08:28:51.0404 3332 TDSS rootkit removing tool 2.8.10.

0 Sep 17 2012 19:23:24

08:28:52.0623 3332 ============================================================
08:28:52.0623 3332 Current date / time: 2012/09/28 08:28:52.0623
08:28:52.0623 3332 SystemInfo:
08:28:52.0623 3332
08:28:52.0623 3332 OS Version: 5.1.2600 ServicePack: 3.0
08:28:52.0623 3332 Product type: Workstation
08:28:52.0623 3332 ComputerName: 2799CC
08:28:52.0623 3332 UserName: kdemil
08:28:52.0623 3332 Windows directory: C:\WINDOWS
08:28:52.0623 3332 System windows directory: C:\WINDOWS
08:28:52.0623 3332 Processor architecture: Intel x86
08:28:52.0623 3332 Number of processors: 2
08:28:52.0623 3332 Page size: 0x1000
08:28:52.0623 3332 Boot type: Normal boot
08:28:52.0623 3332 ============================================================
08:28:54.0764 3332 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb),
SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder:
0xFF, Type 'K0', Flags 0x00000054
08:28:54.0764 3332 ============================================================
08:28:54.0764 3332 \Device\Harddisk0\DR0:
08:28:54.0764 3332 MBR partitions:
08:28:54.0764 3332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x
3F, BlocksNum 0x950A5C1
08:28:54.0764 3332 ============================================================
08:28:54.0780 3332 C: <-> \Device\Harddisk0\DR0\Partition1
08:28:54.0780 3332 ============================================================
08:28:54.0780 3332 Initialize success
08:28:54.0780 3332 ============================================================
08:28:58.0280 3636 ============================================================
08:28:58.0280 3636 Scan started
08:28:58.0280 3636 Mode: Manual;
08:28:58.0280 3636 ============================================================
08:28:59.0295 3636 ================ Scan system memory ========================
08:28:59.0295 3636 System memory - ok
08:28:59.0295 3636 ================ Scan services =============================
08:28:59.0623 3636 Abiosdsk - ok
08:28:59.0639 3636 abp480n5 - ok
08:28:59.0748 3636 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI
C:\WIND
OWS\system32\DRIVERS\ACPI.sys
08:28:59.0764 3636 ACPI - ok
08:28:59.0842 3636 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC
C:\WIND
OWS\system32\drivers\ACPIEC.sys
08:28:59.0842 3636 ACPIEC - ok
08:28:59.0889 3636 adpu160m - ok
08:28:59.0951 3636 [ 8BED39E3C35D6A489438B8141717A557 ] aec
C:\WIND
OWS\system32\drivers\aec.sys
08:28:59.0951 3636 aec - ok
08:29:00.0014 3636 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD
C:\WIND
OWS\System32\drivers\afd.sys
08:29:00.0014 3636 AFD - ok
08:29:00.0076 3636 Aha154x - ok
08:29:00.0108 3636 aic78u2 - ok
08:29:00.0155 3636 aic78xx - ok
08:29:00.0233 3636 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter
C:\WIND
OWS\system32\alrsvc.dll
08:29:00.0248 3636 Alerter - ok
08:29:00.0280 3636 [ 8C515081584A38AA007909CD02020B3D ] ALG
C:\WIND
OWS\System32\alg.exe
08:29:00.0280 3636 ALG - ok

08:29:00.0311 3636 AliIde - ok

08:29:00.0358 3636 amsint - ok
08:29:00.0405 3636 [ D8849F77C0B66226335A59D26CB4EDC6 ]
OWS\System32\appmgmts.dll
08:29:00.0420 3636 AppMgmt - ok
08:29:00.0451 3636 asc - ok
08:29:00.0483 3636 asc3350p - ok
08:29:00.0530 3636 asc3550 - ok
08:29:00.0701 3636 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ]
OWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:29:00.0733 3636 aspnet_state - ok
08:29:00.0764 3636 [ B153AFFAC761E7F5FCFA822B9C4E97BC ]
OWS\system32\DRIVERS\asyncmac.sys
08:29:00.0764 3636 AsyncMac - ok
08:29:00.0795 3636 [ 9F3A2F5AA6875C72BF062C712CFA2674 ]
OWS\system32\DRIVERS\atapi.sys
08:29:00.0795 3636 atapi - ok
08:29:00.0826 3636 Atdisk - ok
08:29:00.0905 3636 [ 9916C1225104BA14794209CFA8012159 ]
OWS\system32\DRIVERS\atmarpc.sys
08:29:00.0905 3636 Atmarpc - ok
08:29:00.0951 3636 [ DEF7A7882BEC100FE0B2CE2549188F9D ]
OWS\System32\audiosrv.dll
08:29:00.0983 3636 AudioSrv - ok
08:29:01.0014 3636 [ D9F724AA26C010A217C97606B160ED68 ]
OWS\system32\DRIVERS\audstub.sys
08:29:01.0014 3636 audstub - ok
08:29:01.0092 3636 [ DA1F27D85E0D1525F6621372E7B685E9 ]
OWS\system32\drivers\Beep.sys
08:29:01.0092 3636 Beep - ok
08:29:01.0233 3636 [ B2EFE3F4B218B9C83D23D01633971584 ]
ram Files\BigFix Enterprise\BES Client\BESClient.exe
08:29:01.0280 3636 BESClient - ok
08:29:01.0326 3636 [ 574738F61FCA2935F5265DC4E5691314 ]
OWS\system32\qmgr.dll
08:29:01.0326 3636 BITS - ok
08:29:01.0389 3636 [ CFD4E51402DA9838B5A04AE680AF54A0 ]
OWS\System32\browser.dll
08:29:01.0405 3636 Browser - ok
08:29:01.0451 3636 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ]
OWS\system32\drivers\cbidf2k.sys
08:29:01.0451 3636 cbidf2k - ok
08:29:01.0498 3636 cd20xrnt - ok
08:29:01.0576 3636 [ C1B486A7658353D33A10CC15211A873B ]
OWS\system32\drivers\Cdaudio.sys
08:29:01.0576 3636 Cdaudio - ok
08:29:01.0639 3636 [ C885B02847F5D2FD45A24E219ED93B32 ]
OWS\system32\drivers\Cdfs.sys
08:29:01.0639 3636 Cdfs - ok
08:29:01.0701 3636 [ 1F4260CC5B42272D71F79E570A27A4FE ]
OWS\system32\DRIVERS\cdrom.sys
08:29:01.0701 3636 Cdrom - ok
08:29:01.0764 3636 Changer - ok
08:29:01.0858 3636 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ]
OWS\system32\cisvc.exe
08:29:01.0905 3636 CiSvc - ok
08:29:01.0967 3636 [ 34CBE729F38138217F9C80212A2A0C82 ]
OWS\system32\clipsrv.exe
08:29:01.0998 3636 ClipSrv - ok
08:29:02.0061 3636 [ D87ACAED61E417BBA546CED5E7E36D9C ]

AppMgmt

C:\WIND

aspnet_state

C:\WIND

AsyncMac

C:\WIND

atapi

C:\WIND

Atmarpc

C:\WIND

AudioSrv

C:\WIND

audstub

C:\WIND

Beep

C:\WIND

BESClient

C:\Prog

BITS

C:\WIND

Browser

C:\WIND

cbidf2k

C:\WIND

Cdaudio

C:\WIND

Cdfs

C:\WIND

Cdrom

C:\WIND

CiSvc

C:\WIND

ClipSrv

C:\WIND

clr_optimization_v2.0.5

0727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:29:02.0061 3636 clr_optimization_v2.0.50727_32 - ok
08:29:02.0108 3636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.3
0319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:29:02.0123 3636 clr_optimization_v4.0.30319_32 - ok
08:29:02.0139 3636 CmdIde - ok
08:29:02.0186 3636 COMSysApp - ok
08:29:02.0311 3636 Cpqarray - ok
08:29:02.0358 3636 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc
C:\WIND
OWS\System32\cryptsvc.dll
08:29:02.0358 3636 CryptSvc - ok
08:29:02.0373 3636 dac2w2k - ok
08:29:02.0389 3636 dac960nt - ok
08:29:02.0436 3636 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch
C:\WIND
OWS\system32\rpcss.dll
08:29:02.0436 3636 DcomLaunch - ok
08:29:02.0467 3636 [ B592AE8E6BF0F4A6E696B514D7D7008B ] DeepFrz
C:\WIND
OWS\system32\drivers\DeepFrz.sys
08:29:02.0483 3636 DeepFrz - ok
08:29:02.0483 3636 [ F9EF60B3DB03C4B8D7167D8DE5392F69 ] DfDiskLow
C:\WIND
OWS\system32\drivers\DfDiskLow.sys
08:29:02.0483 3636 DfDiskLow - ok
08:29:02.0514 3636 [ ADAAC9D42A5F8120D7F77147F773B76B ] DFFilter
C:\WIND
OWS\system32\drivers\DFFilter.sys
08:29:02.0514 3636 DFFilter - ok
08:29:02.0608 3636 [ 0E8BA855AE529B546683BCC0E3511318 ] DFServ
C:\Prog
ram Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
08:29:02.0608 3636 DFServ - ok
08:29:02.0639 3636 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp
C:\WIND
OWS\System32\dhcpcsvc.dll
08:29:02.0639 3636 Dhcp - ok
08:29:02.0655 3636 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk
C:\WIND
OWS\system32\DRIVERS\disk.sys
08:29:02.0655 3636 Disk - ok
08:29:02.0701 3636 [ A53723176D0002FEB486EFF8E17812F2 ] DLABMFSM
C:\WIND
OWS\system32\DLA\DLABMFSM.SYS
08:29:02.0733 3636 DLABMFSM - ok
08:29:02.0733 3636 [ D4587063ACEA776699251E177D719586 ] DLABOIOM
C:\WIND
OWS\system32\DLA\DLABOIOM.SYS
08:29:02.0748 3636 DLABOIOM - ok
08:29:02.0764 3636 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM
C:\WIND
OWS\system32\Drivers\DLACDBHM.SYS
08:29:02.0764 3636 DLACDBHM - ok
08:29:02.0780 3636 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6 ] DLADResM
C:\WIND
OWS\system32\DLA\DLADResM.SYS
08:29:02.0795 3636 DLADResM - ok
08:29:02.0811 3636 [ 24400137E387A24410C52A591F3CFB4D ] DLAIFS_M
C:\WIND
OWS\system32\DLA\DLAIFS_M.SYS
08:29:02.0858 3636 DLAIFS_M - ok
08:29:02.0873 3636 [ 29A303FECEB28641ECEBDAE89EB71C63 ] DLAOPIOM
C:\WIND
OWS\system32\DLA\DLAOPIOM.SYS
08:29:02.0905 3636 DLAOPIOM - ok
08:29:02.0905 3636 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] DLAPoolM
C:\WIND
OWS\system32\DLA\DLAPoolM.SYS
08:29:02.0920 3636 DLAPoolM - ok
08:29:02.0936 3636 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M
C:\WIND
OWS\system32\Drivers\DLARTL_M.SYS
08:29:02.0936 3636 DLARTL_M - ok
08:29:02.0952 3636 [ B953498C35A31E5AC98F49ADBCF3E627 ] DLAUDFAM
C:\WIND
OWS\system32\DLA\DLAUDFAM.SYS

08:29:02.0998 3636 DLAUDFAM - ok

08:29:02.0998 3636 [ 4897704C093C1F59CE58FC65E1E1EF1E
OWS\system32\DLA\DLAUDF_M.SYS
08:29:03.0045 3636 DLAUDF_M - ok
08:29:03.0061 3636 dmadmin - ok
08:29:03.0123 3636 [ D992FE1274BDE0F84AD826ACAE022A41
OWS\system32\drivers\dmboot.sys
08:29:03.0123 3636 dmboot - ok
08:29:03.0170 3636 [ 7C824CF7BBDE77D95C08005717A95F6F
OWS\system32\drivers\dmio.sys
08:29:03.0170 3636 dmio - ok
08:29:03.0186 3636 [ E9317282A63CA4D188C0DF5E09C6AC5F
OWS\system32\drivers\dmload.sys
08:29:03.0186 3636 dmload - ok
08:29:03.0217 3636 [ 57EDEC2E5F59F0335E92F35184BC8631
OWS\System32\dmserver.dll
08:29:03.0217 3636 dmserver - ok
08:29:03.0217 3636 [ 8A208DFCF89792A484E76C40E5F50B45
OWS\system32\drivers\DMusic.sys
08:29:03.0217 3636 DMusic - ok
08:29:03.0280 3636 [ 5F7E24FA9EAB896051FFB87F840730D2
OWS\System32\dnsrslvr.dll
08:29:03.0280 3636 Dnscache - ok
08:29:03.0327 3636 [ 0F0F6E687E5E15579EF4DA8DD6945814
OWS\System32\dot3svc.dll
08:29:03.0373 3636 Dot3svc - ok
08:29:03.0373 3636 dpti2o - ok
08:29:03.0420 3636 [ 8F5FCFF8E8848AFAC920905FBD9D33C8
OWS\system32\drivers\drmkaud.sys
08:29:03.0420 3636 drmkaud - ok
08:29:03.0452 3636 [ C00440385CF9F3D142917C63F989E244
OWS\system32\Drivers\DRVMCDB.SYS
08:29:03.0452 3636 DRVMCDB - ok
08:29:03.0452 3636 [ FFC371525AA55D1BAE18715EBCB8797C
OWS\system32\Drivers\DRVNDDM.SYS
08:29:03.0452 3636 DRVNDDM - ok
08:29:03.0483 3636 [ 00192F0C612591D585594E9467E6CA8B
OWS\system32\DRIVERS\e1e5132.sys
08:29:03.0498 3636 e1express - ok
08:29:03.0530 3636 [ 2187855A7703ADEF0CEF9EE4285182CC
OWS\System32\eapsvc.dll
08:29:03.0577 3636 EapHost - ok
08:29:03.0670 3636 [ BC93B4A066477954555966D77FEC9ECB
OWS\System32\ersvc.dll
08:29:03.0670 3636 ERSvc - ok
08:29:03.0717 3636 [ 65DF52F5B8B6E9BBD183505225C37315
OWS\system32\services.exe
08:29:03.0717 3636 Eventlog - ok
08:29:03.0748 3636 [ D4991D98F2DB73C60D042F1AEF79EFAE
OWS\system32\es.dll
08:29:03.0748 3636 EventSystem - ok
08:29:03.0795 3636 [ D99B8D74D8A6CB83703F23F823AC269F
OWS\system32\drivers\FarDisk.sys
08:29:03.0795 3636 FarDisk - ok
08:29:03.0827 3636 [ FFC294352ADE430912A6FAA5E0200755
OWS\system32\drivers\FarSpace.sys
08:29:03.0827 3636 FarSpace - ok
08:29:03.0858 3636 [ 38D332A6D56AF32635675F132548343E
OWS\system32\drivers\Fastfat.sys
08:29:03.0858 3636 Fastfat - ok

] DLAUDF_M

C:\WIND

] dmboot

C:\WIND

] dmio

C:\WIND

] dmload

C:\WIND

] dmserver

C:\WIND

] DMusic

C:\WIND

] Dnscache

C:\WIND

] Dot3svc

C:\WIND

] drmkaud

C:\WIND

] DRVMCDB

C:\WIND

] DRVNDDM

C:\WIND

] e1express

C:\WIND

] EapHost

C:\WIND

] ERSvc

C:\WIND

] Eventlog

C:\WIND

] EventSystem

C:\WIND

] FarDisk

C:\WIND

] FarSpace

C:\WIND

] Fastfat

C:\WIND

08:29:03.0889 3636 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompat

ibility C:\WINDOWS\System32\shsvcs.dll
08:29:03.0905 3636 FastUserSwitchingCompatibility - ok
08:29:03.0952 3636 [ 8CAB6B589F6610BF0E20780E153248C1 ] FCSAM
c:\Prog
ram Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
08:29:03.0952 3636 FCSAM - ok
08:29:03.0998 3636 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc
C:\WIND
OWS\system32\DRIVERS\fdc.sys
08:29:03.0998 3636 Fdc - ok
08:29:04.0045 3636 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips
C:\WIND
OWS\system32\drivers\Fips.sys
08:29:04.0045 3636 Fips - ok
08:29:04.0108 3636 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk
C:\WIND
OWS\system32\DRIVERS\flpydisk.sys
08:29:04.0108 3636 Flpydisk - ok
08:29:04.0202 3636 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr
C:\WIND
OWS\system32\drivers\fltmgr.sys
08:29:04.0202 3636 FltMgr - ok
08:29:04.0295 3636 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WIN
DOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:29:04.0311 3636 FontCache3.0.0.0 - ok
08:29:04.0358 3636 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec
C:\WIND
OWS\system32\drivers\Fs_Rec.sys
08:29:04.0358 3636 Fs_Rec - ok
08:29:04.0420 3636 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk
C:\WIND
OWS\system32\DRIVERS\ftdisk.sys
08:29:04.0420 3636 Ftdisk - ok
08:29:04.0514 3636 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc
C:\WIND
OWS\system32\DRIVERS\msgpc.sys
08:29:04.0514 3636 Gpc - ok
08:29:04.0561 3636 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus
C:\WIND
OWS\system32\DRIVERS\HDAudBus.sys
08:29:04.0561 3636 HDAudBus - ok
08:29:04.0623 3636 [ D0FC694DF051BC65946DB616F20D1168 ] HECI
C:\WIND
OWS\system32\DRIVERS\HECI.sys
08:29:04.0623 3636 HECI - ok
08:29:04.0733 3636 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc
C:\WIND
OWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:29:04.0733 3636 helpsvc - ok
08:29:04.0748 3636 HidServ - ok
08:29:04.0842 3636 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb
C:\WIND
OWS\system32\DRIVERS\hidusb.sys
08:29:04.0842 3636 HidUsb - ok
08:29:04.0905 3636 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc
C:\WIND
OWS\System32\kmsvc.dll
08:29:04.0967 3636 hkmsvc - ok
08:29:04.0983 3636 hpn - ok
08:29:05.0077 3636 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP
C:\WIND
OWS\system32\Drivers\HTTP.sys
08:29:05.0077 3636 HTTP - ok
08:29:05.0123 3636 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter
C:\WIND
OWS\System32\w3ssl.dll
08:29:05.0139 3636 HTTPFilter - ok
08:29:05.0186 3636 i2omgmt - ok
08:29:05.0248 3636 i2omp - ok
08:29:05.0342 3636 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt
C:\WIND
OWS\system32\DRIVERS\i8042prt.sys
08:29:05.0342 3636 i8042prt - ok
08:29:05.0436 3636 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm
C:\WIND
OWS\system32\DRIVERS\igxpmp32.sys

08:29:05.0467 3636 ialm - ok

08:29:05.0608 3636 [ 6F95324909B502E2651442C1548AB12F ] IDriverT
C:\Prog
ram Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT
.exe
08:29:05.0670 3636 IDriverT - ok
08:29:05.0764 3636 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc
c:\WIND
OWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:29:05.0936 3636 idsvc - ok
08:29:05.0983 3636 [ F67554DA27D5B55EFCB6C7CB4818FBFD ] IFXTPM
C:\WIND
OWS\system32\DRIVERS\IFXTPM.SYS
08:29:05.0983 3636 IFXTPM - ok
08:29:06.0061 3636 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi
C:\WIND
OWS\system32\DRIVERS\imapi.sys
08:29:06.0061 3636 Imapi - ok
08:29:06.0139 3636 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService
C:\WIND
OWS\system32\imapi.exe
08:29:06.0155 3636 ImapiService - ok
08:29:06.0248 3636 ini910u - ok
08:29:06.0436 3636 [ 6D6B57808C923A4D79CC8F47307753C9 ] IntcAzAudAddService C:\
WINDOWS\system32\drivers\RtkHDAud.sys
08:29:06.0452 3636 IntcAzAudAddService - ok
08:29:06.0467 3636 IntelIde - ok
08:29:06.0545 3636 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm
C:\WIND
OWS\system32\DRIVERS\intelppm.sys
08:29:06.0545 3636 intelppm - ok
08:29:06.0623 3636 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw
C:\WIND
OWS\system32\drivers\ip6fw.sys
08:29:06.0623 3636 Ip6Fw - ok
08:29:06.0686 3636 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WIND
OWS\system32\DRIVERS\ipfltdrv.sys
08:29:06.0686 3636 IpFilterDriver - ok
08:29:06.0764 3636 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp
C:\WIND
OWS\system32\DRIVERS\ipinip.sys
08:29:06.0764 3636 IpInIp - ok
08:29:06.0827 3636 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat
C:\WIND
OWS\system32\DRIVERS\ipnat.sys
08:29:06.0827 3636 IpNat - ok
08:29:06.0889 3636 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec
C:\WIND
OWS\system32\DRIVERS\ipsec.sys
08:29:06.0889 3636 IPSec - ok
08:29:06.0967 3636 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM
C:\WIND
OWS\system32\DRIVERS\irenum.sys
08:29:06.0967 3636 IRENUM - ok
08:29:07.0108 3636 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp
C:\WIND
OWS\system32\DRIVERS\isapnp.sys
08:29:07.0108 3636 isapnp - ok
08:29:07.0233 3636 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService
C:\Program Files\Java\jre7\bin\jqs.exe
08:29:07.0233 3636 JavaQuickStarterService - ok
08:29:07.0264 3636 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass
C:\WIND
OWS\system32\DRIVERS\kbdclass.sys
08:29:07.0264 3636 Kbdclass - ok
08:29:07.0311 3636 [ 692BCF44383D056AED41B045A323D378 ] kmixer
C:\WIND
OWS\system32\drivers\kmixer.sys
08:29:07.0327 3636 kmixer - ok
08:29:07.0405 3636 [ B467646C54CC746128904E1654C750C1 ] KSecDD
C:\WIND
OWS\system32\drivers\KSecDD.sys
08:29:07.0405 3636 KSecDD - ok
08:29:07.0467 3636 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver
C:\WIND
OWS\System32\srvsvc.dll

08:29:07.0467 3636 lanmanserver - ok

08:29:07.0530 3636 [ A8888A5327621856C0CEC4E385F69309 ]
NDOWS\System32\wkssvc.dll
08:29:07.0530 3636 lanmanworkstation - ok
08:29:07.0577 3636 lbrtfdc - ok
08:29:07.0733 3636 [ 793FF718477345CD5D232C50BED1E452 ]
rogram Files\Common Files\LightScribe\LSSrvc.exe
08:29:07.0733 3636 LightScribeService - ok
08:29:07.0842 3636 [ A7DB739AE99A796D91580147E919CC59 ]
OWS\System32\lmhsvc.dll
08:29:07.0858 3636 LmHosts - ok
08:29:07.0905 3636 mchInjDrv - ok
08:29:08.0030 3636 [ 11F714F85530A2BD134074DC30E99FCA ]
ram Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
08:29:08.0030 3636 MDM - ok
08:29:08.0077 3636 [ 986B1FF5814366D71E0AC5755C88F2D3 ]
OWS\System32\msgsvc.dll
08:29:08.0092 3636 Messenger - ok
08:29:08.0139 3636 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ]
OWS\system32\drivers\mnmdd.sys
08:29:08.0139 3636 mnmdd - ok
08:29:08.0186 3636 [ D18F1F0C101D06A1C1ADF26EED16FCDD ]
OWS\system32\mnmsrvc.exe
08:29:08.0248 3636 mnmsrvc - ok
08:29:08.0327 3636 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ]
OWS\system32\drivers\Modem.sys
08:29:08.0327 3636 Modem - ok
08:29:08.0373 3636 [ 35C9E97194C8CFB8430125F8DBC34D04 ]
OWS\system32\DRIVERS\mouclass.sys
08:29:08.0373 3636 Mouclass - ok
08:29:08.0483 3636 [ B1C303E17FB9D46E87A98E4BA6769685 ]
OWS\system32\DRIVERS\mouhid.sys
08:29:08.0483 3636 mouhid - ok
08:29:08.0561 3636 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ]
OWS\system32\drivers\MountMgr.sys
08:29:08.0561 3636 MountMgr - ok
08:29:08.0623 3636 [ 356842AAC621AB40F18992C01A590F71 ]
OWS\system32\DRIVERS\MpFilter.sys
08:29:08.0623 3636 MpFilter - ok
08:29:08.0670 3636 mraid35x - ok
08:29:08.0733 3636 [ 11D42BB6206F33FBB3BA0288D3EF81BD ]
OWS\system32\DRIVERS\mrxdav.sys
08:29:08.0748 3636 MRxDAV - ok
08:29:08.0827 3636 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ]
OWS\system32\DRIVERS\mrxsmb.sys
08:29:08.0827 3636 MRxSmb - ok
08:29:08.0905 3636 [ A137F1470499A205ABBB9AAFB3B6F2B1 ]
OWS\system32\msdtc.exe
08:29:08.0920 3636 MSDTC - ok
08:29:08.0998 3636 [ C941EA2454BA8350021D774DAF0F1027 ]
OWS\system32\drivers\Msfs.sys
08:29:08.0998 3636 Msfs - ok
08:29:09.0030 3636 MSIServer - ok
08:29:09.0108 3636 [ D1575E71568F4D9E14CA56B7B0453BF1 ]
OWS\system32\drivers\MSKSSRV.sys
08:29:09.0108 3636 MSKSSRV - ok
08:29:09.0170 3636 [ 325BB26842FC7CCC1FCCE2C457317F3E ]
OWS\system32\drivers\MSPCLOCK.sys
08:29:09.0170 3636 MSPCLOCK - ok
08:29:09.0217 3636 [ BAD59648BA099DA4A17680B39730CB3D ]

lanmanworkstation C:\WI

LightScribeService C:\P
LmHosts

C:\WIND

MDM

C:\Prog

Messenger

C:\WIND

mnmdd

C:\WIND

mnmsrvc

C:\WIND

Modem

C:\WIND

Mouclass

C:\WIND

mouhid

C:\WIND

MountMgr

C:\WIND

MpFilter

C:\WIND

MRxDAV

C:\WIND

MRxSmb

C:\WIND

MSDTC

C:\WIND

Msfs

C:\WIND

MSKSSRV

C:\WIND

MSPCLOCK

C:\WIND

MSPQM

C:\WIND

OWS\system32\drivers\MSPQM.sys
08:29:09.0217 3636 MSPQM - ok
08:29:09.0311 3636 [ AF5F4F3F14A8EA2C26DE30F7A1E17136
OWS\system32\DRIVERS\mssmbios.sys
08:29:09.0311 3636 mssmbios - ok
08:29:09.0389 3636 [ DE6A75F5C270E756C5508D94B6CF68F5
OWS\system32\drivers\Mup.sys
08:29:09.0389 3636 Mup - ok
08:29:09.0436 3636 [ 1E59AAED42A5E3A5ED86EC403F9C0776
OWS\system32\Drivers\iqvw32.sys
08:29:09.0436 3636 NAL - ok
08:29:09.0514 3636 [ 0102140028FAD045756796E1C685D695
OWS\System32\qagentrt.dll
08:29:09.0577 3636 napagent - ok
08:29:09.0608 3636 [ 1DF7F42665C94B825322FAE71721130D
OWS\system32\drivers\NDIS.sys
08:29:09.0608 3636 NDIS - ok
08:29:09.0717 3636 [ 0109C4F3850DFBAB279542515386AE22
OWS\system32\DRIVERS\ndistapi.sys
08:29:09.0717 3636 NdisTapi - ok
08:29:09.0748 3636 [ F927A4434C5028758A842943EF1A3849
OWS\system32\DRIVERS\ndisuio.sys
08:29:09.0748 3636 Ndisuio - ok
08:29:09.0795 3636 [ EDC1531A49C80614B2CFDA43CA8659AB
OWS\system32\DRIVERS\ndiswan.sys
08:29:09.0795 3636 NdisWan - ok
08:29:09.0873 3636 [ 9282BD12DFB069D3889EB3FCC1000A9B
OWS\system32\drivers\NDProxy.sys
08:29:09.0873 3636 NDProxy - ok
08:29:09.0936 3636 [ 5D81CF9A2F1A3A756B66CF684911CDF0
OWS\system32\DRIVERS\netbios.sys
08:29:09.0936 3636 NetBIOS - ok
08:29:09.0983 3636 [ 74B2B2F5BEA5E9A3DC021D685551BD3D
OWS\system32\DRIVERS\netbt.sys
08:29:09.0983 3636 NetBT - ok
08:29:10.0092 3636 [ B857BA82860D7FF85AE29B095645563B
OWS\system32\netdde.exe
08:29:10.0155 3636 NetDDE - ok
08:29:10.0186 3636 [ B857BA82860D7FF85AE29B095645563B
OWS\system32\netdde.exe
08:29:10.0186 3636 NetDDEdsdm - ok
08:29:10.0264 3636 [ BF2466B3E18E970D8A976FB95FC1CA85
OWS\system32\lsass.exe
08:29:10.0264 3636 Netlogon - ok
08:29:10.0342 3636 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE
OWS\System32\netman.dll
08:29:10.0342 3636 Netman - ok
08:29:10.0436 3636 [ D22CD77D4F0D63D1169BB35911BFF12D
NDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:29:10.0483 3636 NetTcpPortSharing - ok
08:29:10.0514 3636 [ 943337D786A56729263071623BBB9DE5
OWS\System32\mswsock.dll
08:29:10.0530 3636 Nla - ok
08:29:10.0639 3636 [ 3182D64AE053D6FB034F44B6DEF8034A
OWS\system32\drivers\Npfs.sys
08:29:10.0639 3636 Npfs - ok
08:29:10.0686 3636 [ 78A08DD6A8D65E697C18E1DB01C5CDCA
OWS\system32\drivers\Ntfs.sys
08:29:10.0686 3636 Ntfs - ok
08:29:10.0748 3636 [ BF2466B3E18E970D8A976FB95FC1CA85

] mssmbios

C:\WIND

] Mup

C:\WIND

] NAL

C:\WIND

] napagent

C:\WIND

] NDIS

C:\WIND

] NdisTapi

C:\WIND

] Ndisuio

C:\WIND

] NdisWan

C:\WIND

] NDProxy

C:\WIND

] NetBIOS

C:\WIND

] NetBT

C:\WIND

] NetDDE

C:\WIND

] NetDDEdsdm

C:\WIND

] Netlogon

C:\WIND

] Netman

C:\WIND

] NetTcpPortSharing c:\WI
] Nla

C:\WIND

] Npfs

C:\WIND

] Ntfs

C:\WIND

] NtLmSsp

C:\WIND

OWS\system32\lsass.exe
08:29:10.0748 3636 NtLmSsp - ok
08:29:10.0858 3636 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc
C:\WIND
OWS\system32\ntmssvc.dll
08:29:10.0905 3636 NtmsSvc - ok
08:29:10.0936 3636 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null
C:\WIND
OWS\system32\drivers\Null.sys
08:29:10.0936 3636 Null - ok
08:29:11.0030 3636 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt
C:\WIND
OWS\system32\DRIVERS\nwlnkflt.sys
08:29:11.0030 3636 NwlnkFlt - ok
08:29:11.0061 3636 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd
C:\WIND
OWS\system32\DRIVERS\nwlnkfwd.sys
08:29:11.0061 3636 NwlnkFwd - ok
08:29:11.0217 3636 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv
C:\Prog
ram Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:29:11.0327 3636 odserv - ok
08:29:11.0358 3636 [ 5A432A042DAE460ABE7199B758E8606C ] ose
C:\Prog
ram Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:29:11.0452 3636 ose - ok
08:29:11.0514 3636 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport
C:\WIND
OWS\system32\DRIVERS\parport.sys
08:29:11.0514 3636 Parport - ok
08:29:11.0561 3636 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr
C:\WIND
OWS\system32\drivers\PartMgr.sys
08:29:11.0561 3636 PartMgr - ok
08:29:11.0655 3636 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm
C:\WIND
OWS\system32\drivers\ParVdm.sys
08:29:11.0655 3636 ParVdm - ok
08:29:11.0702 3636 [ A219903CCF74233761D92BEF471A07B1 ] PCI
C:\WIND
OWS\system32\DRIVERS\pci.sys
08:29:11.0702 3636 PCI - ok
08:29:11.0764 3636 PCIDump - ok
08:29:11.0827 3636 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde
C:\WIND
OWS\system32\DRIVERS\pciide.sys
08:29:11.0827 3636 PCIIde - ok
08:29:11.0889 3636 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia
C:\WIND
OWS\system32\drivers\Pcmcia.sys
08:29:11.0889 3636 Pcmcia - ok
08:29:11.0952 3636 PDCOMP - ok
08:29:12.0014 3636 PDFRAME - ok
08:29:12.0077 3636 PDRELI - ok
08:29:12.0139 3636 PDRFRAME - ok
08:29:12.0170 3636 perc2 - ok
08:29:12.0248 3636 perc2hib - ok
08:29:12.0467 3636 [ 3C86141E8B85694A8A23BFC6DAF46E1E ] Pharos Systems ComTaskM
aster C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
08:29:12.0467 3636 Pharos Systems ComTaskMaster - ok
08:29:12.0483 3636 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay
C:\WIND
OWS\system32\services.exe
08:29:12.0483 3636 PlugPlay - ok
08:29:12.0530 3636 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent
C:\WIND
OWS\system32\lsass.exe
08:29:12.0545 3636 PolicyAgent - ok
08:29:12.0624 3636 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport
C:\WIND
OWS\system32\DRIVERS\raspptp.sys
08:29:12.0624 3636 PptpMiniport - ok
08:29:12.0670 3636 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WIN
DOWS\system32\lsass.exe
08:29:12.0670 3636 ProtectedStorage - ok

08:29:12.0733 3636 [ 09298EC810B07E5D582CB3A3F9255424

OWS\system32\DRIVERS\psched.sys
08:29:12.0733 3636 PSched - ok
08:29:12.0858 3636 [ 944E5ED817CCFA3E21261AC424F8FB84
PROGRA~1\Pharos\Bin\DistAgnt.exe
08:29:12.0858 3636 PSDistributionAgent - ok
08:29:12.0889 3636 [ 80D317BD1C3DBC5D4FE7B1678C60CADD
OWS\system32\DRIVERS\ptilink.sys
08:29:12.0889 3636 Ptilink - ok
08:29:12.0952 3636 [ FEFFCFDC528764A04C8ED63D5FA6E711
OWS\system32\Drivers\PxHelp20.sys
08:29:12.0952 3636 PxHelp20 - ok
08:29:12.0999 3636 ql1080 - ok
08:29:13.0061 3636 Ql10wnt - ok
08:29:13.0124 3636 ql12160 - ok
08:29:13.0155 3636 ql1240 - ok
08:29:13.0217 3636 ql1280 - ok
08:29:13.0295 3636 [ FE0D99D6F31E4FAD8159F690D68DED9C
OWS\system32\DRIVERS\rasacd.sys
08:29:13.0295 3636 RasAcd - ok
08:29:13.0389 3636 [ AD188BE7BDF94E8DF4CA0A55C00A5073
OWS\System32\rasauto.dll
08:29:13.0420 3636 RasAuto - ok
08:29:13.0483 3636 [ 11B4A627BC9614B885C4969BFA5FF8A6
OWS\system32\DRIVERS\rasl2tp.sys
08:29:13.0483 3636 Rasl2tp - ok
08:29:13.0545 3636 [ 76A9A3CBEADD68CC57CDA5E1D7448235
OWS\System32\rasmans.dll
08:29:13.0545 3636 RasMan - ok
08:29:13.0561 3636 [ 5BC962F2654137C9909C3D4603587DEE
OWS\system32\DRIVERS\raspppoe.sys
08:29:13.0561 3636 RasPppoe - ok
08:29:13.0624 3636 [ FDBB1D60066FCFBB7452FD8F9829B242
OWS\system32\DRIVERS\raspti.sys
08:29:13.0624 3636 Raspti - ok
08:29:13.0686 3636 [ 7AD224AD1A1437FE28D89CF22B17780A
OWS\system32\DRIVERS\rdbss.sys
08:29:13.0686 3636 Rdbss - ok
08:29:13.0764 3636 [ 4912D5B403614CE99C28420F75353332
OWS\system32\DRIVERS\RDPCDD.sys
08:29:13.0764 3636 RDPCDD - ok
08:29:13.0827 3636 [ 15CABD0F7C00C47C70124907916AF3F1
OWS\system32\DRIVERS\rdpdr.sys
08:29:13.0827 3636 rdpdr - ok
08:29:13.0967 3636 [ 43AF5212BD8FB5BA6EED9754358BD8F7
OWS\system32\drivers\RDPWD.sys
08:29:13.0967 3636 RDPWD - ok
08:29:13.0999 3636 [ 3C37BF86641BDA977C3BF8A840F3B7FA
OWS\system32\sessmgr.exe
08:29:14.0108 3636 RDSessMgr - ok
08:29:14.0170 3636 [ F828DD7E1419B6653894A8F97A0094C5
OWS\system32\DRIVERS\redbook.sys
08:29:14.0170 3636 redbook - ok
08:29:14.0264 3636 [ 7E699FF5F59B5D9DE5390E3C34C67CF5
OWS\System32\mprdim.dll
08:29:14.0295 3636 RemoteAccess - ok
08:29:14.0358 3636 [ 5B19B557B0C188210A56A6B699D90B8F
OWS\system32\regsvc.dll
08:29:14.0358 3636 RemoteRegistry - ok
08:29:14.0561 3636 [ AD1411A7EA50F2F97A73A3F51153066E

] PSched

C:\WIND

] PSDistributionAgent C:\
] Ptilink

C:\WIND

] PxHelp20

C:\WIND

] RasAcd

C:\WIND

] RasAuto

C:\WIND

] Rasl2tp

C:\WIND

] RasMan

C:\WIND

] RasPppoe

C:\WIND

] Raspti

C:\WIND

] Rdbss

C:\WIND

] RDPCDD

C:\WIND

] rdpdr

C:\WIND

] RDPWD

C:\WIND

] RDSessMgr

C:\WIND

] redbook

C:\WIND

] RemoteAccess

C:\WIND

] RemoteRegistry C:\WIND
] RoxMediaDB9

C:\Prog

ram Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

08:29:14.0592 3636 RoxMediaDB9 - ok
08:29:14.0624 3636 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator
C:\WIND
OWS\system32\locator.exe
08:29:14.0670 3636 RpcLocator - ok
08:29:14.0702 3636 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs
C:\WIND
OWS\system32\rpcss.dll
08:29:14.0702 3636 RpcSs - ok
08:29:14.0811 3636 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP
C:\WIND
OWS\system32\rsvp.exe
08:29:14.0858 3636 RSVP - ok
08:29:14.0889 3636 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs
C:\WIND
OWS\system32\lsass.exe
08:29:14.0889 3636 SamSs - ok
08:29:14.0952 3636 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr
C:\WIND
OWS\System32\SCardSvr.exe
08:29:14.0999 3636 SCardSvr - ok
08:29:15.0030 3636 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule
C:\WIND
OWS\system32\schedsvc.dll
08:29:15.0077 3636 Schedule - ok
08:29:15.0170 3636 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv
C:\WIND
OWS\system32\DRIVERS\secdrv.sys
08:29:15.0170 3636 Secdrv - ok
08:29:15.0217 3636 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon
C:\WIND
OWS\System32\seclogon.dll
08:29:15.0217 3636 seclogon - ok
08:29:15.0280 3636 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS
C:\WIND
OWS\system32\sens.dll
08:29:15.0280 3636 SENS - ok
08:29:15.0374 3636 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum
C:\WIND
OWS\system32\DRIVERS\serenum.sys
08:29:15.0374 3636 serenum - ok
08:29:15.0405 3636 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial
C:\WIND
OWS\system32\DRIVERS\serial.sys
08:29:15.0405 3636 Serial - ok
08:29:15.0655 3636 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy
C:\WIND
OWS\system32\drivers\Sfloppy.sys
08:29:15.0655 3636 Sfloppy - ok
08:29:15.0733 3636 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess
C:\WIND
OWS\System32\ipnathlp.dll
08:29:15.0733 3636 SharedAccess - ok
08:29:15.0780 3636 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WIN
DOWS\System32\shsvcs.dll
08:29:15.0780 3636 ShellHWDetection - ok
08:29:15.0827 3636 Simbad - ok
08:29:15.0983 3636 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP
C:\WIND
OWS\System32\snmp.exe
08:29:15.0983 3636 SNMP - ok
08:29:16.0061 3636 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP
C:\WIND
OWS\System32\snmptrap.exe
08:29:16.0170 3636 SNMPTRAP - ok
08:29:16.0170 3636 Sparrow - ok
08:29:16.0295 3636 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter
C:\WIND
OWS\system32\drivers\splitter.sys
08:29:16.0295 3636 splitter - ok
08:29:16.0358 3636 [ 60784F891563FB1B767F70117FC2428F ] Spooler
C:\WIND
OWS\system32\spoolsv.exe
08:29:16.0358 3636 Spooler - ok
08:29:16.0405 3636 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr
C:\WIND
OWS\system32\DRIVERS\sr.sys

08:29:16.0405 3636 sr - ok
08:29:16.0499 3636 [ 3805DF0AC4296A34BA4BF93B346CC378
OWS\system32\srsvc.dll
08:29:16.0499 3636 srservice - ok
08:29:16.0545 3636 [ 47DDFC2F003F7F9F0592C6874962A2E7
OWS\system32\DRIVERS\srv.sys
08:29:16.0545 3636 Srv - ok
08:29:16.0624 3636 [ 0A5679B3714EDAB99E357057EE88FCA6
OWS\System32\ssdpsrv.dll
08:29:16.0655 3636 SSDPSRV - ok
08:29:16.0702 3636 [ 8BAD69CBAC032D4BBACFCE0306174C30
OWS\system32\wiaservc.dll
08:29:16.0702 3636 stisvc - ok
08:29:16.0795 3636 [ B254B1434208F280EDF3785613DCC41B
ram Files\Common Files\SureThing Shared\stllssvr.exe
08:29:16.0858 3636 stllssvr - ok
08:29:16.0905 3636 [ 3941D127AEF12E93ADDF6FE6EE027E0F
OWS\system32\DRIVERS\swenum.sys
08:29:16.0905 3636 swenum - ok
08:29:16.0983 3636 [ 8CE882BCC6CF8A62F2B2323D95CB3D01
OWS\system32\drivers\swmidi.sys
08:29:16.0983 3636 swmidi - ok
08:29:17.0014 3636 SwPrv - ok
08:29:17.0124 3636 symc810 - ok
08:29:17.0186 3636 symc8xx - ok
08:29:17.0249 3636 sym_hi - ok
08:29:17.0311 3636 sym_u3 - ok
08:29:17.0374 3636 [ 8B83F3ED0F1688B4958F77CD6D2BF290
OWS\system32\drivers\sysaudio.sys
08:29:17.0374 3636 sysaudio - ok
08:29:17.0452 3636 [ C7ABBC59B43274B1109DF6B24D617051
OWS\system32\smlogsvc.exe
08:29:17.0499 3636 SysmonLog - ok
08:29:17.0561 3636 [ 3CB78C17BB664637787C9A1C98F79C38
OWS\System32\tapisrv.dll
08:29:17.0577 3636 TapiSrv - ok
08:29:17.0639 3636 [ 9AEFA14BD6B182D61E3119FA5F436D3D
OWS\system32\DRIVERS\tcpip.sys
08:29:17.0639 3636 Tcpip - ok
08:29:17.0702 3636 [ 6471A66807F5E104E4885F5B67349397
OWS\system32\drivers\TDPIPE.sys
08:29:17.0702 3636 TDPIPE - ok
08:29:17.0780 3636 [ C56B6D0402371CF3700EB322EF3AAF61
OWS\system32\drivers\TDTCP.sys
08:29:17.0780 3636 TDTCP - ok
08:29:17.0842 3636 [ 88155247177638048422893737429D9E
OWS\system32\DRIVERS\termdd.sys
08:29:17.0842 3636 TermDD - ok
08:29:17.0920 3636 [ FF3477C03BE7201C294C35F684B3479F
OWS\System32\termsrv.dll
08:29:17.0920 3636 TermService - ok
08:29:17.0952 3636 [ 99BC0B50F511924348BE19C7C7313BBF
OWS\System32\shsvcs.dll
08:29:17.0952 3636 Themes - ok
08:29:18.0061 3636 [ DB7205804759FF62C34E3EFD8A4CC76A
OWS\system32\tlntsvr.exe
08:29:18.0092 3636 TlntSvr - ok
08:29:18.0108 3636 TosIde - ok
08:29:18.0217 3636 [ 55BCA12F7F523D35CA3CB833C725F54E
OWS\system32\trkwks.dll

] srservice

C:\WIND

] Srv

C:\WIND

] SSDPSRV

C:\WIND

] stisvc

C:\WIND

] stllssvr

C:\Prog

] swenum

C:\WIND

] swmidi

C:\WIND

] sysaudio

C:\WIND

] SysmonLog

C:\WIND

] TapiSrv

C:\WIND

] Tcpip

C:\WIND

] TDPIPE

C:\WIND

] TDTCP

C:\WIND

] TermDD

C:\WIND

] TermService

C:\WIND

] Themes

C:\WIND

] TlntSvr

C:\WIND

] TrkWks

C:\WIND

08:29:18.0233 3636 TrkWks - ok

08:29:18.0327 3636 [ 5787B80C2E3C5E2F56C2A233D91FA2C9
OWS\system32\drivers\Udfs.sys
08:29:18.0327 3636 Udfs - ok
08:29:18.0358 3636 ultra - ok
08:29:18.0452 3636 [ 402DDC88356B1BAC0EE3DD1580C76A31
OWS\system32\DRIVERS\update.sys
08:29:18.0452 3636 Update - ok
08:29:18.0530 3636 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91
OWS\System32\upnphost.dll
08:29:18.0577 3636 upnphost - ok
08:29:18.0655 3636 [ 05365FB38FCA1E98F7A566AAAF5D1815
OWS\System32\ups.exe
08:29:18.0717 3636 UPS - ok
08:29:18.0749 3636 [ 65DCF09D0E37D4C6B11B5B0B76D470A7
OWS\system32\DRIVERS\usbehci.sys
08:29:18.0749 3636 usbehci - ok
08:29:18.0827 3636 [ 1AB3CDDE553B6E064D2E754EFE20285C
OWS\system32\DRIVERS\usbhub.sys
08:29:18.0827 3636 usbhub - ok
08:29:18.0889 3636 [ A0B8CF9DEB1184FBDD20784A58FA75D4
OWS\system32\DRIVERS\usbscan.sys
08:29:18.0905 3636 usbscan - ok
08:29:18.0967 3636 [ A32426D9B14A089EAA1D922E0C5801A9
OWS\system32\DRIVERS\USBSTOR.SYS
08:29:18.0983 3636 USBSTOR - ok
08:29:19.0030 3636 [ 26496F9DEE2D787FC3E61AD54821FFE6
OWS\system32\DRIVERS\usbuhci.sys
08:29:19.0030 3636 usbuhci - ok
08:29:19.0092 3636 [ 0D3A8FAFCEACD8B7625CD549757A7DF1
OWS\System32\drivers\vga.sys
08:29:19.0092 3636 VgaSave - ok
08:29:19.0139 3636 ViaIde - ok
08:29:19.0202 3636 [ 3B8F222B23917C041E4DA29CCC57E7D0
OWS\system32\DRIVERS\vncmirror.sys
08:29:19.0202 3636 vncmirror - ok
08:29:19.0295 3636 [ 4C8FCB5CC53AAB716D810740FE59D025
OWS\system32\drivers\VolSnap.sys
08:29:19.0295 3636 VolSnap - ok
08:29:19.0374 3636 [ 7A9DB3A67C333BF0BD42E42B8596854B
OWS\System32\vssvc.exe
08:29:19.0452 3636 VSS - ok
08:29:19.0499 3636 [ 54AF4B1D5459500EF0937F6D33B1914F
OWS\system32\w32time.dll
08:29:19.0499 3636 W32Time - ok
08:29:19.0577 3636 [ E20B95BAEDB550F32DD489265C1DA1F6
OWS\system32\DRIVERS\wanarp.sys
08:29:19.0577 3636 Wanarp - ok
08:29:19.0608 3636 WDICA - ok
08:29:19.0655 3636 [ 6768ACF64B18196494413695F0C3A00F
OWS\system32\drivers\wdmaud.sys
08:29:19.0655 3636 wdmaud - ok
08:29:19.0733 3636 [ 77A354E28153AD2D5E120A5A8687BC06
OWS\System32\webclnt.dll
08:29:19.0733 3636 WebClient - ok
08:29:19.0905 3636 [ 2D0E4ED081963804CCC196A0929275B5
OWS\system32\wbem\WMIsvc.dll
08:29:19.0905 3636 winmgmt - ok
08:29:20.0092 3636 [ 87CF6C1600962D6571FB639EABE11F4F
ram Files\RealVNC\VNC4\WinVNC4.exe

] Udfs

C:\WIND

] Update

C:\WIND

] upnphost

C:\WIND

] UPS

C:\WIND

] usbehci

C:\WIND

] usbhub

C:\WIND

] usbscan

C:\WIND

] USBSTOR

C:\WIND

] usbuhci

C:\WIND

] VgaSave

C:\WIND

] vncmirror

C:\WIND

] VolSnap

C:\WIND

] VSS

C:\WIND

] W32Time

C:\WIND

] Wanarp

C:\WIND

] wdmaud

C:\WIND

] WebClient

C:\WIND

] winmgmt

C:\WIND

] WinVNC4

C:\Prog

08:29:20.0124 3636 WinVNC4 - ok

08:29:20.0217 3636 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN
C:\WIND
OWS\system32\MsPMSNSv.dll
08:29:20.0249 3636 WmdmPmSN - ok
08:29:20.0295 3636 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi
C:\WIND
OWS\System32\advapi32.dll
08:29:20.0295 3636 Wmi - ok
08:29:20.0389 3636 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi
C:\WIND
OWS\system32\DRIVERS\wmiacpi.sys
08:29:20.0389 3636 WmiAcpi - ok
08:29:20.0514 3636 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv
C:\WIND
OWS\system32\wbem\wmiapsrv.exe
08:29:20.0561 3636 WmiApSrv - ok
08:29:20.0670 3636 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Prog
ram Files\Windows Media Player\WMPNetwk.exe
08:29:21.0014 3636 WMPNetworkSvc - ok
08:29:21.0061 3636 [ C214DD6D6905F01FE3E0A2C334E2244E ] WNTHW
C:\WIND
OWS\system32\DRIVERS\WNTHW.SYS
08:29:21.0061 3636 WNTHW - ok
08:29:21.0186 3636 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\W
INDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:29:21.0233 3636 WPFFontCache_v0400 - ok
08:29:21.0327 3636 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc
C:\WIND
OWS\system32\wscsvc.dll
08:29:21.0327 3636 wscsvc - ok
08:29:21.0358 3636 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv
C:\WIND
OWS\system32\wuauserv.dll
08:29:21.0358 3636 wuauserv - ok
08:29:21.0436 3636 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf
C:\WIND
OWS\system32\DRIVERS\WudfPf.sys
08:29:21.0436 3636 WudfPf - ok
08:29:21.0452 3636 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd
C:\WIND
OWS\system32\DRIVERS\wudfrd.sys
08:29:21.0452 3636 WudfRd - ok
08:29:21.0561 3636 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc
C:\WIND
OWS\System32\WUDFSvc.dll
08:29:21.0592 3636 WudfSvc - ok
08:29:21.0639 3636 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC
C:\WIND
OWS\System32\wzcsvc.dll
08:29:21.0639 3636 WZCSVC - ok
08:29:21.0717 3636 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov
C:\WIND
OWS\System32\xmlprov.dll
08:29:21.0749 3636 xmlprov - ok
08:29:21.0764 3636 ================ Scan global ===============================
08:29:21.0827 3636 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\bas
esrv.dll
08:29:21.0874 3636 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\win
srv.dll
08:29:21.0889 3636 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\win
srv.dll
08:29:21.0952 3636 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\ser
vices.exe
08:29:21.0952 3636 [Global] - ok
08:29:21.0967 3636 ================ Scan MBR ==================================
08:29:22.0014 3636 [ A3444A72294B41BEE2DEF3F0FFC5DD45 ] \Device\Harddisk0\DR0
08:29:22.0014 3636 Suspicious mbr (Forged): \Device\Harddisk0\DR0
08:29:22.0045 3636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.a ) - infected
08:29:22.0045 3636 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.a (0)
08:29:22.0045 3636 ================ Scan VBR ==================================
08:29:22.0061 3636 [ 2C20B93DC5799D9D98C5D4CF9AF165CE ] \Device\Harddisk0\DR0\P

artition1
08:29:22.0061 3636
08:29:22.0108 3636
08:29:22.0108 3636
08:29:22.0108 3636
08:29:22.0233 3628
08:29:22.0233 3628
08:29:26.0046 3628
08:29:26.0280 3628
08:29:26.0436 3628
ured on reboot
08:29:26.0436 3628
08:29:26.0436 3628
ct action: Cure
08:29:31.0889 3308

\Device\Harddisk0\DR0\Partition1 - ok
============================================================
Scan finished
============================================================
Detected object count: 1
Actual detected object count: 1
\Device\Harddisk0\DR0\# - copied to quarantine
\Device\Harddisk0\DR0 - copied to quarantine
\Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.a ) - will be c
\Device\Harddisk0\DR0 - ok
\Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.a ) - User sele
Deinitialize success