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:46:39.0566 4872 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:46:39.0566 4872 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:46:39.0566 4872 ================ Scan VBR ==================================
20:46:39.0566 4872 [ B500B05005FFF3872CC13A7D176C531B ] \Device\Harddisk0\DR0\Partition1
20:46:39.0566 4872 \Device\Harddisk0\DR0\Partition1 - ok
20:46:39.0582 4872 [ 359DFC2FEAD303787C79170B040CE9DD ] \Device\Harddisk0\DR0\Partition2
20:46:39.0582 4872 \Device\Harddisk0\DR0\Partition2 - ok
20:46:39.0582 4872 [ 1DCD00F7961C9059EFBD44E74902AD78 ] \Device\Harddisk0\DR0\Partition3
20:46:39.0582 4872 \Device\Harddisk0\DR0\Partition3 - ok
20:46:39.0582 4872 ============================================================
20:46:39.0582 4872 Scan finished
20:46:39.0582 4872 ============================================================
20:46:39.0597 4836 Detected object count: 1
20:46:39.0597 4836 Actual detected object count: 1
20:47:52.0183 4836 \Device\Harddisk0\DR0\# - copied to quarantine
20:47:52.0184 4836 \Device\Harddisk0\DR0 - copied to quarantine
20:47:52.0211 4836 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:47:52.0212 4836 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:47:52.0215 4836 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:47:52.0219 4836 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:47:52.0228 4836 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:47:52.0271 4836 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:47:52.0455 4836 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:47:52.0456 4836 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:47:52.0457 4836 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:47:52.0460 4836 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:47:52.0469 4836 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:47:52.0470 4836 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:47:52.0488 4836 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:47:52.0490 4836 \Device\Harddisk0\DR0 - ok
20:47:58.0054 4836 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:48:01.0234 4928 Deinitialize success
 
20:49:43.0457 3608 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:49:44.0097 3608 ============================================================
20:49:44.0097 3608 Current date / time: 2012/10/09 20:49:44.0097
20:49:44.0097 3608 SystemInfo:
20:49:44.0097 3608
20:49:44.0097 3608 OS Version: 6.1.7600 ServicePack: 0.0
20:49:44.0097 3608 Product type: Workstation
20:49:44.0097 3608 ComputerName: LINDSAY-PC
20:49:44.0097 3608 UserName: Admin
20:49:44.0097 3608 Windows directory: C:\Windows
20:49:44.0097 3608 System windows directory: C:\Windows
20:49:44.0097 3608 Running under WOW64
20:49:44.0097 3608 Processor architecture: Intel x64
20:49:44.0097 3608 Number of processors: 4
20:49:44.0097 3608 Page size: 0x1000
20:49:44.0097 3608 Boot type: Normal boot
20:49:44.0097 3608 ============================================================
20:49:45.0485 3608 BG loaded
20:49:46.0031 3608 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:49:46.0063 3608 ============================================================
20:49:46.0063 3608 \Device\Harddisk0\DR0:
20:49:46.0063 3608 MBR partitions:
20:49:46.0063 3608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:49:46.0063 3608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D40000
20:49:46.0063 3608 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x43993800
20:49:46.0063 3608 ============================================================
20:49:46.0125 3608 C: <-> \Device\Harddisk0\DR0\Partition3
20:49:46.0265 3608 D: <-> \Device\Harddisk0\DR0\Partition2
20:49:46.0265 3608 ============================================================
20:49:46.0265 3608 Initialize success
20:49:46.0265 3608 ============================================================
 
I have Malwarebytes pro and it should be running at all times. I also have Superantispyware and that initiates at startup too. My icons in the lower right box always have a little M and a spider. I only turned it off when I ran combofix. I will download avast and then follow your directions.
 
Neither of them is an AV program.
Please follow my previous reply.

Also you shouldn't be running MBAM and Super at the same time.
Only one antimalware program is recommended to be running in real time.
 
Ok. Good deal. I will stop superantispyware from running at startup.

I ran the avast scan. It found 95 threats. I moved everything I could to the virus chest.

There were some items that it could not move to chest because it said the system could not find the path or file specified.

I can't just copy and paste the items that were moved to the chest. These are the logs that are available. Which one do you want?

ashwebsv.ws
aswar.log
aswar1.log
chest.log
cleaner.log
htmlremotecontent.log
mail.log
nshield.log
resident.log
selfdef.log
setup.log
usntr.log

What should I do next?
 
Avast! Antirootkit, version 1.0
Scan started: Monday, October 15, 2012 3:55:05 AM

Process [0]
Process [4]
Process C:\Windows\System32\smss.exe [368]
Process C:\Windows\System32\csrss.exe [496]
Process C:\Windows\System32\csrss.exe [564]
Process C:\Windows\System32\wininit.exe [572]
Process C:\Windows\System32\winlogon.exe [628]
Process C:\Windows\System32\services.exe [672]
Process C:\Windows\System32\lsass.exe [680]
Process C:\Windows\System32\lsm.exe [688]
Process C:\Windows\System32\svchost.exe [784]
Process C:\Windows\System32\svchost.exe [884]
Process C:\Windows\System32\LogonUI.exe [972]
Process C:\Windows\System32\svchost.exe [984]
Process C:\Windows\System32\svchost.exe [124]
Process C:\Windows\System32\svchost.exe [400]
Process C:\Windows\System32\svchost.exe [968]
Process C:\Windows\System32\svchost.exe [1112]
Process C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1292]
Process C:\Windows\System32\spoolsv.exe [1492]
Process C:\Windows\System32\svchost.exe [1524]
Process C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [1220]
Process C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1420]
Process C:\Program Files (x86)\Bonjour\mDNSResponder.exe [1544]
Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [1908]
Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [1136]
Process C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2076]
Process C:\Windows\System32\mqsvc.exe [2108]
Process C:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2200]
Process C:\Windows\System32\svchost.exe [2268]
Process C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [2416]
Process C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2456]
Process C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2524]
Process C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe [2532]
Process C:\Windows\System32\conhost.exe [2540]
Process C:\Program Files (x86)\Sophos\Encryption\BLService.exe [2624]
Process C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe [2660]
Process C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe [2668]
Process C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe [2676]
Process C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe [2684]
Process C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe [2820]
Process C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2856]
Process C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe [2932]
Process C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe [2972]
Process C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe [2264]
Process C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe [3012]
Process C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe [3084]
Process C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe [3120]
Process C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [3340]
Process C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [3384]
Process C:\Windows\System32\svchost.exe [3528]
Process C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [3100]
Process C:\Windows\System32\SearchIndexer.exe [2400]
Process C:\Windows\System32\wbem\WmiPrvSE.exe [3204]
Process C:\Windows\System32\taskeng.exe [3444]
Disk 0 MBR
Service !SASCORE [C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE]
Service .NET CLR Data [???]
Service .NET CLR Networking [???]
Service .NET Data Provider for Oracle [???]
Service .NET Data Provider for SqlServer [???]
Service .NETFramework [???]
Service 1394ohci [C:\Windows\system32\DRIVERS\1394ohci.sys]
Service ACPI [C:\Windows\system32\DRIVERS\ACPI.sys]
Service AcpiPmi [C:\Windows\system32\DRIVERS\acpipmi.sys]
Service AdobeFlashPlayerUpdateSvc [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
Service adp94xx [C:\Windows\system32\DRIVERS\adp94xx.sys]
Service adpahci [C:\Windows\system32\DRIVERS\adpahci.sys]
Service adpu320 [C:\Windows\system32\DRIVERS\adpu320.sys]
Service adsi [???]
Service AeLookupSvc [C:\Windows\System32\aelupsvc.dll]
Service AFD [C:\Windows\system32\drivers\afd.sys]
Service agp440 [C:\Windows\system32\DRIVERS\agp440.sys]
Service ALG [C:\Windows\System32\alg.exe]
Service aliide [C:\Windows\system32\DRIVERS\aliide.sys]
Service amdide [C:\Windows\system32\DRIVERS\amdide.sys]
Service AmdK8 [C:\Windows\system32\DRIVERS\amdk8.sys]
Service AmdPPM [C:\Windows\system32\DRIVERS\amdppm.sys]
Service amdsata [C:\Windows\system32\DRIVERS\amdsata.sys]
Service amdsbs [C:\Windows\system32\DRIVERS\amdsbs.sys]
Service amdxata [C:\Windows\system32\DRIVERS\amdxata.sys]
Service AppID [C:\Windows\system32\drivers\appid.sys]
Service AppIDSvc [C:\Windows\System32\appidsvc.dll]
Service Appinfo [C:\Windows\System32\appinfo.dll]
Service Apple Mobile Device [C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe]
Service AppMgmt [C:\Windows\System32\appmgmts.dll]
Service arc [C:\Windows\system32\DRIVERS\arc.sys]
Service arcsas [C:\Windows\system32\DRIVERS\arcsas.sys]
Service aswFsBlk [C:\Windows\System32\Drivers\aswFsBlk.sys]
Service aswMonFlt [C:\Windows\system32\drivers\aswMonFlt.sys]
Service aswRdr [C:\Windows\System32\Drivers\aswrdr2.sys]
Service aswSnx [C:\Windows\System32\Drivers\aswSnx.sys]
Service aswSP [C:\Windows\System32\Drivers\aswSP.sys]
Service aswTdi [C:\Windows\System32\Drivers\aswTdi.sys]
Service AsyncMac [C:\Windows\system32\DRIVERS\asyncmac.sys]
Service atapi [C:\Windows\system32\DRIVERS\atapi.sys]
Service atikmdag [C:\Windows\system32\DRIVERS\atikmdag.sys]
Service AudioEndpointBuilder [C:\Windows\System32\Audiosrv.dll]
Service AudioSrv [C:\Windows\System32\Audiosrv.dll]
Service avast! Antivirus [C:\Program Files\AVAST Software\Avast\AvastSvc.exe]
Service Avg [???]
Service AxInstSV [C:\Windows\System32\AxInstSV.dll]
Service b06bdrv [C:\Windows\system32\DRIVERS\bxvbda.sys]
Service b57nd60a [C:\Windows\system32\DRIVERS\b57nd60a.sys]
Service BattC [???]
Service BDESVC [C:\Windows\System32\bdesvc.dll]
Service Beep [C:\Windows\System32\Drivers\Beep.sys]
Service BFE [C:\Windows\System32\bfe.dll]
Service BITS [C:\Windows\system32\qmgr.dll]
Service blbdrive [C:\Windows\system32\DRIVERS\blbdrive.sys]
Service Bonjour Service [C:\Program Files (x86)\Bonjour\mDNSResponder.exe]
Service bowser [C:\Windows\system32\DRIVERS\bowser.sys]
Service BrFiltLo [C:\Windows\system32\DRIVERS\BrFiltLo.sys]
Service BrFiltUp [C:\Windows\system32\DRIVERS\BrFiltUp.sys]
Service BridgeMP [C:\Windows\system32\DRIVERS\bridge.sys]
Service Browser [C:\Windows\System32\browser.dll]
Service Brserid [C:\Windows\System32\Drivers\Brserid.sys]
Service BrSerWdm [C:\Windows\System32\Drivers\BrSerWdm.sys]
Service BrUsbMdm [C:\Windows\System32\Drivers\BrUsbMdm.sys]
Service BrUsbSer [C:\Windows\System32\Drivers\BrUsbSer.sys]
Service BTHMODEM [C:\Windows\system32\DRIVERS\bthmodem.sys]
Service BTHPORT [???]
Service bthserv [C:\Windows\system32\bthserv.dll]
Service catchme [C:\ComboFix\catchme.sys]
Service cdfs [C:\Windows\system32\DRIVERS\cdfs.sys]
Service cdrom [C:\Windows\system32\DRIVERS\cdrom.sys]
Service CertPropSvc [C:\Windows\System32\certprop.dll]
Service circlass [C:\Windows\system32\DRIVERS\circlass.sys]
Service CLFS [C:\Windows\System32\CLFS.sys]
Service clr_optimization_v2.0.50727_32 [C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
Service clr_optimization_v2.0.50727_64 [C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe]
Service CmBatt [C:\Windows\system32\DRIVERS\CmBatt.sys]
Service cmdide [C:\Windows\system32\DRIVERS\cmdide.sys]
Service CNG [C:\Windows\System32\Drivers\cng.sys]
Service Compbatt [C:\Windows\system32\DRIVERS\compbatt.sys]
Service CompositeBus [C:\Windows\system32\DRIVERS\CompositeBus.sys]
Service COMSysApp [C:\Windows\system32\dllhost.exe]
Service cpuz134 [C:\Windows\system32\drivers\cpuz134_x64.sys]
Service crcdisk [C:\Windows\system32\DRIVERS\crcdisk.sys]
Service crypt32 [???]
Service CryptSvc [C:\Windows\system32\cryptsvc.dll]
Service CSC [C:\Windows\system32\drivers\csc.sys]
Service CscService [C:\Windows\System32\cscsvc.dll]
Service DCLocator [???]
Service DcomLaunch [C:\Windows\system32\rpcss.dll]
Service defragsvc [C:\Windows\System32\defragsvc.dll]
Service DfsC [C:\Windows\System32\Drivers\dfsc.sys]
Service Dhcp [C:\Windows\system32\dhcpcore.dll]
Service discache [C:\Windows\System32\drivers\discache.sys]
Service Disk [C:\Windows\system32\DRIVERS\disk.sys]
Service Dnscache [C:\Windows\System32\dnsrslvr.dll]
Service dot3svc [C:\Windows\System32\dot3svc.dll]
Service DPS [C:\Windows\system32\dps.dll]
Service drmkaud [C:\Windows\system32\drivers\drmkaud.sys]
Service DXGKrnl [C:\Windows\System32\drivers\dxgkrnl.sys]
Service EapHost [C:\Windows\System32\eapsvc.dll]
Service ebdrv [C:\Windows\system32\DRIVERS\evbda.sys]
Service EFS [C:\Windows\System32\lsass.exe]
Service ehRecvr [C:\Windows\ehome\ehRecvr.exe]
Service ehSched [C:\Windows\ehome\ehsched.exe]
Service elxstor [C:\Windows\system32\DRIVERS\elxstor.sys]
Service EPSON_EB_RPCV4_01 [C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE]
Service EPSON_PM_RPCV4_01 [C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE]
Service ErrDev [C:\Windows\system32\DRIVERS\errdev.sys]
Service ESENT [???]
Service eventlog [C:\Windows\System32\wevtsvc.dll]
Service EventSystem [C:\Windows\system32\es.dll]
Service exfat [C:\Windows\System32\Drivers\exfat.sys]
Service fastfat [C:\Windows\System32\Drivers\fastfat.sys]
Service Fax [C:\Windows\system32\fxssvc.exe]
Service fdc [C:\Windows\system32\DRIVERS\fdc.sys]
Service fdPHost [C:\Windows\system32\fdPHost.dll]
Service FDResPub [C:\Windows\system32\fdrespub.dll]
Service FileInfo [C:\Windows\system32\drivers\fileinfo.sys]
Service Filetrace [C:\Windows\system32\drivers\filetrace.sys]
Service FLEXnet Licensing Service [C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe]
Service flpydisk [C:\Windows\system32\DRIVERS\flpydisk.sys]
Service FltMgr [C:\Windows\system32\drivers\fltmgr.sys]
Service FontCache [C:\Windows\system32\FntCache.dll]
Service FontCache3.0.0.0 [C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe]
Service FsDepends [C:\Windows\System32\drivers\FsDepends.sys]
Service Fs_Rec [C:\Windows\System32\Drivers\Fs_Rec.sys]
Service fvevol [C:\Windows\System32\DRIVERS\fvevol.sys]
Service gagp30kx [C:\Windows\system32\DRIVERS\gagp30kx.sys]
Service GEARAspiWDM [C:\Windows\system32\DRIVERS\GEARAspiWDM.sys]
Service gpsvc [C:\Windows\System32\gpsvc.dll]
Service hcw85cir [C:\Windows\system32\drivers\hcw85cir.sys]
Service HdAudAddService [C:\Windows\system32\drivers\HdAudio.sys]
Service HDAudBus [C:\Windows\system32\DRIVERS\HDAudBus.sys]
Service HidBatt [C:\Windows\system32\DRIVERS\HidBatt.sys]
Service HidBth [C:\Windows\system32\DRIVERS\hidbth.sys]
Service HidIr [C:\Windows\system32\DRIVERS\hidir.sys]
Service hidserv [C:\Windows\System32\hidserv.dll]
Service HidUsb [C:\Windows\system32\DRIVERS\hidusb.sys]
Service hkmsvc [C:\Windows\system32\kmsvc.dll]
Service HomeGroupListener [C:\Windows\system32\ListSvc.dll]
Service HomeGroupProvider [C:\Windows\system32\provsvc.dll]
Service HpSAMD [C:\Windows\system32\DRIVERS\HpSAMD.sys]
Service HTTP [C:\Windows\system32\drivers\HTTP.sys]
Service hwpolicy [C:\Windows\System32\drivers\hwpolicy.sys]
Service i8042prt [C:\Windows\system32\DRIVERS\i8042prt.sys]
Service iaStorV [C:\Windows\system32\DRIVERS\iaStorV.sys]
Service IDriverT [C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe]
Service idsvc [C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe]
Service iirsp [C:\Windows\system32\DRIVERS\iirsp.sys]
Service IKEEXT [C:\Windows\System32\ikeext.dll]
Service inetaccs [???]
Service intelide [C:\Windows\system32\DRIVERS\intelide.sys]
Service intelppm [C:\Windows\system32\DRIVERS\intelppm.sys]
Service IPBusEnum [C:\Windows\system32\ipbusenum.dll]
Service IpFilterDriver [C:\Windows\system32\DRIVERS\ipfltdrv.sys]
Service iphlpsvc [C:\Windows\System32\iphlpsvc.dll]
Service IPMIDRV [C:\Windows\system32\DRIVERS\IPMIDrv.sys]
Service IPNAT [C:\Windows\System32\drivers\ipnat.sys]
Service iPod Service [C:\Program Files\iPod\bin\iPodService.exe]
Service IRENUM [C:\Windows\system32\drivers\irenum.sys]
Service isapnp [C:\Windows\system32\DRIVERS\isapnp.sys]
Service iScsiPrt [C:\Windows\system32\DRIVERS\msiscsi.sys]
Service kbdclass [C:\Windows\system32\DRIVERS\kbdclass.sys]
Service kbdhid [C:\Windows\system32\DRIVERS\kbdhid.sys]
Service KeyIso [C:\Windows\system32\lsass.exe]
Service KSecDD [C:\Windows\System32\Drivers\ksecdd.sys]
Service KSecPkg [C:\Windows\System32\Drivers\ksecpkg.sys]
Service ksthunk [C:\Windows\system32\drivers\ksthunk.sys]
Service KtmRm [C:\Windows\system32\msdtckrm.dll]
Service L1E [C:\Windows\system32\DRIVERS\L1E62x64.sys]
Service LanmanServer [C:\Windows\System32\srvsvc.dll]
Service LanmanWorkstation [C:\Windows\System32\wkssvc.dll]
Service ldap [???]
Service lltdio [C:\Windows\system32\DRIVERS\lltdio.sys]
Service lltdsvc [C:\Windows\System32\lltdsvc.dll]
Service lmhosts [C:\Windows\System32\lmhsvc.dll]
Service Lsa [???]
Service LSI_FC [C:\Windows\system32\DRIVERS\lsi_fc.sys]
Service LSI_SAS [C:\Windows\system32\DRIVERS\lsi_sas.sys]
Service LSI_SAS2 [C:\Windows\system32\DRIVERS\lsi_sas2.sys]
Service LSI_SCSI [C:\Windows\system32\DRIVERS\lsi_scsi.sys]
Service luafv [C:\Windows\system32\drivers\luafv.sys]
Service MBAMProtector [C:\Windows\system32\drivers\mbam.sys]
Service MBAMScheduler [C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe]
Service MBAMService [C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe]
Service Mcx2Svc [C:\Windows\system32\Mcx2Svc.dll]
Service megasas [C:\Windows\system32\DRIVERS\megasas.sys]
Service MegaSR [C:\Windows\system32\DRIVERS\MegaSR.sys]
Service Microsoft Office Groove Audit Service [C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe]
Service MMCSS [C:\Windows\system32\mmcss.dll]
Service Modem [C:\Windows\system32\drivers\modem.sys]
Service monitor [C:\Windows\system32\DRIVERS\monitor.sys]
Service mouclass [C:\Windows\system32\DRIVERS\mouclass.sys]
Service mouhid [C:\Windows\system32\DRIVERS\mouhid.sys]
Service mountmgr [C:\Windows\System32\drivers\mountmgr.sys]
Service MozillaMaintenance [C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe]
Service mpio [C:\Windows\system32\DRIVERS\mpio.sys]
Service mpsdrv [C:\Windows\System32\drivers\mpsdrv.sys]
Service MpsSvc [C:\Windows\system32\mpssvc.dll]
Service MQAC [C:\Windows\system32\drivers\mqac.sys]
Service MRxDAV [C:\Windows\system32\drivers\mrxdav.sys]
Service mrxsmb [C:\Windows\system32\DRIVERS\mrxsmb.sys]
Service mrxsmb10 [C:\Windows\system32\DRIVERS\mrxsmb10.sys]
Service mrxsmb20 [C:\Windows\system32\DRIVERS\mrxsmb20.sys]
Service msahci [C:\Windows\system32\DRIVERS\msahci.sys]
Service msdsm [C:\Windows\system32\DRIVERS\msdsm.sys]
Service MSDTC [C:\Windows\System32\msdtc.exe]
Service MSDTC Bridge 3.0.0.0 [???]
Service Msfs [C:\Windows\System32\Drivers\Msfs.sys]
Service mshidkmdf [C:\Windows\System32\drivers\mshidkmdf.sys]
Service msisadrv [C:\Windows\system32\DRIVERS\msisadrv.sys]
Service MSiSCSI [C:\Windows\system32\iscsiexe.dll]
Service msiserver [C:\Windows\system32\msiexec.exe]
Service MSKSSRV [C:\Windows\system32\drivers\MSKSSRV.sys]
Service MSMQ [C:\Windows\system32\mqsvc.exe]
Service MSPCLOCK [C:\Windows\system32\drivers\MSPCLOCK.sys]
Service MSPQM [C:\Windows\system32\drivers\MSPQM.sys]
Service MsRPC [C:\Windows\System32\Drivers\MsRPC.sys]
Service MSSCNTRS [???]
Service mssmbios [C:\Windows\system32\DRIVERS\mssmbios.sys]
Service MSSQL$SOPHOS [c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe]
Service MSSQLServerADHelper100 [c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE]
Service MSTEE [C:\Windows\system32\drivers\MSTEE.sys]
Service MTConfig [C:\Windows\system32\DRIVERS\MTConfig.sys]
Service Mup [C:\Windows\System32\Drivers\mup.sys]
Service napagent [C:\Windows\system32\qagentRT.dll]
Service NativeWifiP [C:\Windows\system32\DRIVERS\nwifi.sys]
Service NDIS [C:\Windows\system32\drivers\ndis.sys]
Service NdisCap [C:\Windows\system32\DRIVERS\ndiscap.sys]
Service NdisTapi [C:\Windows\system32\DRIVERS\ndistapi.sys]
Service Ndisuio [C:\Windows\system32\DRIVERS\ndisuio.sys]
Service NdisWan [C:\Windows\system32\DRIVERS\ndiswan.sys]
Service NDProxy [C:\Windows\System32\Drivers\NDProxy.sys]
Service NetBIOS [C:\Windows\system32\DRIVERS\netbios.sys]
Service NetBT [C:\Windows\System32\DRIVERS\netbt.sys]
Service Netlogon [C:\Windows\system32\lsass.exe]
Service Netman [C:\Windows\System32\netman.dll]
Service netprofm [C:\Windows\System32\netprofm.dll]
Service NetTcpPortSharing [C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe]
Service nfrd960 [C:\Windows\system32\DRIVERS\nfrd960.sys]
Service NlaSvc [C:\Windows\System32\nlasvc.dll]
Service Npfs [C:\Windows\System32\Drivers\Npfs.sys]
Service nsi [C:\Windows\system32\nsisvc.dll]
Service nsiproxy [C:\Windows\system32\drivers\nsiproxy.sys]
Service NTDS [???]
Service Ntfs [C:\Windows\System32\Drivers\Ntfs.sys]
Service Null [C:\Windows\System32\Drivers\Null.sys]
Service nvraid [C:\Windows\system32\DRIVERS\nvraid.sys]
Service nvstor [C:\Windows\system32\DRIVERS\nvstor.sys]
Service nv_agp [C:\Windows\system32\DRIVERS\nv_agp.sys]
Service odserv [C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE]
Service ohci1394 [C:\Windows\system32\DRIVERS\ohci1394.sys]
Service ose [C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE]
Service Outlook [???]
Service p2pimsvc [C:\Windows\system32\pnrpsvc.dll]
Service p2psvc [C:\Windows\system32\p2psvc.dll]
Service Parport [C:\Windows\system32\DRIVERS\parport.sys]
Service partmgr [C:\Windows\System32\drivers\partmgr.sys]
Service PcaSvc [C:\Windows\System32\pcasvc.dll]
Service pci [C:\Windows\system32\DRIVERS\pci.sys]
Service pciide [C:\Windows\system32\DRIVERS\pciide.sys]
Service pcmcia [C:\Windows\system32\DRIVERS\pcmcia.sys]
Service pcw [C:\Windows\System32\drivers\pcw.sys]
Service PEAUTH [C:\Windows\system32\drivers\peauth.sys]
Service PeerDistSvc [C:\Windows\system32\peerdistsvc.dll]
Service PerfDisk [???]
Service PerfHost [C:\Windows\SysWow64\perfhost.exe]
Service PerfNet [???]
Service PerfOS [???]
Service PerfProc [???]
Service pla [C:\Windows\system32\pla.dll]
Service PlugPlay [C:\Windows\system32\umpnpmgr.dll]
Service PNRPAutoReg [C:\Windows\system32\pnrpauto.dll]
Service PNRPsvc [C:\Windows\system32\pnrpsvc.dll]
Service PolicyAgent [C:\Windows\System32\ipsecsvc.dll]
Service PortProxy [???]
Service postgresql-8.4 [C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe]
Service Power [C:\Windows\system32\umpo.dll]
Service PptpMiniport [C:\Windows\system32\DRIVERS\raspptp.sys]
Service Processor [C:\Windows\system32\DRIVERS\processr.sys]
Service ProfSvc [C:\Windows\system32\profsvc.dll]
Service ProtectedStorage [C:\Windows\system32\lsass.exe]
Service Psched [C:\Windows\system32\DRIVERS\pacer.sys]
Service ql2300 [C:\Windows\system32\DRIVERS\ql2300.sys]
Service ql40xx [C:\Windows\system32\DRIVERS\ql40xx.sys]
Service QWAVE [C:\Windows\system32\qwave.dll]
Service QWAVEdrv [C:\Windows\system32\drivers\qwavedrv.sys]
Service RasAcd [C:\Windows\System32\DRIVERS\rasacd.sys]
Service RasAgileVpn [C:\Windows\system32\DRIVERS\AgileVpn.sys]
Service RasAuto [C:\Windows\System32\rasauto.dll]
Service Rasl2tp [C:\Windows\system32\DRIVERS\rasl2tp.sys]
Service RasMan [C:\Windows\System32\rasmans.dll]
Service RasPppoe [C:\Windows\system32\DRIVERS\raspppoe.sys]
Service RasSstp [C:\Windows\system32\DRIVERS\rassstp.sys]
Service rdbss [C:\Windows\system32\DRIVERS\rdbss.sys]
Service rdpbus [C:\Windows\system32\DRIVERS\rdpbus.sys]
Service RDPCDD [C:\Windows\System32\DRIVERS\RDPCDD.sys]
Service RDPDD [???]
Service RDPDR [C:\Windows\System32\drivers\rdpdr.sys]
Service RDPENCDD [C:\Windows\system32\drivers\rdpencdd.sys]
Service RDPNP [???]
Service RDPREFMP [C:\Windows\system32\drivers\rdprefmp.sys]
Service RDPWD [C:\Windows\System32\Drivers\RDPWD.sys]
Service rdyboost [C:\Windows\System32\drivers\rdyboost.sys]
Service Realtek11nSU [C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe]
Service RemoteAccess [C:\Windows\System32\mprdim.dll]
Service RemoteRegistry [C:\Windows\system32\regsvc.dll]
Service RpcEptMapper [C:\Windows\System32\RpcEpMap.dll]
Service RpcLocator [C:\Windows\system32\locator.exe]
Service RpcSs [C:\Windows\system32\rpcss.dll]
Service RsFx0103 [C:\Windows\system32\DRIVERS\RsFx0103.sys]
Service rspndr [C:\Windows\system32\DRIVERS\rspndr.sys]
Service RTL8192su [C:\Windows\system32\DRIVERS\RTL8192su.sys]
Service s3cap [C:\Windows\system32\DRIVERS\vms3cap.sys]
Service SamSs [C:\Windows\system32\lsass.exe]
Service SASDIFSV [C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS]
Service SASKUTIL [C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS]
Service sbp2port [C:\Windows\system32\DRIVERS\sbp2port.sys]
Service SCardSvr [C:\Windows\System32\SCardSvr.dll]
Service SCDEmu [C:\Windows\System32\Drivers\SCDEmu.sys]
Service scfilter [C:\Windows\System32\DRIVERS\scfilter.sys]
Service Schedule [C:\Windows\system32\schedsvc.dll]
Service SCPolicySvc [C:\Windows\System32\certprop.dll]
Service SDRSVC [C:\Windows\System32\SDRSVC.dll]
Service secdrv [C:\Windows\System32\Drivers\secdrv.sys]
Service seclogon [C:\Windows\system32\seclogon.dll]
Service SENS [C:\Windows\system32\sens.dll]
Service SensrSvc [C:\Windows\system32\sensrsvc.dll]
Service Serenum [C:\Windows\system32\DRIVERS\serenum.sys]
Service Serial [C:\Windows\system32\DRIVERS\serial.sys]
Service sermouse [C:\Windows\system32\DRIVERS\sermouse.sys]
Service ServiceModelEndpoint 3.0.0.0 [???]
Service ServiceModelOperation 3.0.0.0 [???]
Service ServiceModelService 3.0.0.0 [???]
Service SessionEnv [C:\Windows\system32\sessenv.dll]
Service sffdisk [C:\Windows\system32\DRIVERS\sffdisk.sys]
Service sffp_mmc [C:\Windows\system32\DRIVERS\sffp_mmc.sys]
Service sffp_sd [C:\Windows\system32\DRIVERS\sffp_sd.sys]
Service sfloppy [C:\Windows\system32\DRIVERS\sfloppy.sys]
Service SGNBusinessLogicService [C:\Program Files (x86)\Sophos\Encryption\BLService.exe]
Service SGN_LogSystem [C:\Windows\SysWOW64\SGN_MasterServicen.exe]
Service SharedAccess [C:\Windows\System32\ipnathlp.dll]
Service ShellHWDetection [C:\Windows\System32\shsvcs.dll]
Service SiSRaid2 [C:\Windows\system32\DRIVERS\SiSRaid2.sys]
Service SiSRaid4 [C:\Windows\system32\DRIVERS\sisraid4.sys]
Service Smb [C:\Windows\system32\DRIVERS\smb.sys]
Service SMSvcHost 3.0.0.0 [???]
Service SNMPTRAP [C:\Windows\System32\snmptrap.exe]
Service Sophos Agent [C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe]
Service Sophos Certification Manager [C:\Program Files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe]
Service Sophos Management Service [C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe]
Service Sophos Message Router [C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe]
Service SophosManagementHostService [C:\Program Files\Sophos\Enterprise Console\Sophos.FrontEnd.Service.exe]
Service SophosPatchEndpointCommunicator [C:\Program Files\Sophos\Patch\PatchEndpointCommunicator\PatchEndpointCommunicator.exe]
Service SophosPatchOrchestratorService [C:\Program Files\Sophos\Patch\PatchEndpointOrchestrator\PatchEndpointOrchestrator.exe]
Service SophosPatchServerCommunicator [C:\Program Files\Sophos\Patch\PatchServerCommunicator\PatchServerCommunicator.exe]
Service spldr [C:\Windows\System32\Drivers\spldr.sys]
Service Spooler [C:\Windows\System32\spoolsv.exe]
Service sppsvc [C:\Windows\system32\sppsvc.exe]
Service sppuinotify [C:\Windows\system32\sppuinotify.dll]
Service SQLAgent$SOPHOS [c:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE]
Service SQLBrowser [c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe]
Service SQLWriter [c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe]
Service srv [C:\Windows\System32\DRIVERS\srv.sys]
Service srv2 [C:\Windows\System32\DRIVERS\srv2.sys]
Service srvnet [C:\Windows\System32\DRIVERS\srvnet.sys]
Service SSDPSRV [C:\Windows\System32\ssdpsrv.dll]
Service SstpSvc [C:\Windows\system32\sstpsvc.dll]
Service stexstor [C:\Windows\system32\DRIVERS\stexstor.sys]
Service stisvc [C:\Windows\System32\wiaservc.dll]
Service storflt [C:\Windows\system32\DRIVERS\vmstorfl.sys]
Service storvsc [C:\Windows\system32\DRIVERS\storvsc.sys]
Service swenum [C:\Windows\system32\DRIVERS\swenum.sys]
Service swprv [C:\Windows\System32\swprv.dll]
Service SysMain [C:\Windows\system32\sysmain.dll]
Service TabletInputService [C:\Windows\System32\TabSvc.dll]
Service TapiSrv [C:\Windows\System32\tapisrv.dll]
Service TBS [C:\Windows\System32\tbssvc.dll]
Service Tcpip [C:\Windows\System32\drivers\tcpip.sys]
Service TCPIP6 [C:\Windows\system32\DRIVERS\tcpip.sys]
Service TCPIP6TUNNEL [???]
Service tcpipreg [C:\Windows\System32\drivers\tcpipreg.sys]
Service TCPIPTUNNEL [???]
Service TDPIPE [C:\Windows\system32\drivers\tdpipe.sys]
Service TDTCP [C:\Windows\system32\drivers\tdtcp.sys]
Service tdx [C:\Windows\system32\DRIVERS\tdx.sys]
Service TermDD [C:\Windows\system32\DRIVERS\termdd.sys]
Service TermService [C:\Windows\System32\termsrv.dll]
Service Themes [C:\Windows\system32\themeservice.dll]
Service THREADORDER [C:\Windows\system32\mmcss.dll]
Service TrkWks [C:\Windows\System32\trkwks.dll]
Service TrustedInstaller [C:\Windows\servicing\TrustedInstaller.exe]
Service TSDDD [???]
Service tssecsrv [C:\Windows\System32\DRIVERS\tssecsrv.sys]
Service tunnel [C:\Windows\system32\DRIVERS\tunnel.sys]
Service uagp35 [C:\Windows\system32\DRIVERS\uagp35.sys]
Service udfs [C:\Windows\system32\DRIVERS\udfs.sys]
Service UGatherer [???]
Service UGTHRSVC [???]
Service UI0Detect [C:\Windows\system32\UI0Detect.exe]
Service uliagpkx [C:\Windows\system32\DRIVERS\uliagpkx.sys]
Service umbus [C:\Windows\system32\DRIVERS\umbus.sys]
Service UmPass [C:\Windows\system32\DRIVERS\umpass.sys]
Service UmRdpService [C:\Windows\System32\umrdp.dll]
Service upnphost [C:\Windows\System32\upnphost.dll]
Service USBAAPL64 [C:\Windows\System32\Drivers\usbaapl64.sys]
Service usbaudio [C:\Windows\system32\drivers\usbaudio.sys]
Service usbccgp [C:\Windows\system32\DRIVERS\usbccgp.sys]
Service usbcir [C:\Windows\system32\DRIVERS\usbcir.sys]
Service usbehci [C:\Windows\system32\DRIVERS\usbehci.sys]
Service usbhub [C:\Windows\system32\DRIVERS\usbhub.sys]
Service usbohci [C:\Windows\system32\DRIVERS\usbohci.sys]
Service usbprint [C:\Windows\system32\DRIVERS\usbprint.sys]
Service usbscan [C:\Windows\system32\DRIVERS\usbscan.sys]
Service USBSTOR [C:\Windows\system32\DRIVERS\USBSTOR.SYS]
Service usbuhci [C:\Windows\system32\DRIVERS\usbuhci.sys]
Service UxSms [C:\Windows\System32\uxsms.dll]
Service VaultSvc [C:\Windows\system32\lsass.exe]
Service vdrvroot [C:\Windows\system32\DRIVERS\vdrvroot.sys]
Service vds [C:\Windows\System32\vds.exe]
Service vga [C:\Windows\system32\DRIVERS\vgapnp.sys]
Service VgaSave [C:\Windows\System32\drivers\vga.sys]
Service vhdmp [C:\Windows\system32\DRIVERS\vhdmp.sys]
Service viaide [C:\Windows\system32\DRIVERS\viaide.sys]
Service vmbus [C:\Windows\system32\DRIVERS\vmbus.sys]
Service VMBusHID [C:\Windows\system32\DRIVERS\VMBusHID.sys]
Service volmgr [C:\Windows\system32\DRIVERS\volmgr.sys]
Service volmgrx [C:\Windows\System32\drivers\volmgrx.sys]
Service volsnap [C:\Windows\system32\DRIVERS\volsnap.sys]
Service vsmraid [C:\Windows\system32\DRIVERS\vsmraid.sys]
Service VSS [C:\Windows\system32\vssvc.exe]
Service vwifibus [C:\Windows\system32\DRIVERS\vwifibus.sys]
Service vwififlt [C:\Windows\system32\DRIVERS\vwififlt.sys]
Service W32Time [C:\Windows\system32\w32time.dll]
Service W3SVC [???]
Service WacomPen [C:\Windows\system32\DRIVERS\wacompen.sys]
Service WANARP [C:\Windows\system32\DRIVERS\wanarp.sys]
Service Wanarpv6 [C:\Windows\system32\DRIVERS\wanarp.sys]
Service wbengine [C:\Windows\system32\wbengine.exe]
Service WbioSrvc [C:\Windows\System32\wbiosrvc.dll]
Service wcncsvc [C:\Windows\System32\wcncsvc.dll]
Service WcsPlugInService [C:\Windows\System32\WcsPlugInService.dll]
Service Wd [C:\Windows\system32\DRIVERS\wd.sys]
Service Wdf01000 [C:\Windows\system32\drivers\Wdf01000.sys]
Service WdiServiceHost [C:\Windows\system32\wdi.dll]
Service WdiSystemHost [C:\Windows\system32\wdi.dll]
Service WebClient [C:\Windows\System32\webclnt.dll]
Service Wecsvc [C:\Windows\system32\wecsvc.dll]
Service wercplsupport [C:\Windows\System32\wercplsupport.dll]
Service WerSvc [C:\Windows\System32\WerSvc.dll]
Service WfpLwf [C:\Windows\system32\DRIVERS\wfplwf.sys]
Service WIMMount [C:\Windows\system32\drivers\wimmount.sys]
Service WinDefend [C:\Program Files]
Service Windows Workflow Foundation 3.0.0.0 [???]
Service WinHttpAutoProxySvc [C:\Windows\system32\winhttp.dll]
Service Winmgmt [C:\Windows\system32\wbem\WMIsvc.dll]
Service WinRM [C:\Windows\system32\WsmSvc.dll]
Service Winsock [C:\Windows\System32\Drivers\Winsock.sys]
Service WinSock2 [???]
Service WinUsb [C:\Windows\system32\DRIVERS\WinUsb.sys]
Service Wlansvc [C:\Windows\System32\wlansvc.dll]
Service WmiAcpi [C:\Windows\system32\DRIVERS\wmiacpi.sys]
Service WmiApRpl [???]
Service wmiApSrv [C:\Windows\system32\wbem\WmiApSrv.exe]
Service WMPNetworkSvc [C:\Program Files]
Service WPCSvc [C:\Windows\System32\wpcsvc.dll]
Service WPDBusEnum [C:\Windows\system32\wpdbusenum.dll]
Service ws2ifsl [C:\Windows\system32\drivers\ws2ifsl.sys]
Service wscsvc [C:\Windows\system32\wscsvc.dll]
Service WSearch [C:\Windows\system32\SearchIndexer.exe]
Service WSearchIdxPi [???]
Service wuauserv [C:\Windows\system32\wuaueng.dll]
Service WudfPf [C:\Windows\system32\drivers\WudfPf.sys]
Service WUDFRd [C:\Windows\system32\DRIVERS\WUDFRd.sys]
Service wudfsvc [C:\Windows\System32\WUDFSvc.dll]
Service WwanSvc [C:\Windows\System32\wwansvc.dll]
Service xmlprov [???]
Service {07171AC2-0D2A-427d-BCE5-B6C2D6C7058B} [???]
Service {9FD9985D-DEED-4FF5-BEA4-EE08CE2FA497} [???]
Service {C2E68E71-4D89-4571-ADDE-07B7D237543A} [???]

Scan finished: Monday, October 15, 2012 3:55:20 AM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------
 
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.15.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Lindsay :: LINDSAY-PC [administrator]

Protection: Enabled

10/15/2012 12:52:13 PM
mbam-log-2012-10-15 (12-52-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249792
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
775
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back