12:11:20.0125 3376  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:11:21.0718 3376  ============================================================
12:11:21.0718 3376  Current date / time: 2012/12/17 12:11:21.0718
12:11:21.0718 3376  SystemInfo:
12:11:21.0718 3376
12:11:21.0718 3376  OS Version: 5.1.2600 ServicePack: 3.0
12:11:21.0718 3376  Product type: Workstation
12:11:21.0718 3376  ComputerName: PC
12:11:21.0734 3376  UserName: Administrator
12:11:21.0734 3376  Windows directory: C:\WINDOWS
12:11:21.0734 3376  System windows directory: C:\WINDOWS
12:11:21.0734 3376  Processor architecture: Intel x86
12:11:21.0734 3376  Number of processors: 2
12:11:21.0734 3376  Page size: 0x1000
12:11:21.0734 3376  Boot type: Normal boot
12:11:21.0734 3376  ============================================================
12:11:32.0796 3376  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:11:32.0796 3376  Drive \Device\Harddisk1\DR8 - Size: 0xFD000000 (3.95 Gb), SectorSize: 0x200, Cylinders: 0x204, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:11:32.0812 3376  ============================================================
12:11:32.0812 3376  \Device\Harddisk0\DR0:
12:11:32.0812 3376  MBR partitions:
12:11:32.0812 3376  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9640350
12:11:32.0828 3376  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96403CE, BlocksNum 0x1869E559
12:11:32.0843 3376  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21CDE966, BlocksNum 0x186A241A
12:11:32.0843 3376  \Device\Harddisk1\DR8:
12:11:32.0843 3376  MBR partitions:
12:11:32.0843 3376  \Device\Harddisk1\DR8\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1F3FC1
12:11:32.0843 3376  ============================================================
12:11:32.0906 3376  C: <-> \Device\Harddisk0\DR0\Partition1
12:11:32.0906 3376  ============================================================
12:11:32.0921 3376  Initialize success
12:11:32.0921 3376  ============================================================
12:11:54.0906 4064  ============================================================
12:11:54.0906 4064  Scan started
12:11:54.0906 4064  Mode: Manual;
12:11:54.0906 4064  ============================================================
12:11:56.0640 4064  ================ Scan system memory ========================
12:11:56.0640 4064  System memory - ok
12:11:56.0640 4064  ================ Scan services =============================
12:11:57.0640 4064  Abiosdsk - ok
12:11:57.0656 4064  abp480n5 - ok
12:11:57.0796 4064  [ 05118282F5D039595A2B92B4A4AFE197 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:11:58.0000 4064  ACPI - ok
12:11:58.0031 4064  [ 66A42B7DB194E24B973BBCCE840A0F3F ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:11:58.0171 4064  ACPIEC - ok
12:11:58.0218 4064  [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs            C:\WINDOWS\system32\drivers\adfs.sys
12:11:58.0218 4064  adfs - ok
12:11:58.0453 4064  [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
12:11:58.0640 4064  AdobeActiveFileMonitor10.0 - ok
12:11:58.0656 4064  adpu160m - ok
12:11:58.0750 4064  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:11:58.0765 4064  aec - ok
12:11:58.0859 4064  [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:11:59.0234 4064  AFD - ok
12:11:59.0265 4064  Aha154x - ok
12:11:59.0281 4064  aic78u2 - ok
12:11:59.0281 4064  aic78xx - ok
12:11:59.0296 4064  ALG - ok
12:11:59.0296 4064  AliIde - ok
12:11:59.0812 4064  [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
12:11:59.0828 4064  Ambfilt - ok
12:11:59.0843 4064  amsint - ok
12:11:59.0906 4064  [ 1561430DA2F2AB81CC0CE71AF95A778D ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:12:00.0000 4064  AppMgmt - ok
12:12:00.0000 4064  asc - ok
12:12:00.0015 4064  asc3350p - ok
12:12:00.0015 4064  asc3550 - ok
12:12:00.0218 4064  aspnet_state - ok
12:12:00.0281 4064  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:12:00.0281 4064  AsyncMac - ok
12:12:00.0343 4064  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:12:00.0343 4064  atapi - ok
12:12:00.0359 4064  Atdisk - ok
12:12:00.0390 4064  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:12:00.0390 4064  Atmarpc - ok
12:12:00.0421 4064  [ 3A28D3E7BAD0EED3810CD918B2525B54 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:12:00.0546 4064  AudioSrv - ok
12:12:00.0578 4064  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:12:00.0593 4064  audstub - ok
12:12:00.0656 4064  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:12:00.0687 4064  Beep - ok
12:12:00.0843 4064  [ 78200FAA6FD9C69394134C238C87FB7F ] BITS            C:\WINDOWS\system32\qmgr.dll
12:12:01.0390 4064  BITS - ok
12:12:01.0453 4064  [ B98ED6D85339A66A73F32FB569EB6C01 ] Browser         C:\WINDOWS\System32\browser.dll
12:12:01.0562 4064  Browser - ok
12:12:01.0593 4064  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:12:01.0593 4064  cbidf2k - ok
12:12:01.0593 4064  cd20xrnt - ok
12:12:01.0625 4064  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:12:01.0718 4064  Cdaudio - ok
12:12:01.0781 4064  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:12:01.0781 4064  Cdfs - ok
12:12:01.0843 4064  [ 15E3E2920ADAC7450E0C7AE5F23A5F53 ] cdrblock        C:\WINDOWS\system32\DRIVERS\cdrblock.sys
12:12:01.0843 4064  cdrblock - ok
12:12:01.0921 4064  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:12:01.0921 4064  Cdrom - ok
12:12:01.0921 4064  Changer - ok
12:12:01.0921 4064  ClipSrv - ok
12:12:02.0000 4064  CLPSLS - ok
12:12:02.0078 4064  clr_optimization_v2.0.50727_32 - ok
12:12:02.0078 4064  clr_optimization_v4.0.30319_32 - ok
12:12:02.0812 4064  [ 2A2D72271844C52F004901A60312B96A ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
12:12:03.0734 4064  cmdAgent - ok
12:12:03.0765 4064  [ 26F9E72754B2DBC53977E92B647A6ABA ] cmderd          C:\WINDOWS\system32\DRIVERS\cmderd.sys
12:12:03.0890 4064  cmderd - ok
12:12:04.0031 4064  [ 9181CC4D007ADBE21DB9A11BFECAFEF5 ] cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
12:12:04.0156 4064  cmdGuard - ok
12:12:04.0203 4064  [ C5A9FB50E8CA7FD99F256255FEE71580 ] cmdHlp          C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
12:12:04.0296 4064  cmdHlp - ok
12:12:04.0312 4064  CmdIde - ok
12:12:04.0312 4064  COMSysApp - ok
12:12:04.0312 4064  Cpqarray - ok
12:12:04.0375 4064  [ 6B105FE95F2E9F0B6346044BA59D41C9 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:12:04.0484 4064  CryptSvc - ok
12:12:04.0484 4064  cx__l1.sys - ok
12:12:04.0500 4064  dac2w2k - ok
12:12:04.0500 4064  dac960nt - ok
12:12:04.0640 4064  [ C9E5AC78D9A00B1DE8CE2AD1BDDE7E42 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:12:04.0656 4064  DcomLaunch - ok
12:12:04.0765 4064  [ 6B4AFE7C676CFF3EFF2DC06A4EE945F7 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:12:04.0890 4064  Dhcp - ok
12:12:04.0937 4064  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:12:04.0937 4064  Disk - ok
12:12:04.0953 4064  dmadmin - ok
12:12:05.0187 4064  [ BC9219ABC5696942E6F9AC8A9B28670F ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:12:05.0406 4064  dmboot - ok
12:12:05.0453 4064  [ 5FA232E3BA6E1346F9F5A7E519320CB0 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:12:05.0562 4064  dmio - ok
12:12:05.0578 4064  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:12:05.0703 4064  dmload - ok
12:12:05.0734 4064  [ D858920A05076914D34B0388E8D96CC0 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:12:05.0859 4064  dmserver - ok
12:12:05.0890 4064  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:12:05.0890 4064  DMusic - ok
12:12:05.0921 4064  [ 4CE42967710BEB87AE805D9DA7A87499 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:12:06.0015 4064  Dnscache - ok
12:12:06.0093 4064  [ E0B7D66CF29D9ADCCF873C77821CD4CA ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:12:06.0218 4064  Dot3svc - ok
12:12:06.0218 4064  dpti2o - ok
12:12:06.0250 4064  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:12:06.0250 4064  drmkaud - ok
12:12:06.0359 4064  [ C0C7CECCB6C85994C2BC92D58E52D3F2 ] dtsoftbus01     C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
12:12:06.0515 4064  dtsoftbus01 - ok
12:12:06.0515 4064  EagleXNt - ok
12:12:06.0562 4064  [ 5F256C1AD50FEFDC442CD5AAB58C7DD8 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:12:06.0656 4064  EapHost - ok
12:12:06.0718 4064  [ 8816E60BF654353E8E0D35ED98875445 ] Eventlog        C:\WINDOWS\system32\services.exe
12:12:07.0015 4064  Eventlog - ok
12:12:07.0125 4064  [ 5BB3E442E43C7BB0F38203F23C920D3C ] EventSystem     C:\WINDOWS\system32\es.dll
12:12:07.0265 4064  EventSystem - ok
12:12:07.0265 4064  EverestDriver - ok
12:12:07.0359 4064  [ 3EF58F2EAE3AECAB45D682152DB2F67D ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
12:12:07.0484 4064  exFat - ok
12:12:07.0578 4064  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:12:07.0578 4064  Fastfat - ok
12:12:07.0625 4064  [ 232D5719F86E05B7FE34F038D4FC84B2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:12:07.0890 4064  FastUserSwitchingCompatibility - ok
12:12:07.0953 4064  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:12:07.0953 4064  Fdc - ok
12:12:08.0015 4064  [ 09E2A4D33F81A06A8AAB2BA0A0B5D235 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:12:08.0109 4064  Fips - ok
12:12:08.0140 4064  FLEXnet Licensing Service - ok
12:12:08.0171 4064  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:12:08.0171 4064  Flpydisk - ok
12:12:08.0265 4064  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:12:08.0265 4064  FltMgr - ok
12:12:08.0343 4064  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:12:08.0343 4064  FontCache3.0.0.0 - ok
12:12:08.0375 4064  [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk     C:\WINDOWS\system32\FsUsbExDisk.SYS
12:12:08.0375 4064  FsUsbExDisk - ok
12:12:08.0453 4064  [ 0F6E118A0187AA563C3935170E7028A6 ] FsUsbExService  C:\WINDOWS\system32\FsUsbExService.Exe
12:12:08.0609 4064  FsUsbExService - ok
12:12:08.0656 4064  [ C865B83411D7347627A4BEEC22543FB1 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:12:08.0750 4064  Fs_Rec - ok
12:12:08.0812 4064  [ ED6D921D8AB423138FB35BEEE6D6A6CB ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:12:08.0937 4064  Ftdisk - ok
12:12:08.0937 4064  GEARAspiWDM - ok
12:12:09.0000 4064  [ 29C3D2A2398B980A73043FA3688E2F30 ] GenericMount    C:\WINDOWS\system32\DRIVERS\GenericMount.sys
12:12:09.0000 4064  GenericMount - ok
12:12:09.0109 4064  GenericMount Helper Service - ok
12:12:09.0140 4064  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:12:09.0156 4064  Gpc - ok
12:12:09.0203 4064  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
12:12:09.0203 4064  hamachi - ok
12:12:09.0718 4064  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
12:12:11.0375 4064  Hamachi2Svc - ok
12:12:11.0468 4064  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:12:11.0531 4064  HDAudBus - ok
12:12:11.0546 4064  HidServ - ok
12:12:11.0593 4064  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:12:11.0640 4064  hidusb - ok
12:12:11.0687 4064  [ F0273916DA6FB64CC88E0BD77619554F ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:12:11.0812 4064  hkmsvc - ok
12:12:11.0828 4064  hpn - ok
12:12:11.0937 4064  [ 937031C085718C1C04A9C0864625EC6B ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:12:11.0937 4064  HTTP - ok
12:12:11.0968 4064  [ AA268079AC119F3A596E5E27AEE4BD17 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:12:12.0109 4064  HTTPFilter - ok
12:12:12.0109 4064  i2omgmt - ok
12:12:12.0125 4064  i2omp - ok
12:12:12.0187 4064  [ 177B372AF55C4460D0968B5F1D02AA1C ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:12:12.0312 4064  i8042prt - ok
12:12:12.0406 4064  IDriverT - ok
12:12:12.0453 4064  idsvc - ok
12:12:12.0484 4064  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:12:12.0484 4064  Imapi - ok
12:12:12.0546 4064  Imapi Helper - ok
12:12:12.0578 4064  ini910u - ok
12:12:12.0625 4064  [ E1DF634BEC066B3D4FFE437BCB78C282 ] Inspect         C:\WINDOWS\system32\DRIVERS\inspect.sys
12:12:12.0703 4064  Inspect - ok
12:12:14.0906 4064  [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:12:15.0000 4064  IntcAzAudAddService - ok
12:12:15.0015 4064  IntelIde - ok
12:12:15.0109 4064  [ DA153EDC09DE8C4F846C085CAA39D1CC ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:12:15.0250 4064  intelppm - ok
12:12:15.0281 4064  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:12:15.0296 4064  Ip6Fw - ok
12:12:15.0343 4064  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:12:15.0343 4064  IpFilterDriver - ok
12:12:15.0406 4064  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:12:15.0406 4064  IpInIp - ok
12:12:15.0500 4064  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:12:15.0500 4064  IpNat - ok
12:12:15.0531 4064  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:12:15.0531 4064  IPSec - ok
12:12:15.0562 4064  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:12:15.0562 4064  IRENUM - ok
12:12:15.0609 4064  [ C8EEF2E93835B81BD335DE2123121283 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:12:15.0718 4064  isapnp - ok
12:12:15.0953 4064  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:12:16.0062 4064  JavaQuickStarterService - ok
12:12:16.0140 4064  [ 2AECA45D4AEAACBDCB77AD11184E4601 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:12:16.0250 4064  Kbdclass - ok
12:12:16.0328 4064  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:12:16.0328 4064  kmixer - ok
12:12:16.0421 4064  [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:12:16.0421 4064  KSecDD - ok
12:12:16.0484 4064  [ 79D1DBFEC599EC47244AF7B06AE2A04E ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
12:12:16.0593 4064  L8042Kbd - ok
12:12:16.0656 4064  [ 005A9AE1D43CB7E28036637C094D7D7D ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
12:12:17.0000 4064  LanmanServer - ok
12:12:17.0125 4064  [ 31D2FE1091E94354336B4E85DB818745 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:12:17.0500 4064  lanmanworkstation - ok
12:12:17.0515 4064  lbrtfdc - ok
12:12:17.0671 4064  [ 437AA83D68F9FAC234CA68DBD40DB705 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:12:17.0796 4064  LmHosts - ok
12:12:18.0000 4064  Microsoft Office Groove Audit Service - ok
12:12:18.0187 4064  [ 5A78BB029FD8414381FF1315F1E46947 ] Mobile Broadband HL Service C:\Documents and Settings\All Users\Dane aplikacji\MobileBrServ\mbbservice.exe
12:12:18.0703 4064  Mobile Broadband HL Service - ok
12:12:18.0734 4064  [ 4A068DB7DC37D5AFEDB6512D2931D7B3 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:12:18.0859 4064  Modem - ok
12:12:19.0296 4064  [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
12:12:19.0312 4064  Monfilt - ok
12:12:19.0343 4064  [ FBED3DF6B884F8CF00447B73507F2C48 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:12:19.0453 4064  Mouclass - ok
12:12:19.0484 4064  [ ECEC1E6CD558AB80F944F31326E9D3B5 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:12:19.0593 4064  mouhid - ok
12:12:19.0656 4064  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:12:19.0656 4064  MountMgr - ok
12:12:19.0703 4064  MozillaMaintenance - ok
12:12:19.0718 4064  mraid35x - ok
12:12:19.0828 4064  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:12:19.0828 4064  MRxDAV - ok
12:12:19.0984 4064  [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:12:20.0156 4064  MRxSmb - ok
12:12:20.0171 4064  MSDTC - ok
12:12:20.0218 4064  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:12:20.0218 4064  Msfs - ok
12:12:20.0234 4064  MSIServer - ok
12:12:20.0328 4064  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:12:20.0328 4064  MSKSSRV - ok
12:12:20.0406 4064  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:12:20.0406 4064  MSPCLOCK - ok
12:12:20.0437 4064  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:12:20.0437 4064  MSPQM - ok
12:12:20.0484 4064  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:12:20.0500 4064  mssmbios - ok
12:12:20.0562 4064  [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:12:20.0734 4064  Mup - ok
12:12:20.0734 4064  mv61xx - ok
12:12:20.0750 4064  mv64xx - ok
12:12:20.0890 4064  [ 14CB8528E17D1221C50FC8CA88B1795F ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:12:21.0437 4064  napagent - ok
12:12:21.0531 4064  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:12:21.0546 4064  NDIS - ok
12:12:21.0578 4064  [ 091735A5F20ACB1DC147383A905AE002 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:12:21.0703 4064  NdisTapi - ok
12:12:21.0781 4064  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:12:21.0781 4064  Ndisuio - ok
12:12:21.0859 4064  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:12:21.0859 4064  NdisWan - ok
12:12:21.0875 4064  [ 816460BD4B4ACD27937D1D0813E2E9E9 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:12:22.0000 4064  NDProxy - ok
12:12:22.0203 4064  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:12:22.0203 4064  NetBIOS - ok
12:12:22.0265 4064  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:12:22.0265 4064  NetBT - ok
12:12:22.0312 4064  NetDDE - ok
12:12:22.0312 4064  NetDDEdsdm - ok
12:12:22.0359 4064  [ 88296F7943F30A1EE3AF735440B92268 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:12:22.0500 4064  Netlogon - ok
12:12:22.0578 4064  [ 4FE97D0B1B182DF2A9BDD4C02155EF5E ] Netman          C:\WINDOWS\System32\netman.dll
12:12:23.0093 4064  Netman - ok
12:12:23.0156 4064  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:12:23.0156 4064  NetTcpPortSharing - ok
12:12:23.0250 4064  [ BF80D884E1C60DED1C7CEA3EC6F9DC28 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:12:23.0250 4064  Nla - ok
12:12:23.0281 4064  [ 4A8A2AA0706B659175169DECF198E9D7 ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
12:12:23.0281 4064  nmwcd - ok
12:12:23.0328 4064  [ FD3E61831095AC62E6840D986B5A2016 ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
12:12:23.0328 4064  nmwcdc - ok
12:12:24.0796 4064  [ 4AD196A3CFA4D546068E24477A720948 ] Norton Ghost    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
12:12:32.0765 4064  Norton Ghost - ok
12:12:32.0796 4064  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:12:32.0796 4064  Npfs - ok
12:12:33.0000 4064  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:12:33.0000 4064  Ntfs - ok
12:12:33.0031 4064  [ 88296F7943F30A1EE3AF735440B92268 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:12:33.0031 4064  NtLmSsp - ok
12:12:33.0203 4064  [ 3FB5399DBB7001A80D58EDAD64C98225 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:12:34.0312 4064  NtmsSvc - ok
12:12:34.0359 4064  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:12:34.0359 4064  Null - ok
12:12:37.0593 4064  [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:12:37.0859 4064  nv - ok
12:12:37.0890 4064  nvsvc - ok
12:12:37.0921 4064  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:12:37.0921 4064  NwlnkFlt - ok
12:12:37.0968 4064  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:12:37.0968 4064  NwlnkFwd - ok
12:12:38.0046 4064  odserv - ok
12:12:38.0062 4064  ose - ok
12:12:38.0140 4064  [ 2D4CDAEBCED17743AA9E25D3016DC229 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:12:38.0281 4064  Parport - ok
12:12:38.0312 4064  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:12:38.0312 4064  PartMgr - ok
12:12:38.0359 4064  [ 453EC2C2A20A1382F564541918520EEB ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:12:38.0484 4064  ParVdm - ok
12:12:38.0531 4064  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
12:12:38.0531 4064  pccsmcfd - ok
12:12:38.0578 4064  [ 6862C69168D787B85A7D95CCD33C694E ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:12:38.0718 4064  PCI - ok
12:12:38.0718 4064  PCIDump - ok
12:12:38.0750 4064  [ 548CF2D6369EAE441A4C6BAA75BC4F0A ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:12:38.0875 4064  PCIIde - ok
12:12:38.0937 4064  [ 8DB27F1AE9593C94095485305A583862 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:12:39.0078 4064  Pcmcia - ok
12:12:39.0093 4064  PDCOMP - ok
12:12:39.0109 4064  PDFRAME - ok
12:12:39.0125 4064  PDRELI - ok
12:12:39.0156 4064  PDRFRAME - ok
12:12:39.0187 4064  perc2 - ok
12:12:39.0265 4064  perc2hib - ok
12:12:39.0312 4064  [ 8816E60BF654353E8E0D35ED98875445 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:12:39.0312 4064  PlugPlay - ok
12:12:39.0375 4064  [ 88296F7943F30A1EE3AF735440B92268 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:12:39.0375 4064  PolicyAgent - ok
12:12:39.0421 4064  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:12:39.0421 4064  PptpMiniport - ok
12:12:39.0437 4064  [ 88296F7943F30A1EE3AF735440B92268 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:12:39.0437 4064  ProtectedStorage - ok
12:12:39.0484 4064  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:12:39.0484 4064  PSched - ok
12:12:39.0500 4064  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:12:39.0500 4064  Ptilink - ok
12:12:39.0531 4064  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:12:39.0531 4064  PxHelp20 - ok
12:12:39.0546 4064  ql1080 - ok
12:12:39.0546 4064  Ql10wnt - ok
12:12:39.0562 4064  ql12160 - ok
12:12:39.0562 4064  ql1240 - ok
12:12:39.0578 4064  ql1280 - ok
12:12:39.0609 4064  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:12:39.0609 4064  RasAcd - ok
12:12:39.0656 4064  [ BC22C5E1238D4D36D65679E249C483C3 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:12:39.0984 4064  RasAuto - ok
12:12:40.0046 4064  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:12:40.0046 4064  Rasl2tp - ok
12:12:40.0140 4064  [ 0C392E397B8D34AAAF19EC6119CBB788 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:12:40.0625 4064  RasMan - ok
12:12:40.0687 4064  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:12:40.0687 4064  RasPppoe - ok
12:12:40.0718 4064  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:12:40.0718 4064  Raspti - ok
12:12:40.0812 4064  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:12:40.0812 4064  Rdbss - ok
12:12:40.0843 4064  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:12:40.0859 4064  RDPCDD - ok
12:12:40.0968 4064  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:12:40.0984 4064  rdpdr - ok
12:12:41.0093 4064  [ 3348E61A78BA4F79C795AAD6565D3B6F ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:12:41.0250 4064  RDPWD - ok
12:12:41.0250 4064  RDSessMgr - ok
12:12:41.0296 4064  [ E0C7BBD18040B58651BAC700C804861D ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:12:41.0421 4064  redbook - ok
12:12:41.0453 4064  [ B3F57E6115BCD4DBADE9874F300655E3 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:12:41.0671 4064  RemoteAccess - ok
12:12:41.0671 4064  RpcLocator - ok
12:12:41.0812 4064  [ C9E5AC78D9A00B1DE8CE2AD1BDDE7E42 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:12:41.0812 4064  RpcSs - ok
12:12:41.0843 4064  RSVP - ok
12:12:41.0968 4064  [ 1323BA3CA4E8D863EB00CD81C0AAF356 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:12:42.0109 4064  RTLE8023xp - ok
12:12:42.0156 4064  [ 88296F7943F30A1EE3AF735440B92268 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:12:42.0156 4064  SamSs - ok
12:12:42.0218 4064  SCardSvr - ok
12:12:42.0359 4064  [ DD73C11A5C4D14945846384B90A61A4B ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:12:42.0671 4064  Schedule - ok
12:12:42.0718 4064  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:12:42.0718 4064  Secdrv - ok
12:12:42.0750 4064  [ 2AAD9026648120FFFE2A8D871BB2BBC7 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:12:42.0843 4064  seclogon - ok
12:12:42.0875 4064  [ 9D01E29D59723EB73B72107B208DAFE6 ] SENS            C:\WINDOWS\system32\sens.dll
12:12:43.0156 4064  SENS - ok
12:12:43.0218 4064  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:12:43.0218 4064  serenum - ok
12:12:43.0250 4064  [ D07B02F88165E69B9F17162CF592C8A6 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:12:43.0406 4064  Serial - ok
12:12:43.0515 4064  ServiceLayer - ok
12:12:43.0578 4064  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:12:43.0578 4064  Sfloppy - ok
12:12:43.0718 4064  [ DA5C015911F68F22ED821E9EE49AB233 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:12:43.0859 4064  SharedAccess - ok
12:12:43.0921 4064  [ 232D5719F86E05B7FE34F038D4FC84B2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:12:43.0921 4064  ShellHWDetection - ok
12:12:43.0968 4064  [ 2525F35D0A0E94BB0CA7B4B68117B453 ] Si3112          C:\WINDOWS\system32\drivers\Si3112.sys
12:12:43.0984 4064  Si3112 - ok
12:12:44.0078 4064  [ 87D406C592327DED095FF314427A4FA7 ] Si3114r5        C:\WINDOWS\system32\drivers\Si3114r5.sys
12:12:44.0093 4064  Si3114r5 - ok
12:12:44.0140 4064  [ 505C167BE0BC7173C9095CA9B7B346D9 ] Si3124          C:\WINDOWS\system32\drivers\Si3124.sys
12:12:44.0156 4064  Si3124 - ok
12:12:44.0187 4064  [ 0B9B5C6DF6226497EF4819B6E1B2EFD5 ] Si3132          C:\WINDOWS\system32\drivers\Si3132.sys
12:12:44.0187 4064  Si3132 - ok
12:12:44.0250 4064  [ F6DD3F9474AFD65ACD4861F57D40B8AB ] Si3132r5        C:\WINDOWS\system32\drivers\Si3132r5.sys
12:12:44.0250 4064  Si3132r5 - ok
12:12:44.0312 4064  [ 4346D5BBDDE7756D8614A3F193D60984 ] Si3531          C:\WINDOWS\system32\drivers\Si3531.sys
12:12:44.0328 4064  Si3531 - ok
12:12:44.0328 4064  Simbad - ok
12:12:44.0390 4064  SkypeUpdate - ok
12:12:44.0406 4064  Sparrow - ok
12:12:44.0453 4064  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:12:44.0468 4064  splitter - ok
12:12:44.0515 4064  [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:12:44.0656 4064  Spooler - ok
12:12:44.0875 4064  [ 8EA0FD60A5B047E0C734D51AACE531C9 ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
12:12:44.0875 4064  Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8EA0FD60A5B047E0C734D51AACE531C9
12:12:44.0875 4064  sptd ( LockedFile.Multi.Generic ) - warning
12:12:44.0875 4064  sptd - detected LockedFile.Multi.Generic (1)
12:12:44.0953 4064  [ EB032822BE406EF220D546DDFFCF0002 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:12:45.0171 4064  sr - ok
12:12:45.0265 4064  [ 316D0E66074AE4CDE641C50D3A1C5148 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:12:45.0593 4064  srservice - ok
12:12:45.0750 4064  [ 9B390283569EA58D43D2586032B892F5 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:12:45.0750 4064  Srv - ok
12:12:45.0796 4064  [ 2C0B1224AA36B4CA1753302BAA855882 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:12:46.0000 4064  SSDPSRV - ok
12:12:46.0140 4064  [ EAA66218CD39F5BB1B4853A78C67C787 ] ss_bbus         C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
12:12:46.0218 4064  ss_bbus - ok
12:12:46.0281 4064  [ 91765F99914ED8693D8BC76524F21581 ] ss_bmdfl        C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
12:12:46.0281 4064  ss_bmdfl - ok
12:12:46.0359 4064  [ 840E7B738B03C10EE91D9B7D3D6EFF15 ] ss_bmdm         C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
12:12:46.0359 4064  ss_bmdm - ok
12:12:46.0500 4064  [ 20BC122D7D1B8E3919D1CDB2B72F7A0B ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:12:46.0609 4064  stisvc - ok
12:12:46.0656 4064  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:12:46.0734 4064  swenum - ok
12:12:46.0781 4064  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:12:46.0781 4064  swmidi - ok
12:12:46.0796 4064  SwPrv - ok
12:12:46.0796 4064  symc810 - ok
12:12:46.0796 4064  symc8xx - ok
12:12:46.0890 4064  [ A5CF31080E99718949BCC38C83F13452 ] symsnap         C:\WINDOWS\system32\DRIVERS\symsnap.sys
12:12:47.0015 4064  symsnap - ok
12:12:47.0625 4064  [ 21FF886E6F679FC1EB352F231E846357 ] SymSnapService  C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
12:12:47.0640 4064  SymSnapService - ok
12:12:47.0640 4064  sym_hi - ok
12:12:47.0640 4064  sym_u3 - ok
12:12:47.0703 4064  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:12:47.0703 4064  sysaudio - ok
12:12:47.0718 4064  SysmonLog - ok
12:12:47.0812 4064  [ 2340E6977548038C88E39A9ECBB3FADC ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:12:48.0203 4064  TapiSrv - ok
12:12:48.0390 4064  [ DF70435F3D17C40D5CB15E6DC918342E ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:12:48.0390 4064  Tcpip - ok
12:12:48.0421 4064  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:12:48.0421 4064  TDPIPE - ok
12:12:48.0453 4064  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:12:48.0453 4064  TDTCP - ok
12:12:48.0500 4064  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:12:48.0500 4064  TermDD - ok
12:12:48.0640 4064  [ 52E0505408EDD4AB5CCC7F83B67B4299 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:12:49.0218 4064  TermService - ok
12:12:49.0296 4064  [ 232D5719F86E05B7FE34F038D4FC84B2 ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:12:49.0296 4064  Themes - ok
12:12:49.0312 4064  TlntSvr - ok
12:12:49.0312 4064  TosIde - ok
12:12:49.0359 4064  [ 9E70EB419D7785C286DC458A019BAB9B ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:12:49.0578 4064  TrkWks - ok
12:12:49.0687 4064  [ ED5E4CE36C54F55E7698642E94D32EC7 ] truecrypt       C:\WINDOWS\system32\drivers\truecrypt.sys
12:12:49.0687 4064  truecrypt - ok
12:12:49.0703 4064  TrueCryptSystemFavorites - ok
12:12:49.0734 4064  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:12:49.0734 4064  Udfs - ok
12:12:49.0734 4064  ultra - ok
12:12:49.0781 4064  [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
12:12:49.0875 4064  UnlockerDriver5 - ok
12:12:50.0015 4064  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:12:50.0015 4064  Update - ok
12:12:50.0125 4064  [ E96A6BAEE0B2A14A38B45830D6E30697 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:12:50.0531 4064  upnphost - ok
12:12:50.0546 4064  UPS - ok
12:12:50.0609 4064  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:12:50.0625 4064  usbehci - ok
12:12:50.0671 4064  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:12:50.0671 4064  usbhub - ok
12:12:50.0750 4064  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:12:50.0750 4064  usbprint - ok
12:12:50.0796 4064  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:12:50.0812 4064  usbscan - ok
12:12:50.0859 4064  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:12:50.0859 4064  usbstor - ok
12:12:50.0906 4064  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:12:50.0921 4064  usbuhci - ok
12:12:50.0968 4064  [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
12:12:50.0968 4064  usb_rndisx - ok
12:12:51.0000 4064  UTSCSI - ok
12:12:51.0046 4064  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:12:51.0046 4064  VgaSave - ok
12:12:51.0062 4064  ViaIde - ok
12:12:51.0109 4064  [ 56B191AC5FC0DF219949C95A6C87AFE7 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:12:51.0265 4064  VolSnap - ok
12:12:51.0312 4064  [ EF3506B04EB9124240B35148EAACBAA5 ] VProEventMonitor C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
12:12:51.0406 4064  VProEventMonitor - ok
12:12:51.0421 4064  VSS - ok
12:12:51.0515 4064  [ A672CA3981352F8E9C30FEA056E80A62 ] W32Time         C:\WINDOWS\system32\w32time.dll
12:12:51.0859 4064  W32Time - ok
12:12:51.0906 4064  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:12:51.0906 4064  Wanarp - ok
12:12:52.0078 4064  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
12:12:52.0093 4064  Wdf01000 - ok
12:12:52.0093 4064  WDICA - ok
12:12:52.0156 4064  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:12:52.0156 4064  wdmaud - ok
12:12:52.0203 4064  [ 81FB88B975E25D76E00B69879D8A434C ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:12:52.0437 4064  WebClient - ok
12:12:52.0515 4064  [ 090A2B8F055343815556A01F725F6C35 ] WimFltr         C:\WINDOWS\system32\DRIVERS\wimfltr.sys
12:12:52.0640 4064  WimFltr - ok
12:12:52.0859 4064  [ 70C22297534A88B0AD0568900AB5A6D9 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:12:53.0093 4064  winmgmt - ok
12:12:53.0171 4064  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:12:53.0234 4064  WmdmPmSN - ok
12:12:53.0484 4064  [ E0DC77033075F52BC9AEE300DFD854F8 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:12:53.0500 4064  Wmi - ok
12:12:53.0500 4064  WmiApSrv - ok
12:12:53.0531 4064  WMPNetworkSvc - ok
12:12:53.0609 4064  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:12:53.0609 4064  WpdUsb - ok
12:12:53.0671 4064  WPFFontCache_v0400 - ok
12:12:53.0734 4064  [ 04550D5EB7EE82C115DB547C01DF09FD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:12:53.0953 4064  wuauserv - ok
12:12:54.0046 4064  [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:12:54.0046 4064  WudfPf - ok
12:12:54.0093 4064  [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:12:54.0140 4064  WudfRd - ok
12:12:54.0187 4064  [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:12:54.0296 4064  WudfSvc - ok
12:12:54.0484 4064  [ C2842273AAA77AC031EDB87FA19A2147 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:12:55.0218 4064  WZCSVC - ok
12:12:55.0218 4064  xcpip - ok
12:12:55.0312 4064  [ 24ED6935771359A5AEF1FE8BF0C56F39 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:12:55.0593 4064  xmlprov - ok
12:12:55.0609 4064  xpsec - ok
12:12:55.0609 4064  ================ Scan global ===============================
12:12:55.0687 4064  [ 65C782F8CFC1BEBCC58E1532F44B6408 ] C:\WINDOWS\system32\basesrv.dll
12:12:55.0859 4064  [ DE74F0C6A6B1C1F5DA0A0C340DC9ACE0 ] C:\WINDOWS\system32\winsrv.dll
12:12:56.0453 4064  [ DE74F0C6A6B1C1F5DA0A0C340DC9ACE0 ] C:\WINDOWS\system32\winsrv.dll
12:12:56.0500 4064  [ 8816E60BF654353E8E0D35ED98875445 ] C:\WINDOWS\system32\services.exe
12:12:56.0500 4064  [Global] - ok
12:12:56.0500 4064  ================ Scan MBR ==================================
12:12:56.0531 4064  [ 4BBBBFC7B08DBD0D058716CD6BB16ACD ] \Device\Harddisk0\DR0
12:12:56.0609 4064  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
12:12:56.0609 4064  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
12:12:56.0625 4064  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR8
12:13:05.0187 4064  \Device\Harddisk1\DR8 - ok
12:13:05.0187 4064  ================ Scan VBR ==================================
12:13:05.0218 4064  [ 9A4E4E03054075223CC9B287EF3032FA ] \Device\Harddisk0\DR0\Partition1
12:13:05.0250 4064  \Device\Harddisk0\DR0\Partition1 - ok
12:13:05.0265 4064  [ B4CB57EB8D3EC93072D4C46BFCA440A1 ] \Device\Harddisk0\DR0\Partition2
12:13:05.0265 4064  \Device\Harddisk0\DR0\Partition2 - ok
12:13:05.0296 4064  [ E921DF1F4A7B84FFD76730F4C03E95B4 ] \Device\Harddisk0\DR0\Partition3
12:13:05.0312 4064  \Device\Harddisk0\DR0\Partition3 - ok
12:13:05.0343 4064  [ 300FB5A5DB3E1C5C11BA3BDE257BF5C7 ] \Device\Harddisk1\DR8\Partition1
12:13:05.0343 4064  \Device\Harddisk1\DR8\Partition1 - ok
12:13:05.0343 4064  ============================================================
12:13:05.0343 4064  Scan finished
12:13:05.0343 4064  ============================================================
12:13:05.0375 4016  Detected object count: 2
12:13:05.0375 4016  Actual detected object count: 2
12:13:31.0828 4016  sptd ( LockedFile.Multi.Generic ) - skipped by user
12:13:31.0828 4016  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:13:31.0828 4016  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
12:13:31.0828 4016  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip