This topic is lockedYes proceed with Combofix
Need Help Removing Google Redirect Virus Win7 64 bit [Solved]
Started by
hellooomcfly
, Oct 25 2012 01:25 PM
#16
Posted 28 October 2012 - 07:48 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yes proceed with Combofix
#17
Posted 28 October 2012 - 08:01 AM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
TDSSKiller Log:
09:56:44.0001 3596 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:56:44.0508 3596 ============================================================
09:56:44.0508 3596 Current date / time: 2012/10/28 09:56:44.0508
09:56:44.0508 3596 SystemInfo:
09:56:44.0508 3596
09:56:44.0508 3596 OS Version: 6.1.7601 ServicePack: 1.0
09:56:44.0508 3596 Product type: Workstation
09:56:44.0508 3596 ComputerName: USER-PC
09:56:44.0509 3596 UserName: User
09:56:44.0509 3596 Windows directory: C:\Windows
09:56:44.0509 3596 System windows directory: C:\Windows
09:56:44.0509 3596 Running under WOW64
09:56:44.0509 3596 Processor architecture: Intel x64
09:56:44.0509 3596 Number of processors: 2
09:56:44.0509 3596 Page size: 0x1000
09:56:44.0509 3596 Boot type: Normal boot
09:56:44.0509 3596 ============================================================
09:56:44.0879 3596 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:56:44.0917 3596 ============================================================
09:56:44.0917 3596 \Device\Harddisk0\DR0:
09:56:44.0917 3596 MBR partitions:
09:56:44.0917 3596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
09:56:44.0917 3596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465000
09:56:44.0917 3596 ============================================================
09:56:44.0933 3596 C: <-> \Device\Harddisk0\DR0\Partition2
09:56:44.0933 3596 ============================================================
09:56:44.0933 3596 Initialize success
09:56:44.0933 3596 ============================================================
09:56:57.0821 3368 ============================================================
09:56:57.0821 3368 Scan started
09:56:57.0821 3368 Mode: Manual; SigCheck; TDLFS;
09:56:57.0821 3368 ============================================================
09:56:57.0950 3368 ================ Scan system memory ========================
09:56:57.0950 3368 System memory - ok
09:56:57.0950 3368 ================ Scan services =============================
09:56:58.0039 3368 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:56:58.0102 3368 !SASCORE - ok
09:56:58.0278 3368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:56:58.0300 3368 1394ohci - ok
09:56:58.0363 3368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:56:58.0382 3368 ACPI - ok
09:56:58.0428 3368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:56:58.0447 3368 AcpiPmi - ok
09:56:58.0501 3368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:56:58.0523 3368 adp94xx - ok
09:56:58.0565 3368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:56:58.0585 3368 adpahci - ok
09:56:58.0609 3368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:56:58.0626 3368 adpu320 - ok
09:56:58.0662 3368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:56:58.0701 3368 AeLookupSvc - ok
09:56:58.0796 3368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:56:58.0817 3368 AFD - ok
09:56:58.0914 3368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:56:58.0930 3368 agp440 - ok
09:56:58.0944 3368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:56:58.0961 3368 ALG - ok
09:56:58.0969 3368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:56:58.0984 3368 aliide - ok
09:56:59.0002 3368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:56:59.0016 3368 amdide - ok
09:56:59.0028 3368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:56:59.0045 3368 AmdK8 - ok
09:56:59.0063 3368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:56:59.0080 3368 AmdPPM - ok
09:56:59.0135 3368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:56:59.0152 3368 amdsata - ok
09:56:59.0176 3368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:56:59.0195 3368 amdsbs - ok
09:56:59.0211 3368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:56:59.0227 3368 amdxata - ok
09:56:59.0273 3368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:56:59.0312 3368 AppID - ok
09:56:59.0333 3368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:56:59.0371 3368 AppIDSvc - ok
09:56:59.0419 3368 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:56:59.0458 3368 Appinfo - ok
09:56:59.0553 3368 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:56:59.0567 3368 Apple Mobile Device - ok
09:56:59.0608 3368 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:56:59.0625 3368 AppMgmt - ok
09:56:59.0656 3368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:56:59.0672 3368 arc - ok
09:56:59.0691 3368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:56:59.0708 3368 arcsas - ok
09:56:59.0726 3368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:56:59.0766 3368 AsyncMac - ok
09:56:59.0807 3368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:56:59.0822 3368 atapi - ok
09:56:59.0894 3368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:56:59.0940 3368 AudioEndpointBuilder - ok
09:56:59.0972 3368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:57:00.0016 3368 AudioSrv - ok
09:57:00.0123 3368 [ AEFC1353D0FB4E92A23CFB7E3372356D ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
09:57:00.0143 3368 AVP - ok
09:57:00.0206 3368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:57:00.0230 3368 AxInstSV - ok
09:57:00.0268 3368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:57:00.0303 3368 b06bdrv - ok
09:57:00.0338 3368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:57:00.0360 3368 b57nd60a - ok
09:57:00.0478 3368 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:57:00.0586 3368 BCM43XX - ok
09:57:00.0617 3368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:57:00.0635 3368 BDESVC - ok
09:57:00.0643 3368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:57:00.0682 3368 Beep - ok
09:57:00.0759 3368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:57:00.0817 3368 BFE - ok
09:57:00.0848 3368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:57:00.0912 3368 BITS - ok
09:57:00.0940 3368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:57:00.0957 3368 blbdrive - ok
09:57:01.0029 3368 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:57:01.0047 3368 Bonjour Service - ok
09:57:01.0104 3368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:57:01.0120 3368 bowser - ok
09:57:01.0146 3368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:57:01.0165 3368 BrFiltLo - ok
09:57:01.0179 3368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:57:01.0198 3368 BrFiltUp - ok
09:57:01.0238 3368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:57:01.0255 3368 Browser - ok
09:57:01.0278 3368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:57:01.0300 3368 Brserid - ok
09:57:01.0311 3368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:57:01.0332 3368 BrSerWdm - ok
09:57:01.0351 3368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:57:01.0370 3368 BrUsbMdm - ok
09:57:01.0386 3368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:57:01.0403 3368 BrUsbSer - ok
09:57:01.0422 3368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:57:01.0443 3368 BTHMODEM - ok
09:57:01.0482 3368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:57:01.0523 3368 bthserv - ok
09:57:01.0541 3368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:57:01.0582 3368 cdfs - ok
09:57:01.0629 3368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:57:01.0648 3368 cdrom - ok
09:57:01.0707 3368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:57:01.0746 3368 CertPropSvc - ok
09:57:01.0765 3368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:57:01.0786 3368 circlass - ok
09:57:01.0803 3368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:57:01.0826 3368 CLFS - ok
09:57:01.0886 3368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:57:01.0899 3368 clr_optimization_v2.0.50727_32 - ok
09:57:01.0961 3368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:57:01.0974 3368 clr_optimization_v2.0.50727_64 - ok
09:57:02.0088 3368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:57:02.0103 3368 clr_optimization_v4.0.30319_32 - ok
09:57:02.0131 3368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:57:02.0145 3368 clr_optimization_v4.0.30319_64 - ok
09:57:02.0162 3368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:57:02.0179 3368 CmBatt - ok
09:57:02.0198 3368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:57:02.0214 3368 cmdide - ok
09:57:02.0271 3368 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:57:02.0302 3368 CNG - ok
09:57:02.0351 3368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:57:02.0367 3368 Compbatt - ok
09:57:02.0431 3368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:57:02.0450 3368 CompositeBus - ok
09:57:02.0466 3368 COMSysApp - ok
09:57:02.0480 3368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:57:02.0495 3368 crcdisk - ok
09:57:02.0539 3368 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:57:02.0556 3368 CryptSvc - ok
09:57:02.0606 3368 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:57:02.0627 3368 CSC - ok
09:57:02.0686 3368 [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
09:57:02.0700 3368 CSCrySec - ok
09:57:02.0775 3368 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:57:02.0810 3368 CscService - ok
09:57:02.0910 3368 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
09:57:02.0947 3368 CSObjectsSrv - ok
09:57:02.0979 3368 [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
09:57:02.0992 3368 CSVirtualDiskDrv - ok
09:57:03.0064 3368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:57:03.0108 3368 DcomLaunch - ok
09:57:03.0145 3368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:57:03.0189 3368 defragsvc - ok
09:57:03.0245 3368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:57:03.0284 3368 DfsC - ok
09:57:03.0342 3368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:57:03.0385 3368 Dhcp - ok
09:57:03.0412 3368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:57:03.0452 3368 discache - ok
09:57:03.0486 3368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:57:03.0502 3368 Disk - ok
09:57:03.0555 3368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:57:03.0573 3368 Dnscache - ok
09:57:03.0617 3368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:57:03.0656 3368 dot3svc - ok
09:57:03.0703 3368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:57:03.0744 3368 DPS - ok
09:57:03.0772 3368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:57:03.0791 3368 drmkaud - ok
09:57:03.0854 3368 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:57:03.0883 3368 DXGKrnl - ok
09:57:03.0914 3368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:57:03.0955 3368 EapHost - ok
09:57:04.0055 3368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:57:04.0170 3368 ebdrv - ok
09:57:04.0214 3368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:57:04.0232 3368 EFS - ok
09:57:04.0279 3368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:57:04.0315 3368 ehRecvr - ok
09:57:04.0352 3368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:57:04.0371 3368 ehSched - ok
09:57:04.0436 3368 [ 702D5606CF2199E0EDEA6F0E0D27CD10 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
09:57:04.0449 3368 ElbyCDIO - ok
09:57:04.0498 3368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:57:04.0533 3368 elxstor - ok
09:57:04.0546 3368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:57:04.0563 3368 ErrDev - ok
09:57:04.0604 3368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:57:04.0650 3368 EventSystem - ok
09:57:04.0662 3368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:57:04.0705 3368 exfat - ok
09:57:04.0716 3368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:57:04.0759 3368 fastfat - ok
09:57:04.0824 3368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:57:04.0860 3368 Fax - ok
09:57:04.0880 3368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:57:04.0897 3368 fdc - ok
09:57:04.0923 3368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:57:04.0963 3368 fdPHost - ok
09:57:04.0976 3368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:57:05.0018 3368 FDResPub - ok
09:57:05.0033 3368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:57:05.0049 3368 FileInfo - ok
09:57:05.0067 3368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:57:05.0107 3368 Filetrace - ok
09:57:05.0120 3368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:57:05.0137 3368 flpydisk - ok
09:57:05.0179 3368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:57:05.0197 3368 FltMgr - ok
09:57:05.0242 3368 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:57:05.0308 3368 FontCache - ok
09:57:05.0376 3368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:57:05.0389 3368 FontCache3.0.0.0 - ok
09:57:05.0410 3368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:57:05.0426 3368 FsDepends - ok
09:57:05.0465 3368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:57:05.0481 3368 Fs_Rec - ok
09:57:05.0538 3368 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:57:05.0561 3368 fvevol - ok
09:57:05.0586 3368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:57:05.0604 3368 gagp30kx - ok
09:57:05.0628 3368 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:57:05.0640 3368 GEARAspiWDM - ok
09:57:05.0688 3368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:57:05.0749 3368 gpsvc - ok
09:57:05.0765 3368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:57:05.0782 3368 hcw85cir - ok
09:57:05.0842 3368 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:57:05.0868 3368 HdAudAddService - ok
09:57:05.0895 3368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:57:05.0916 3368 HDAudBus - ok
09:57:05.0960 3368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:57:05.0977 3368 HidBatt - ok
09:57:05.0996 3368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:57:06.0020 3368 HidBth - ok
09:57:06.0034 3368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:57:06.0054 3368 HidIr - ok
09:57:06.0082 3368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:57:06.0123 3368 hidserv - ok
09:57:06.0179 3368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:57:06.0196 3368 HidUsb - ok
09:57:06.0239 3368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:57:06.0278 3368 hkmsvc - ok
09:57:06.0328 3368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:57:06.0356 3368 HomeGroupListener - ok
09:57:06.0404 3368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:57:06.0424 3368 HomeGroupProvider - ok
09:57:06.0490 3368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:57:06.0507 3368 HpSAMD - ok
09:57:06.0585 3368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:57:06.0632 3368 HTTP - ok
09:57:06.0669 3368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:57:06.0683 3368 hwpolicy - ok
09:57:06.0748 3368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:57:06.0766 3368 i8042prt - ok
09:57:06.0822 3368 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:57:06.0842 3368 iaStor - ok
09:57:06.0893 3368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:57:06.0916 3368 iaStorV - ok
09:57:06.0991 3368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:57:07.0035 3368 idsvc - ok
09:57:07.0308 3368 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:57:07.0443 3368 igfx - ok
09:57:07.0515 3368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:57:07.0532 3368 iirsp - ok
09:57:07.0593 3368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:57:07.0654 3368 IKEEXT - ok
09:57:07.0698 3368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:57:07.0713 3368 intelide - ok
09:57:07.0752 3368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:57:07.0769 3368 intelppm - ok
09:57:07.0800 3368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:57:07.0842 3368 IPBusEnum - ok
09:57:07.0885 3368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:57:07.0924 3368 IpFilterDriver - ok
09:57:07.0991 3368 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:57:08.0039 3368 iphlpsvc - ok
09:57:08.0090 3368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:57:08.0108 3368 IPMIDRV - ok
09:57:08.0132 3368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:57:08.0173 3368 IPNAT - ok
09:57:08.0256 3368 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:57:08.0281 3368 iPod Service - ok
09:57:08.0312 3368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:57:08.0333 3368 IRENUM - ok
09:57:08.0349 3368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:57:08.0365 3368 isapnp - ok
09:57:08.0418 3368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:57:08.0438 3368 iScsiPrt - ok
09:57:08.0470 3368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:57:08.0486 3368 kbdclass - ok
09:57:08.0541 3368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:57:08.0558 3368 kbdhid - ok
09:57:08.0572 3368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:57:08.0588 3368 KeyIso - ok
09:57:08.0653 3368 [ 73BF91EFBE1F788D0615A396A9211A4B ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
09:57:08.0676 3368 KL1 - ok
09:57:08.0696 3368 [ DC3CF56209C6A19124FEDEF1CBFAF55B ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
09:57:08.0711 3368 kl2 - ok
09:57:08.0798 3368 [ 43D02C0E6BDCD216A01ECAE213A64F67 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
09:57:08.0832 3368 KLIF - ok
09:57:08.0872 3368 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
09:57:08.0886 3368 KLIM6 - ok
09:57:08.0905 3368 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
09:57:08.0918 3368 klmouflt - ok
09:57:09.0071 3368 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
09:57:09.0090 3368 Kodak AiO Network Discovery Service - ok
09:57:09.0131 3368 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
09:57:09.0146 3368 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - warning
09:57:09.0146 3368 Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic (1)
09:57:09.0192 3368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:57:09.0209 3368 KSecDD - ok
09:57:09.0257 3368 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:57:09.0275 3368 KSecPkg - ok
09:57:09.0320 3368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:57:09.0360 3368 ksthunk - ok
09:57:09.0393 3368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:57:09.0440 3368 KtmRm - ok
09:57:09.0496 3368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:57:09.0539 3368 LanmanServer - ok
09:57:09.0589 3368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:57:09.0633 3368 LanmanWorkstation - ok
09:57:09.0680 3368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:57:09.0720 3368 lltdio - ok
09:57:09.0769 3368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:57:09.0813 3368 lltdsvc - ok
09:57:09.0830 3368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:57:09.0871 3368 lmhosts - ok
09:57:09.0906 3368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:57:09.0923 3368 LSI_FC - ok
09:57:09.0968 3368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:57:09.0985 3368 LSI_SAS - ok
09:57:09.0996 3368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:57:10.0013 3368 LSI_SAS2 - ok
09:57:10.0028 3368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:57:10.0046 3368 LSI_SCSI - ok
09:57:10.0081 3368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:57:10.0124 3368 luafv - ok
09:57:10.0134 3368 lxcc_device - ok
09:57:10.0235 3368 [ 7FABCB154595488A9F3946F431D8D920 ] lxdkCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe
09:57:10.0248 3368 lxdkCATSCustConnectService - ok
09:57:10.0253 3368 lxdk_device - ok
09:57:10.0305 3368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:57:10.0325 3368 Mcx2Svc - ok
09:57:10.0339 3368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:57:10.0355 3368 megasas - ok
09:57:10.0368 3368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:57:10.0390 3368 MegaSR - ok
09:57:10.0442 3368 Microsoft SharePoint Workspace Audit Service - ok
09:57:10.0467 3368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:57:10.0507 3368 MMCSS - ok
09:57:10.0525 3368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:57:10.0566 3368 Modem - ok
09:57:10.0595 3368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:57:10.0615 3368 monitor - ok
09:57:10.0677 3368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:57:10.0692 3368 mouclass - ok
09:57:10.0698 3368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:57:10.0716 3368 mouhid - ok
09:57:10.0763 3368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:57:10.0780 3368 mountmgr - ok
09:57:10.0799 3368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:57:10.0818 3368 mpio - ok
09:57:10.0832 3368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:57:10.0874 3368 mpsdrv - ok
09:57:10.0935 3368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:57:10.0998 3368 MpsSvc - ok
09:57:11.0050 3368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:57:11.0073 3368 MRxDAV - ok
09:57:11.0112 3368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:57:11.0131 3368 mrxsmb - ok
09:57:11.0182 3368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:57:11.0203 3368 mrxsmb10 - ok
09:57:11.0219 3368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:57:11.0237 3368 mrxsmb20 - ok
09:57:11.0282 3368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:57:11.0298 3368 msahci - ok
09:57:11.0337 3368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:57:11.0355 3368 msdsm - ok
09:57:11.0413 3368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:57:11.0434 3368 MSDTC - ok
09:57:11.0471 3368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:57:11.0511 3368 Msfs - ok
09:57:11.0526 3368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:57:11.0566 3368 mshidkmdf - ok
09:57:11.0621 3368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:57:11.0637 3368 msisadrv - ok
09:57:11.0689 3368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:57:11.0730 3368 MSiSCSI - ok
09:57:11.0736 3368 msiserver - ok
09:57:11.0768 3368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:57:11.0809 3368 MSKSSRV - ok
09:57:11.0823 3368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:57:11.0864 3368 MSPCLOCK - ok
09:57:11.0878 3368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:57:11.0918 3368 MSPQM - ok
09:57:11.0978 3368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:57:12.0000 3368 MsRPC - ok
09:57:12.0023 3368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:57:12.0039 3368 mssmbios - ok
09:57:12.0044 3368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:57:12.0084 3368 MSTEE - ok
09:57:12.0095 3368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:57:12.0113 3368 MTConfig - ok
09:57:12.0140 3368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:57:12.0156 3368 Mup - ok
09:57:12.0220 3368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:57:12.0275 3368 napagent - ok
09:57:12.0306 3368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:57:12.0331 3368 NativeWifiP - ok
09:57:12.0401 3368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:57:12.0443 3368 NDIS - ok
09:57:12.0463 3368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:57:12.0502 3368 NdisCap - ok
09:57:12.0535 3368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:57:12.0574 3368 NdisTapi - ok
09:57:12.0623 3368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:57:12.0664 3368 Ndisuio - ok
09:57:12.0705 3368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:57:12.0747 3368 NdisWan - ok
09:57:12.0794 3368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:57:12.0832 3368 NDProxy - ok
09:57:12.0849 3368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:57:12.0889 3368 NetBIOS - ok
09:57:12.0936 3368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:57:12.0975 3368 NetBT - ok
09:57:12.0996 3368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:57:13.0013 3368 Netlogon - ok
09:57:13.0053 3368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:57:13.0098 3368 Netman - ok
09:57:13.0125 3368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:57:13.0174 3368 netprofm - ok
09:57:13.0198 3368 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:57:13.0211 3368 NetTcpPortSharing - ok
09:57:13.0245 3368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:57:13.0261 3368 nfrd960 - ok
09:57:13.0308 3368 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:57:13.0351 3368 NlaSvc - ok
09:57:13.0360 3368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:57:13.0401 3368 Npfs - ok
09:57:13.0418 3368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:57:13.0460 3368 nsi - ok
09:57:13.0470 3368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:57:13.0510 3368 nsiproxy - ok
09:57:13.0586 3368 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:57:13.0625 3368 Ntfs - ok
09:57:13.0637 3368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:57:13.0680 3368 Null - ok
09:57:13.0697 3368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:57:13.0715 3368 nvraid - ok
09:57:13.0768 3368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:57:13.0786 3368 nvstor - ok
09:57:13.0803 3368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:57:13.0821 3368 nv_agp - ok
09:57:13.0855 3368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:57:13.0873 3368 ohci1394 - ok
09:57:13.0945 3368 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:57:13.0959 3368 ose64 - ok
09:57:14.0135 3368 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:57:14.0296 3368 osppsvc - ok
09:57:14.0331 3368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:57:14.0353 3368 p2pimsvc - ok
09:57:14.0374 3368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:57:14.0412 3368 p2psvc - ok
09:57:14.0447 3368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:57:14.0465 3368 Parport - ok
09:57:14.0506 3368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:57:14.0522 3368 partmgr - ok
09:57:14.0541 3368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:57:14.0565 3368 PcaSvc - ok
09:57:14.0608 3368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:57:14.0627 3368 pci - ok
09:57:14.0644 3368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:57:14.0660 3368 pciide - ok
09:57:14.0678 3368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:57:14.0697 3368 pcmcia - ok
09:57:14.0706 3368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:57:14.0723 3368 pcw - ok
09:57:14.0747 3368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:57:14.0805 3368 PEAUTH - ok
09:57:14.0866 3368 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:57:14.0922 3368 PeerDistSvc - ok
09:57:14.0994 3368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:57:15.0011 3368 PerfHost - ok
09:57:15.0088 3368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:57:15.0166 3368 pla - ok
09:57:15.0211 3368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:57:15.0245 3368 PlugPlay - ok
09:57:15.0257 3368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:57:15.0275 3368 PNRPAutoReg - ok
09:57:15.0298 3368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:57:15.0319 3368 PNRPsvc - ok
09:57:15.0336 3368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:57:15.0394 3368 PolicyAgent - ok
09:57:15.0425 3368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:57:15.0469 3368 Power - ok
09:57:15.0518 3368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:57:15.0556 3368 PptpMiniport - ok
09:57:15.0581 3368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:57:15.0597 3368 Processor - ok
09:57:15.0644 3368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:57:15.0662 3368 ProfSvc - ok
09:57:15.0687 3368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:57:15.0704 3368 ProtectedStorage - ok
09:57:15.0780 3368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:57:15.0818 3368 Psched - ok
09:57:15.0868 3368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:57:15.0930 3368 ql2300 - ok
09:57:15.0972 3368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:57:15.0989 3368 ql40xx - ok
09:57:16.0026 3368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:57:16.0053 3368 QWAVE - ok
09:57:16.0060 3368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:57:16.0083 3368 QWAVEdrv - ok
09:57:16.0099 3368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:57:16.0139 3368 RasAcd - ok
09:57:16.0190 3368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:57:16.0233 3368 RasAgileVpn - ok
09:57:16.0249 3368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:57:16.0291 3368 RasAuto - ok
09:57:16.0339 3368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:57:16.0379 3368 Rasl2tp - ok
09:57:16.0429 3368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:57:16.0475 3368 RasMan - ok
09:57:16.0508 3368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:57:16.0550 3368 RasPppoe - ok
09:57:16.0565 3368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:57:16.0607 3368 RasSstp - ok
09:57:16.0661 3368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:57:16.0703 3368 rdbss - ok
09:57:16.0741 3368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:57:16.0760 3368 rdpbus - ok
09:57:16.0784 3368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:57:16.0824 3368 RDPCDD - ok
09:57:16.0887 3368 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:57:16.0914 3368 RDPDR - ok
09:57:16.0918 3368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:57:16.0958 3368 RDPENCDD - ok
09:57:16.0966 3368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:57:17.0006 3368 RDPREFMP - ok
09:57:17.0101 3368 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:57:17.0118 3368 RdpVideoMiniport - ok
09:57:17.0163 3368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:57:17.0179 3368 RDPWD - ok
09:57:17.0237 3368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:57:17.0256 3368 rdyboost - ok
09:57:17.0306 3368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:57:17.0348 3368 RemoteAccess - ok
09:57:17.0375 3368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:57:17.0420 3368 RemoteRegistry - ok
09:57:17.0430 3368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:57:17.0472 3368 RpcEptMapper - ok
09:57:17.0494 3368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:57:17.0512 3368 RpcLocator - ok
09:57:17.0560 3368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:57:17.0605 3368 RpcSs - ok
09:57:17.0637 3368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:57:17.0677 3368 rspndr - ok
09:57:17.0717 3368 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:57:17.0738 3368 s3cap - ok
09:57:17.0755 3368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:57:17.0771 3368 SamSs - ok
09:57:17.0820 3368 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:57:17.0833 3368 SASDIFSV - ok
09:57:17.0856 3368 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:57:17.0868 3368 SASKUTIL - ok
09:57:17.0913 3368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:57:17.0930 3368 sbp2port - ok
09:57:17.0975 3368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:57:18.0018 3368 SCardSvr - ok
09:57:18.0078 3368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:57:18.0115 3368 scfilter - ok
09:57:18.0178 3368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:57:18.0256 3368 Schedule - ok
09:57:18.0305 3368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:57:18.0343 3368 SCPolicySvc - ok
09:57:18.0383 3368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:57:18.0404 3368 SDRSVC - ok
09:57:18.0443 3368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:57:18.0483 3368 secdrv - ok
09:57:18.0526 3368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:57:18.0566 3368 seclogon - ok
09:57:18.0595 3368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:57:18.0636 3368 SENS - ok
09:57:18.0643 3368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:57:18.0661 3368 SensrSvc - ok
09:57:18.0667 3368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:57:18.0685 3368 Serenum - ok
09:57:18.0698 3368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:57:18.0716 3368 Serial - ok
09:57:18.0763 3368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:57:18.0780 3368 sermouse - ok
09:57:18.0837 3368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:57:18.0878 3368 SessionEnv - ok
09:57:18.0922 3368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:57:18.0942 3368 sffdisk - ok
09:57:18.0947 3368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:57:18.0967 3368 sffp_mmc - ok
09:57:18.0972 3368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:57:18.0992 3368 sffp_sd - ok
09:57:18.0999 3368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:57:19.0016 3368 sfloppy - ok
09:57:19.0069 3368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:57:19.0114 3368 SharedAccess - ok
09:57:19.0155 3368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:57:19.0200 3368 ShellHWDetection - ok
09:57:19.0220 3368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:57:19.0236 3368 SiSRaid2 - ok
09:57:19.0249 3368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:57:19.0266 3368 SiSRaid4 - ok
09:57:19.0311 3368 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:57:19.0325 3368 SkypeUpdate - ok
09:57:19.0341 3368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:57:19.0383 3368 Smb - ok
09:57:19.0421 3368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:57:19.0440 3368 SNMPTRAP - ok
09:57:19.0456 3368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:57:19.0472 3368 spldr - ok
09:57:19.0525 3368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:57:19.0548 3368 Spooler - ok
09:57:19.0672 3368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:57:19.0751 3368 sppsvc - ok
09:57:19.0763 3368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:57:19.0806 3368 sppuinotify - ok
09:57:19.0860 3368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:57:19.0893 3368 srv - ok
09:57:19.0946 3368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:57:19.0966 3368 srv2 - ok
09:57:20.0004 3368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:57:20.0023 3368 srvnet - ok
09:57:20.0047 3368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:57:20.0090 3368 SSDPSRV - ok
09:57:20.0104 3368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:57:20.0147 3368 SstpSvc - ok
09:57:20.0175 3368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:57:20.0191 3368 stexstor - ok
09:57:20.0250 3368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:57:20.0279 3368 stisvc - ok
09:57:20.0331 3368 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:57:20.0346 3368 storflt - ok
09:57:20.0360 3368 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:57:20.0376 3368 storvsc - ok
09:57:20.0385 3368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:57:20.0402 3368 swenum - ok
09:57:20.0428 3368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:57:20.0489 3368 swprv - ok
09:57:20.0503 3368 Synth3dVsc - ok
09:57:20.0575 3368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:57:20.0651 3368 SysMain - ok
09:57:20.0689 3368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:57:20.0713 3368 TabletInputService - ok
09:57:20.0757 3368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:57:20.0802 3368 TapiSrv - ok
09:57:20.0824 3368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:57:20.0866 3368 TBS - ok
09:57:20.0942 3368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:57:20.0985 3368 Tcpip - ok
09:57:21.0042 3368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:57:21.0086 3368 TCPIP6 - ok
09:57:21.0130 3368 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:57:21.0169 3368 tcpipreg - ok
09:57:21.0198 3368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:57:21.0216 3368 TDPIPE - ok
09:57:21.0249 3368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:57:21.0264 3368 TDTCP - ok
09:57:21.0310 3368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:57:21.0349 3368 tdx - ok
09:57:21.0392 3368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:57:21.0409 3368 TermDD - ok
09:57:21.0462 3368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:57:21.0524 3368 TermService - ok
09:57:21.0548 3368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:57:21.0570 3368 Themes - ok
09:57:21.0584 3368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:57:21.0624 3368 THREADORDER - ok
09:57:21.0643 3368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:57:21.0686 3368 TrkWks - ok
09:57:21.0750 3368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:57:21.0792 3368 TrustedInstaller - ok
09:57:21.0838 3368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:57:21.0877 3368 tssecsrv - ok
09:57:21.0910 3368 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:57:21.0928 3368 TsUsbFlt - ok
09:57:21.0950 3368 tsusbhub - ok
09:57:22.0010 3368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:57:22.0048 3368 tunnel - ok
09:57:22.0084 3368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:57:22.0101 3368 uagp35 - ok
09:57:22.0151 3368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:57:22.0194 3368 udfs - ok
09:57:22.0227 3368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:57:22.0247 3368 UI0Detect - ok
09:57:22.0270 3368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:57:22.0286 3368 uliagpkx - ok
09:57:22.0342 3368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:57:22.0360 3368 umbus - ok
09:57:22.0373 3368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:57:22.0399 3368 UmPass - ok
09:57:22.0459 3368 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:57:22.0481 3368 UmRdpService - ok
09:57:22.0506 3368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:57:22.0552 3368 upnphost - ok
09:57:22.0600 3368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:57:22.0627 3368 usbccgp - ok
09:57:22.0691 3368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:57:22.0711 3368 usbcir - ok
09:57:22.0719 3368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:57:22.0737 3368 usbehci - ok
09:57:22.0766 3368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:57:22.0788 3368 usbhub - ok
09:57:22.0832 3368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:57:22.0848 3368 usbohci - ok
09:57:22.0889 3368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:57:22.0908 3368 usbprint - ok
09:57:22.0946 3368 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:57:22.0965 3368 usbscan - ok
09:57:22.0981 3368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:57:22.0999 3368 USBSTOR - ok
09:57:23.0045 3368 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:57:23.0061 3368 usbuhci - ok
09:57:23.0089 3368 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:57:23.0111 3368 usbvideo - ok
09:57:23.0147 3368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:57:23.0188 3368 UxSms - ok
09:57:23.0201 3368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:57:23.0217 3368 VaultSvc - ok
09:57:23.0254 3368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:57:23.0269 3368 vdrvroot - ok
09:57:23.0318 3368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:57:23.0375 3368 vds - ok
09:57:23.0406 3368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:57:23.0426 3368 vga - ok
09:57:23.0442 3368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:57:23.0483 3368 VgaSave - ok
09:57:23.0494 3368 VGPU - ok
09:57:23.0549 3368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:57:23.0569 3368 vhdmp - ok
09:57:23.0614 3368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:57:23.0630 3368 viaide - ok
09:57:23.0685 3368 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:57:23.0704 3368 vmbus - ok
09:57:23.0741 3368 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:57:23.0757 3368 VMBusHID - ok
09:57:23.0776 3368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:57:23.0792 3368 volmgr - ok
09:57:23.0834 3368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:57:23.0859 3368 volmgrx - ok
09:57:23.0883 3368 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:57:23.0904 3368 volsnap - ok
09:57:23.0947 3368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:57:23.0965 3368 vsmraid - ok
09:57:24.0055 3368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:57:24.0145 3368 VSS - ok
09:57:24.0164 3368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:57:24.0184 3368 vwifibus - ok
09:57:24.0211 3368 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:57:24.0233 3368 vwififlt - ok
09:57:24.0264 3368 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:57:24.0284 3368 vwifimp - ok
09:57:24.0318 3368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:57:24.0364 3368 W32Time - ok
09:57:24.0384 3368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:57:24.0404 3368 WacomPen - ok
09:57:24.0467 3368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:57:24.0509 3368 WANARP - ok
09:57:24.0515 3368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:57:24.0555 3368 Wanarpv6 - ok
09:57:24.0608 3368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:57:24.0641 3368 WatAdminSvc - ok
09:57:24.0713 3368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:57:24.0747 3368 wbengine - ok
09:57:24.0770 3368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:57:24.0796 3368 WbioSrvc - ok
09:57:24.0848 3368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:57:24.0877 3368 wcncsvc - ok
09:57:24.0889 3368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:57:24.0913 3368 WcsPlugInService - ok
09:57:24.0942 3368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:57:24.0957 3368 Wd - ok
09:57:24.0978 3368 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:57:25.0014 3368 Wdf01000 - ok
09:57:25.0027 3368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:57:25.0051 3368 WdiServiceHost - ok
09:57:25.0056 3368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:57:25.0079 3368 WdiSystemHost - ok
09:57:25.0136 3368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:57:25.0164 3368 WebClient - ok
09:57:25.0187 3368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:57:25.0232 3368 Wecsvc - ok
09:57:25.0248 3368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:57:25.0290 3368 wercplsupport - ok
09:57:25.0303 3368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:57:25.0344 3368 WerSvc - ok
09:57:25.0371 3368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:57:25.0411 3368 WfpLwf - ok
09:57:25.0439 3368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:57:25.0455 3368 WIMMount - ok
09:57:25.0472 3368 WinDefend - ok
09:57:25.0478 3368 WinHttpAutoProxySvc - ok
09:57:25.0535 3368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:57:25.0578 3368 Winmgmt - ok
09:57:25.0664 3368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:57:25.0758 3368 WinRM - ok
09:57:25.0827 3368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:57:25.0849 3368 WinUsb - ok
09:57:25.0907 3368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:57:25.0954 3368 Wlansvc - ok
09:57:26.0054 3368 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:57:26.0143 3368 wlidsvc - ok
09:57:26.0186 3368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:57:26.0202 3368 WmiAcpi - ok
09:57:26.0242 3368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:57:26.0263 3368 wmiApSrv - ok
09:57:26.0308 3368 WMPNetworkSvc - ok
09:57:26.0335 3368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:57:26.0354 3368 WPCSvc - ok
09:57:26.0404 3368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:57:26.0424 3368 WPDBusEnum - ok
09:57:26.0456 3368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:57:26.0496 3368 ws2ifsl - ok
09:57:26.0515 3368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:57:26.0539 3368 wscsvc - ok
09:57:26.0545 3368 WSearch - ok
09:57:26.0645 3368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:57:26.0737 3368 wuauserv - ok
09:57:26.0785 3368 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:57:26.0825 3368 WudfPf - ok
09:57:26.0833 3368 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:57:26.0876 3368 WUDFRd - ok
09:57:26.0913 3368 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:57:26.0952 3368 wudfsvc - ok
09:57:26.0973 3368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:57:27.0000 3368 WwanSvc - ok
09:57:27.0067 3368 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:57:27.0087 3368 YahooAUService - ok
09:57:27.0156 3368 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
09:57:27.0188 3368 yukonw7 - ok
09:57:27.0197 3368 ================ Scan global ===============================
09:57:27.0217 3368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:57:27.0270 3368 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:57:27.0290 3368 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:57:27.0325 3368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:57:27.0360 3368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:57:27.0366 3368 [Global] - ok
09:57:27.0366 3368 ================ Scan MBR ==================================
09:57:27.0382 3368 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:57:27.0592 3368 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:57:27.0592 3368 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:57:27.0593 3368 ================ Scan VBR ==================================
09:57:27.0596 3368 [ D303BA92686F7F0332982606CAC13871 ] \Device\Harddisk0\DR0\Partition1
09:57:27.0597 3368 \Device\Harddisk0\DR0\Partition1 - ok
09:57:27.0626 3368 [ 9C3824DC60183B02681E4857B4879A10 ] \Device\Harddisk0\DR0\Partition2
09:57:27.0629 3368 \Device\Harddisk0\DR0\Partition2 - ok
09:57:27.0629 3368 ============================================================
09:57:27.0629 3368 Scan finished
09:57:27.0629 3368 ============================================================
09:57:27.0641 5184 Detected object count: 2
09:57:27.0641 5184 Actual detected object count: 2
09:57:34.0154 5184 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:57:34.0154 5184 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:57:34.0154 5184 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:57:34.0155 5184 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:58:17.0237 5876 ============================================================
09:58:17.0238 5876 Scan started
09:58:17.0238 5876 Mode: Manual; SigCheck; TDLFS;
09:58:17.0238 5876 ============================================================
09:58:17.0399 5876 ================ Scan system memory ========================
09:58:17.0399 5876 System memory - ok
09:58:17.0400 5876 ================ Scan services =============================
09:58:17.0451 5876 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:58:17.0474 5876 !SASCORE - ok
09:58:17.0634 5876 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:58:17.0655 5876 1394ohci - ok
09:58:17.0719 5876 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:58:17.0738 5876 ACPI - ok
09:58:17.0796 5876 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:58:17.0814 5876 AcpiPmi - ok
09:58:17.0857 5876 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:58:17.0878 5876 adp94xx - ok
09:58:17.0921 5876 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:58:17.0940 5876 adpahci - ok
09:58:17.0988 5876 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:58:18.0005 5876 adpu320 - ok
09:58:18.0062 5876 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:58:18.0102 5876 AeLookupSvc - ok
09:58:18.0152 5876 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:58:18.0172 5876 AFD - ok
09:58:18.0214 5876 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:58:18.0229 5876 agp440 - ok
09:58:18.0244 5876 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:58:18.0263 5876 ALG - ok
09:58:18.0281 5876 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:58:18.0295 5876 aliide - ok
09:58:18.0302 5876 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:58:18.0317 5876 amdide - ok
09:58:18.0329 5876 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:58:18.0345 5876 AmdK8 - ok
09:58:18.0364 5876 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:58:18.0380 5876 AmdPPM - ok
09:58:18.0425 5876 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:58:18.0441 5876 amdsata - ok
09:58:18.0477 5876 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:58:18.0494 5876 amdsbs - ok
09:58:18.0502 5876 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:58:18.0516 5876 amdxata - ok
09:58:18.0553 5876 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:58:18.0590 5876 AppID - ok
09:58:18.0601 5876 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:58:18.0639 5876 AppIDSvc - ok
09:58:18.0688 5876 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:58:18.0724 5876 Appinfo - ok
09:58:18.0810 5876 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:58:18.0823 5876 Apple Mobile Device - ok
09:58:18.0854 5876 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:58:18.0871 5876 AppMgmt - ok
09:58:18.0902 5876 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:58:18.0917 5876 arc - ok
09:58:18.0926 5876 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:58:18.0941 5876 arcsas - ok
09:58:18.0949 5876 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:18.0988 5876 AsyncMac - ok
09:58:19.0030 5876 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:58:19.0045 5876 atapi - ok
09:58:19.0095 5876 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:58:19.0143 5876 AudioEndpointBuilder - ok
09:58:19.0173 5876 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:58:19.0217 5876 AudioSrv - ok
09:58:19.0324 5876 [ AEFC1353D0FB4E92A23CFB7E3372356D ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
09:58:19.0340 5876 AVP - ok
09:58:19.0386 5876 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:58:19.0407 5876 AxInstSV - ok
09:58:19.0425 5876 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:58:19.0445 5876 b06bdrv - ok
09:58:19.0462 5876 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:58:19.0480 5876 b57nd60a - ok
09:58:19.0591 5876 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:58:19.0645 5876 BCM43XX - ok
09:58:19.0674 5876 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:58:19.0690 5876 BDESVC - ok
09:58:19.0700 5876 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:58:19.0738 5876 Beep - ok
09:58:19.0794 5876 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:58:19.0838 5876 BFE - ok
09:58:19.0872 5876 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:58:19.0919 5876 BITS - ok
09:58:19.0930 5876 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:58:19.0946 5876 blbdrive - ok
09:58:19.0997 5876 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:58:20.0014 5876 Bonjour Service - ok
09:58:20.0061 5876 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:58:20.0076 5876 bowser - ok
09:58:20.0092 5876 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:58:20.0110 5876 BrFiltLo - ok
09:58:20.0124 5876 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:58:20.0142 5876 BrFiltUp - ok
09:58:20.0184 5876 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:58:20.0200 5876 Browser - ok
09:58:20.0224 5876 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:58:20.0242 5876 Brserid - ok
09:58:20.0257 5876 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:58:20.0275 5876 BrSerWdm - ok
09:58:20.0296 5876 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:58:20.0314 5876 BrUsbMdm - ok
09:58:20.0332 5876 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:58:20.0347 5876 BrUsbSer - ok
09:58:20.0368 5876 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:58:20.0386 5876 BTHMODEM - ok
09:58:20.0416 5876 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:58:20.0455 5876 bthserv - ok
09:58:20.0476 5876 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:58:20.0515 5876 cdfs - ok
09:58:20.0552 5876 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:58:20.0569 5876 cdrom - ok
09:58:20.0620 5876 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:58:20.0657 5876 CertPropSvc - ok
09:58:20.0678 5876 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:58:20.0696 5876 circlass - ok
09:58:20.0715 5876 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:58:20.0735 5876 CLFS - ok
09:58:20.0787 5876 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:20.0801 5876 clr_optimization_v2.0.50727_32 - ok
09:58:20.0862 5876 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:58:20.0876 5876 clr_optimization_v2.0.50727_64 - ok
09:58:20.0934 5876 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:20.0948 5876 clr_optimization_v4.0.30319_32 - ok
09:58:20.0977 5876 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:58:20.0991 5876 clr_optimization_v4.0.30319_64 - ok
09:58:21.0007 5876 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:21.0023 5876 CmBatt - ok
09:58:21.0043 5876 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:58:21.0057 5876 cmdide - ok
09:58:21.0117 5876 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:58:21.0143 5876 CNG - ok
09:58:21.0164 5876 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:58:21.0178 5876 Compbatt - ok
09:58:21.0221 5876 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:58:21.0238 5876 CompositeBus - ok
09:58:21.0243 5876 COMSysApp - ok
09:58:21.0258 5876 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:58:21.0273 5876 crcdisk - ok
09:58:21.0318 5876 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:58:21.0334 5876 CryptSvc - ok
09:58:21.0396 5876 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:58:21.0416 5876 CSC - ok
09:58:21.0454 5876 [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
09:58:21.0466 5876 CSCrySec - ok
09:58:21.0520 5876 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:58:21.0542 5876 CscService - ok
09:58:21.0645 5876 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
09:58:21.0667 5876 CSObjectsSrv - ok
09:58:21.0680 5876 [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
09:58:21.0692 5876 CSVirtualDiskDrv - ok
09:58:21.0765 5876 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:58:21.0808 5876 DcomLaunch - ok
09:58:21.0846 5876 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:58:21.0888 5876 defragsvc - ok
09:58:21.0935 5876 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:58:21.0972 5876 DfsC - ok
09:58:22.0010 5876 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:58:22.0049 5876 Dhcp - ok
09:58:22.0080 5876 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:58:22.0118 5876 discache - ok
09:58:22.0131 5876 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:58:22.0146 5876 Disk - ok
09:58:22.0189 5876 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:58:22.0206 5876 Dnscache - ok
09:58:22.0251 5876 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:58:22.0291 5876 dot3svc - ok
09:58:22.0338 5876 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:58:22.0376 5876 DPS - ok
09:58:22.0395 5876 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:58:22.0413 5876 drmkaud - ok
09:58:22.0477 5876 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:58:22.0506 5876 DXGKrnl - ok
09:58:22.0549 5876 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:58:22.0588 5876 EapHost - ok
09:58:22.0679 5876 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:58:22.0731 5876 ebdrv - ok
09:58:22.0771 5876 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:58:22.0788 5876 EFS - ok
09:58:22.0835 5876 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:58:22.0858 5876 ehRecvr - ok
09:58:22.0898 5876 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:58:22.0914 5876 ehSched - ok
09:58:22.0959 5876 [ 702D5606CF2199E0EDEA6F0E0D27CD10 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
09:58:22.0972 5876 ElbyCDIO - ok
09:58:23.0000 5876 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:58:23.0021 5876 elxstor - ok
09:58:23.0036 5876 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:58:23.0051 5876 ErrDev - ok
09:58:23.0094 5876 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:58:23.0136 5876 EventSystem - ok
09:58:23.0153 5876 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:58:23.0193 5876 exfat - ok
09:58:23.0217 5876 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:58:23.0257 5876 fastfat - ok
09:58:23.0313 5876 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:58:23.0336 5876 Fax - ok
09:58:23.0359 5876 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:58:23.0376 5876 fdc - ok
09:58:23.0391 5876 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:58:23.0430 5876 fdPHost - ok
09:58:23.0444 5876 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:58:23.0483 5876 FDResPub - ok
09:58:23.0501 5876 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:58:23.0516 5876 FileInfo - ok
09:58:23.0524 5876 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:58:23.0562 5876 Filetrace - ok
09:58:23.0575 5876 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:23.0591 5876 flpydisk - ok
09:58:23.0634 5876 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:58:23.0653 5876 FltMgr - ok
09:58:23.0697 5876 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:58:23.0725 5876 FontCache - ok
09:58:23.0799 5876 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:58:23.0811 5876 FontCache3.0.0.0 - ok
09:58:23.0821 5876 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:58:23.0836 5876 FsDepends - ok
09:58:23.0877 5876 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:58:23.0891 5876 Fs_Rec - ok
09:58:23.0938 5876 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:58:23.0959 5876 fvevol - ok
09:58:23.0998 5876 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:58:24.0012 5876 gagp30kx - ok
09:58:24.0039 5876 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:58:24.0050 5876 GEARAspiWDM - ok
09:58:24.0100 5876 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:58:24.0145 5876 gpsvc - ok
09:58:24.0154 5876 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:58:24.0170 5876 hcw85cir - ok
09:58:24.0220 5876 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:58:24.0241 5876 HdAudAddService - ok
09:58:24.0273 5876 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:58:24.0292 5876 HDAudBus - ok
09:58:24.0315 5876 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:58:24.0331 5876 HidBatt - ok
09:58:24.0351 5876 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:58:24.0370 5876 HidBth - ok
09:58:24.0390 5876 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:58:24.0413 5876 HidIr - ok
09:58:24.0438 5876 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:58:24.0477 5876 hidserv - ok
09:58:24.0523 5876 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:58:24.0539 5876 HidUsb - ok
09:58:24.0583 5876 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:58:24.0622 5876 hkmsvc - ok
09:58:24.0672 5876 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:58:24.0690 5876 HomeGroupListener - ok
09:58:24.0737 5876 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:58:24.0755 5876 HomeGroupProvider - ok
09:58:24.0803 5876 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:58:24.0818 5876 HpSAMD - ok
09:58:24.0876 5876 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:58:24.0921 5876 HTTP - ok
09:58:24.0960 5876 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:58:24.0974 5876 hwpolicy - ok
09:58:25.0016 5876 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:58:25.0033 5876 i8042prt - ok
09:58:25.0091 5876 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:58:25.0111 5876 iaStor - ok
09:58:25.0162 5876 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:58:25.0182 5876 iaStorV - ok
09:58:25.0227 5876 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:58:25.0251 5876 idsvc - ok
09:58:25.0509 5876 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:58:25.0642 5876 igfx - ok
09:58:25.0717 5876 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:58:25.0731 5876 iirsp - ok
09:58:25.0783 5876 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:58:25.0830 5876 IKEEXT - ok
09:58:25.0866 5876 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:58:25.0881 5876 intelide - ok
09:58:25.0898 5876 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:58:25.0915 5876 intelppm - ok
09:58:25.0946 5876 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:58:25.0986 5876 IPBusEnum - ok
09:58:26.0031 5876 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:58:26.0069 5876 IpFilterDriver - ok
09:58:26.0126 5876 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:58:26.0169 5876 iphlpsvc - ok
09:58:26.0214 5876 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:58:26.0230 5876 IPMIDRV - ok
09:58:26.0245 5876 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:58:26.0285 5876 IPNAT - ok
09:58:26.0324 5876 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:58:26.0350 5876 iPod Service - ok
09:58:26.0358 5876 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:58:26.0379 5876 IRENUM - ok
09:58:26.0395 5876 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:58:26.0409 5876 isapnp - ok
09:58:26.0464 5876 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:58:26.0482 5876 iScsiPrt - ok
09:58:26.0526 5876 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:58:26.0541 5876 kbdclass - ok
09:58:26.0575 5876 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:58:26.0592 5876 kbdhid - ok
09:58:26.0617 5876 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:58:26.0633 5876 KeyIso - ok
09:58:26.0687 5876 [ 73BF91EFBE1F788D0615A396A9211A4B ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
09:58:26.0706 5876 KL1 - ok
09:58:26.0719 5876 [ DC3CF56209C6A19124FEDEF1CBFAF55B ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
09:58:26.0734 5876 kl2 - ok
09:58:26.0787 5876 [ 43D02C0E6BDCD216A01ECAE213A64F67 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
09:58:26.0809 5876 KLIF - ok
09:58:26.0851 5876 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
09:58:26.0863 5876 KLIM6 - ok
09:58:26.0884 5876 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
09:58:26.0895 5876 klmouflt - ok
09:58:27.0017 5876 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
09:58:27.0034 5876 Kodak AiO Network Discovery Service - ok
09:58:27.0076 5876 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
09:58:27.0090 5876 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - warning
09:58:27.0091 5876 Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic (1)
09:58:27.0137 5876 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:58:27.0153 5876 KSecDD - ok
09:58:27.0191 5876 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:58:27.0207 5876 KSecPkg - ok
09:58:27.0232 5876 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:58:27.0271 5876 ksthunk - ok
09:58:27.0305 5876 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:58:27.0347 5876 KtmRm - ok
09:58:27.0397 5876 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:58:27.0439 5876 LanmanServer - ok
09:58:27.0479 5876 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:58:27.0518 5876 LanmanWorkstation - ok
09:58:27.0536 5876 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:58:27.0574 5876 lltdio - ok
09:58:27.0614 5876 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:58:27.0655 5876 lltdsvc - ok
09:58:27.0664 5876 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:58:27.0704 5876 lmhosts - ok
09:58:27.0717 5876 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:58:27.0733 5876 LSI_FC - ok
09:58:27.0747 5876 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:58:27.0763 5876 LSI_SAS - ok
09:58:27.0775 5876 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:58:27.0790 5876 LSI_SAS2 - ok
09:58:27.0807 5876 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:58:27.0822 5876 LSI_SCSI - ok
09:58:27.0837 5876 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:58:27.0876 5876 luafv - ok
09:58:27.0882 5876 lxcc_device - ok
09:58:27.0958 5876 [ 7FABCB154595488A9F3946F431D8D920 ] lxdkCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe
09:58:27.0971 5876 lxdkCATSCustConnectService - ok
09:58:27.0976 5876 lxdk_device - ok
09:58:28.0028 5876 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:58:28.0045 5876 Mcx2Svc - ok
09:58:28.0062 5876 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:58:28.0076 5876 megasas - ok
09:58:28.0102 5876 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:58:28.0120 5876 MegaSR - ok
09:58:28.0176 5876 Microsoft SharePoint Workspace Audit Service - ok
09:58:28.0201 5876 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:58:28.0240 5876 MMCSS - ok
09:58:28.0248 5876 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:58:28.0288 5876 Modem - ok
09:58:28.0296 5876 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:58:28.0315 5876 monitor - ok
09:58:28.0366 5876 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:58:28.0380 5876 mouclass - ok
09:58:28.0386 5876 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:58:28.0405 5876 mouhid - ok
09:58:28.0453 5876 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:58:28.0469 5876 mountmgr - ok
09:58:28.0489 5876 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:58:28.0505 5876 mpio - ok
09:58:28.0522 5876 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:58:28.0561 5876 mpsdrv - ok
09:58:28.0625 5876 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:58:28.0672 5876 MpsSvc - ok
09:58:28.0717 5876 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:58:28.0738 5876 MRxDAV - ok
09:58:28.0779 5876 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:58:28.0796 5876 mrxsmb - ok
09:58:28.0838 5876 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:58:28.0855 5876 mrxsmb10 - ok
09:58:28.0875 5876 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:58:28.0891 5876 mrxsmb20 - ok
09:58:28.0939 5876 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:58:28.0953 5876 msahci - ok
09:58:28.0993 5876 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:58:29.0009 5876 msdsm - ok
09:58:29.0025 5876 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:58:29.0043 5876 MSDTC - ok
09:58:29.0071 5876 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:58:29.0109 5876 Msfs - ok
09:58:29.0127 5876 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:58:29.0165 5876 mshidkmdf - ok
09:58:29.0200 5876 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:58:29.0214 5876 msisadrv - ok
09:58:29.0245 5876 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:58:29.0287 5876 MSiSCSI - ok
09:58:29.0291 5876 msiserver - ok
09:58:29.0313 5876 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:58:29.0351 5876 MSKSSRV - ok
09:58:29.0356 5876 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:58:29.0396 5876 MSPCLOCK - ok
09:58:29.0412 5876 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:58:29.0450 5876 MSPQM - ok
09:58:29.0501 5876 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:58:29.0521 5876 MsRPC - ok
09:58:29.0535 5876 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:58:29.0549 5876 mssmbios - ok
09:58:29.0554 5876 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:58:29.0593 5876 MSTEE - ok
09:58:29.0607 5876 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:58:29.0622 5876 MTConfig - ok
09:58:29.0640 5876 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:58:29.0655 5876 Mup - ok
09:58:29.0715 5876 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:58:29.0758 5876 napagent - ok
09:58:29.0784 5876 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:58:29.0807 5876 NativeWifiP - ok
09:58:29.0867 5876 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:58:29.0896 5876 NDIS - ok
09:58:29.0907 5876 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:58:29.0946 5876 NdisCap - ok
09:58:29.0957 5876 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:58:29.0996 5876 NdisTapi - ok
09:58:30.0035 5876 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:58:30.0072 5876 Ndisuio - ok
09:58:30.0116 5876 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:58:30.0154 5876 NdisWan - ok
09:58:30.0206 5876 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:58:30.0243 5876 NDProxy - ok
09:58:30.0260 5876 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:58:30.0299 5876 NetBIOS - ok
09:58:30.0347 5876 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:58:30.0387 5876 NetBT - ok
09:58:30.0397 5876 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:58:30.0413 5876 Netlogon - ok
09:58:30.0475 5876 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:58:30.0521 5876 Netman - ok
09:58:30.0553 5876 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:58:30.0597 5876 netprofm - ok
09:58:30.0621 5876 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:58:30.0634 5876 NetTcpPortSharing - ok
09:58:30.0656 5876 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:58:30.0673 5876 nfrd960 - ok
09:58:30.0719 5876 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:58:30.0760 5876 NlaSvc - ok
09:58:30.0771 5876 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:58:30.0810 5876 Npfs - ok
09:58:30.0818 5876 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:58:30.0858 5876 nsi - ok
09:58:30.0870 5876 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:58:30.0909 5876 nsiproxy - ok
09:58:30.0987 5876 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:58:31.0026 5876 Ntfs - ok
09:58:31.0038 5876 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:58:31.0076 5876 Null - ok
09:58:31.0097 5876 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:58:31.0113 5876 nvraid - ok
09:58:31.0157 5876 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:58:31.0174 5876 nvstor - ok
09:58:31.0192 5876 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:58:31.0208 5876 nv_agp - ok
09:58:31.0244 5876 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:58:31.0261 5876 ohci1394 - ok
09:58:31.0324 5876 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:58:31.0337 5876 ose64 - ok
09:58:31.0490 5876 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:58:31.0582 5876 osppsvc - ok
09:58:31.0687 5876 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:58:31.0706 5876 p2pimsvc - ok
09:58:31.0741 5876 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:58:31.0762 5876 p2psvc - ok
09:58:31.0792 5876 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:58:31.0808 5876 Parport - ok
09:58:31.0850 5876 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:58:31.0866 5876 partmgr - ok
09:58:31.0886 5876 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:58:31.0909 5876 PcaSvc - ok
09:58:31.0953 5876 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:58:31.0970 5876 pci - ok
09:58:32.0011 5876 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:58:32.0026 5876 pciide - ok
09:58:32.0056 5876 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:58:32.0073 5876 pcmcia - ok
09:58:32.0084 5876 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:58:32.0099 5876 pcw - ok
09:58:32.0125 5876 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:58:32.0170 5876 PEAUTH - ok
09:58:32.0222 5876 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:58:32.0253 5876 PeerDistSvc - ok
09:58:32.0316 5876 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:58:32.0333 5876 PerfHost - ok
09:58:32.0410 5876 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:58:32.0464 5876 pla - ok
09:58:32.0500 5876 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:58:32.0521 5876 PlugPlay - ok
09:58:32.0535 5876 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:58:32.0552 5876 PNRPAutoReg - ok
09:58:32.0576 5876 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:58:32.0595 5876 PNRPsvc - ok
09:58:32.0648 5876 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:58:32.0691 5876 PolicyAgent - ok
09:58:32.0714 5876 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:58:32.0755 5876 Power - ok
09:58:32.0796 5876 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:58:32.0834 5876 PptpMiniport - ok
09:58:32.0859 5876 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:58:32.0876 5876 Processor - ok
09:58:32.0922 5876 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:58:32.0940 5876 ProfSvc - ok
09:58:32.0954 5876 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:58:32.0970 5876 ProtectedStorage - ok
09:58:33.0013 5876 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:58:33.0051 5876 Psched - ok
09:58:33.0101 5876 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:58:33.0138 5876 ql2300 - ok
09:58:33.0161 5876 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:58:33.0177 5876 ql40xx - ok
09:58:33.0215 5876 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:58:33.0238 5876 QWAVE - ok
09:58:33.0249 5876 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:58:33.0270 5876 QWAVEdrv - ok
09:58:33.0288 5876 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:58:33.0326 5876 RasAcd - ok
09:58:33.0357 5876 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:58:33.0396 5876 RasAgileVpn - ok
09:58:33.0405 5876 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:58:33.0445 5876 RasAuto - ok
09:58:33.0495 5876 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:58:33.0533 5876 Rasl2tp - ok
09:58:33.0585 5876 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:58:33.0626 5876 RasMan - ok
09:58:33.0642 5876 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:58:33.0681 5876 RasPppoe - ok
09:58:33.0699 5876 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:58:33.0738 5876 RasSstp - ok
09:58:33.0795 5876 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:58:33.0834 5876 rdbss - ok
09:58:33.0852 5876 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:58:33.0870 5876 rdpbus - ok
09:58:33.0885 5876 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:58:33.0923 5876 RDPCDD - ok
09:58:33.0977 5876 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:58:33.0993 5876 RDPDR - ok
09:58:33.0998 5876 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:58:34.0038 5876 RDPENCDD - ok
09:58:34.0046 5876 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:58:34.0086 5876 RDPREFMP - ok
09:58:34.0157 5876 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:58:34.0172 5876 RdpVideoMiniport - ok
09:58:34.0218 5876 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:58:34.0236 5876 RDPWD - ok
09:58:34.0281 5876 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:58:34.0298 5876 rdyboost - ok
09:58:34.0329 5876 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:58:34.0368 5876 RemoteAccess - ok
09:58:34.0398 5876 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:58:34.0439 5876 RemoteRegistry - ok
09:58:34.0453 5876 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:58:34.0493 5876 RpcEptMapper - ok
09:58:34.0516 5876 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:58:34.0533 5876 RpcLocator - ok
09:58:34.0582 5876 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:58:34.0625 5876 RpcSs - ok
09:58:34.0659 5876 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:58:34.0698 5876 rspndr - ok
09:58:34.0739 5876 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:58:34.0754 5876 s3cap - ok
09:58:34.0766 5876 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:58:34.0783 5876 SamSs - ok
09:58:34.0832 5876 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:58:34.0843 5876 SASDIFSV - ok
09:58:34.0856 5876 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:58:34.0868 5876 SASKUTIL - ok
09:58:34.0913 5876 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:58:34.0929 5876 sbp2port - ok
09:58:34.0964 5876 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:58:35.0005 5876 SCardSvr - ok
09:58:35.0056 5876 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:58:35.0093 5876 scfilter - ok
09:58:35.0156 5876 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:58:35.0206 5876 Schedule - ok
09:58:35.0250 5876 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:58:35.0287 5876 SCPolicySvc - ok
09:58:35.0327 5876 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:58:35.0345 5876 SDRSVC - ok
09:58:35.0376 5876 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:58:35.0415 5876 secdrv - ok
09:58:35.0449 5876 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:58:35.0486 5876 seclogon - ok
09:58:35.0506 5876 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:58:35.0547 5876 SENS - ok
09:58:35.0565 5876 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:58:35.0582 5876 SensrSvc - ok
09:58:35.0590 5876 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:58:35.0607 5876 Serenum - ok
09:58:35.0620 5876 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:58:35.0637 5876 Serial - ok
09:58:35.0674 5876 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:58:35.0690 5876 sermouse - ok
09:58:35.0748 5876 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:58:35.0788 5876 SessionEnv - ok
09:58:35.0833 5876 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:58:35.0851 5876 sffdisk - ok
09:58:35.0856 5876 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:58:35.0875 5876 sffp_mmc - ok
09:58:35.0881 5876 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:58:35.0900 5876 sffp_sd - ok
09:58:35.0911 5876 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:58:35.0927 5876 sfloppy - ok
09:58:35.0959 5876 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:58:36.0001 5876 SharedAccess - ok
09:58:36.0034 5876 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:58:36.0076 5876 ShellHWDetection - ok
09:58:36.0088 5876 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:58:36.0103 5876 SiSRaid2 - ok
09:58:36.0117 5876 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:58:36.0132 5876 SiSRaid4 - ok
09:58:36.0168 5876 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:58:36.0181 5876 SkypeUpdate - ok
09:58:36.0198 5876 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:58:36.0236 5876 Smb - ok
09:58:36.0277 5876 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:58:36.0295 5876 SNMPTRAP - ok
09:58:36.0302 5876 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:58:36.0316 5876 spldr - ok
09:58:36.0370 5876 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:58:36.0394 5876 Spooler - ok
09:58:36.0518 5876 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:58:36.0595 5876 sppsvc - ok
09:58:36.0608 5876 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:58:36.0649 5876 sppuinotify - ok
09:58:36.0705 5876 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:58:36.0724 5876 srv - ok
09:58:36.0781 5876 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:58:36.0799 5876 srv2 - ok
09:58:36.0816 5876 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:58:36.0832 5876 srvnet - ok
09:58:36.0848 5876 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:58:36.0889 5876 SSDPSRV - ok
09:58:36.0905 5876 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:58:36.0947 5876 SstpSvc - ok
09:58:36.0976 5876 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:58:36.0991 5876 stexstor - ok
09:58:37.0040 5876 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:58:37.0068 5876 stisvc - ok
09:58:37.0110 5876 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:58:37.0125 5876 storflt - ok
09:58:37.0139 5876 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:58:37.0154 5876 storvsc - ok
09:58:37.0208 5876 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:58:37.0222 5876 swenum - ok
09:58:37.0251 5876 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:58:37.0297 5876 swprv - ok
09:58:37.0302 5876 Synth3dVsc - ok
09:58:37.0387 5876 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:58:37.0428 5876 SysMain - ok
09:58:37.0467 5876 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:58:37.0490 5876 TabletInputService - ok
09:58:37.0536 5876 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:58:37.0577 5876 TapiSrv - ok
09:58:37.0603 5876 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:58:37.0643 5876 TBS - ok
09:58:37.0721 5876 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:58:37.0764 5876 Tcpip - ok
09:58:37.0821 5876 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:58:37.0875 5876 TCPIP6 - ok
09:58:37.0920 5876 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:58:37.0957 5876 tcpipreg - ok
09:58:38.0010 5876 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:58:38.0026 5876 TDPIPE - ok
09:58:38.0061 5876 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:58:38.0076 5876 TDTCP - ok
09:58:38.0122 5876 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:58:38.0161 5876 tdx - ok
09:58:38.0204 5876 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:58:38.0219 5876 TermDD - ok
09:58:38.0274 5876 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:58:38.0320 5876 TermService - ok
09:58:38.0349 5876 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:58:38.0371 5876 Themes - ok
09:58:38.0385 5876 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:58:38.0426 5876 THREADORDER - ok
09:58:38.0444 5876 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:58:38.0485 5876 TrkWks - ok
09:58:38.0551 5876 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:58:38.0589 5876 TrustedInstaller - ok
09:58:38.0640 5876 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:58:38.0681 5876 tssecsrv - ok
09:58:38.0724 5876 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:58:38.0739 5876 TsUsbFlt - ok
09:58:38.0744 5876 tsusbhub - ok
09:58:38.0790 5876 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:58:38.0828 5876 tunnel - ok
09:58:38.0864 5876 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:58:38.0880 5876 uagp35 - ok
09:58:38.0931 5876 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:58:38.0971 5876 udfs - ok
09:58:39.0006 5876 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:58:39.0024 5876 UI0Detect - ok
09:58:39.0038 5876 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:58:39.0053 5876 uliagpkx - ok
09:58:39.0099 5876 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:58:39.0115 5876 umbus - ok
09:58:39.0130 5876 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:58:39.0146 5876 UmPass - ok
09:58:39.0205 5876 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:58:39.0223 5876 UmRdpService - ok
09:58:39.0241 5876 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:58:39.0285 5876 upnphost - ok
09:58:39.0334 5876 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:58:39.0351 5876 usbccgp - ok
09:58:39.0403 5876 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:58:39.0422 5876 usbcir - ok
09:58:39.0431 5876 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:58:39.0446 5876 usbehci - ok
09:58:39.0467 5876 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:58:39.0485 5876 usbhub - ok
09:58:39.0533 5876 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:58:39.0548 5876 usbohci - ok
09:58:39.0557 5876 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:58:39.0575 5876 usbprint - ok
09:58:39.0614 5876 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:58:39.0632 5876 usbscan - ok
09:58:39.0649 5876 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:58:39.0666 5876 USBSTOR - ok
09:58:39.0712 5876 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:58:39.0727 5876 usbuhci - ok
09:58:39.0746 5876 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:58:39.0766 5876 usbvideo - ok
09:58:39.0803 5876 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:58:39.0843 5876 UxSms - ok
09:58:39.0858 5876 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:58:39.0874 5876 VaultSvc - ok
09:58:39.0888 5876 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:58:39.0902 5876 vdrvroot - ok
09:58:39.0953 5876 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:58:39.0997 5876 vds - ok
09:58:40.0029 5876 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:58:40.0048 5876 vga - ok
09:58:40.0066 5876 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:58:40.0104 5876 VgaSave - ok
09:58:40.0109 5876 VGPU - ok
09:58:40.0118 5876 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:58:40.0135 5876 vhdmp - ok
09:58:40.0182 5876 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:58:40.0196 5876 viaide - ok
09:58:40.0252 5876 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:58:40.0270 5876 vmbus - ok
09:58:40.0308 5876 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:58:40.0323 5876 VMBusHID - ok
09:58:40.0343 5876 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:58:40.0358 5876 volmgr - ok
09:58:40.0413 5876 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:58:40.0432 5876 volmgrx - ok
09:58:40.0484 5876 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:58:40.0502 5876 volsnap - ok
09:58:40.0526 5876 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:58:40.0542 5876 vsmraid - ok
09:58:40.0611 5876 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:58:40.0669 5876 VSS - ok
09:58:40.0687 5876 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:58:40.0706 5876 vwifibus - ok
09:58:40.0723 5876 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:58:40.0743 5876 vwififlt - ok
09:58:40.0754 5876 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:58:40.0774 5876 vwifimp - ok
09:58:40.0807 5876 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:58:40.0852 5876 W32Time - ok
09:58:40.0874 5876 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:58:40.0889 5876 WacomPen - ok
09:58:40.0935 5876 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:58:40.0972 5876 WANARP - ok
09:58:40.0976 5876 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:58:41.0015 5876 Wanarpv6 - ok
09:58:41.0075 5876 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:58:41.0108 5876 WatAdminSvc - ok
09:58:41.0181 5876 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:58:41.0215 5876 wbengine - ok
09:58:41.0237 5876 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:58:41.0260 5876 WbioSrvc - ok
09:58:41.0315 5876 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:58:41.0341 5876 wcncsvc - ok
09:58:41.0356 5876 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:58:41.0373 5876 WcsPlugInService - ok
09:58:41.0398 5876 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:58:41.0413 5876 Wd - ok
09:58:41.0436 5876 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:58:41.0459 5876 Wdf01000 - ok
09:58:41.0473 5876 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:58:41.0496 5876 WdiServiceHost - ok
09:58:41.0500 5876 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:58:41.0523 5876 WdiSystemHost - ok
09:58:41.0582 5876 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:58:41.0606 5876 WebClient - ok
09:58:41.0621 5876 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:58:41.0663 5876 Wecsvc - ok
09:58:41.0682 5876 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:58:41.0724 5876 wercplsupport - ok
09:58:41.0737 5876 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:58:41.0779 5876 WerSvc - ok
09:58:41.0794 5876 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:58:41.0833 5876 WfpLwf - ok
09:58:41.0851 5876 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:58:41.0866 5876 WIMMount - ok
09:58:41.0884 5876 WinDefend - ok
09:58:41.0890 5876 WinHttpAutoProxySvc - ok
09:58:41.0947 5876 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:58:41.0988 5876 Winmgmt - ok
09:58:42.0065 5876 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:58:42.0126 5876 WinRM - ok
09:58:42.0184 5876 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:58:42.0203 5876 WinUsb - ok
09:58:42.0275 5876 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:58:42.0306 5876 Wlansvc - ok
09:58:42.0400 5876 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:58:42.0447 5876 wlidsvc - ok
09:58:42.0497 5876 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:58:42.0513 5876 WmiAcpi - ok
09:58:42.0553 5876 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:58:42.0571 5876 wmiApSrv - ok
09:58:42.0597 5876 WMPNetworkSvc - ok
09:58:42.0613 5876 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:58:42.0630 5876 WPCSvc - ok
09:58:42.0681 5876 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:58:42.0701 5876 WPDBusEnum - ok
09:58:42.0734 5876 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:58:42.0772 5876 ws2ifsl - ok
09:58:42.0792 5876 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:58:42.0815 5876 wscsvc - ok
09:58:42.0819 5876 WSearch - ok
09:58:42.0922 5876 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:58:42.0974 5876 wuauserv - ok
09:58:43.0018 5876 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:58:43.0057 5876 WudfPf - ok
09:58:43.0064 5876 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:58:43.0103 5876 WUDFRd - ok
09:58:43.0146 5876 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:58:43.0185 5876 wudfsvc - ok
09:58:43.0206 5876 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:58:43.0230 5876 WwanSvc - ok
09:58:43.0311 5876 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:58:43.0331 5876 YahooAUService - ok
09:58:43.0389 5876 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
09:58:43.0412 5876 yukonw7 - ok
09:58:43.0421 5876 ================ Scan global ===============================
09:58:43.0447 5876 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:58:43.0491 5876 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:58:43.0512 5876 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:58:43.0547 5876 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:58:43.0582 5876 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:58:43.0586 5876 [Global] - ok
09:58:43.0586 5876 ================ Scan MBR ==================================
09:58:43.0604 5876 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:58:43.0814 5876 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:58:43.0814 5876 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:58:43.0814 5876 ================ Scan VBR ==================================
09:58:43.0817 5876 [ D303BA92686F7F0332982606CAC13871 ] \Device\Harddisk0\DR0\Partition1
09:58:43.0819 5876 \Device\Harddisk0\DR0\Partition1 - ok
09:58:43.0849 5876 [ 9C3824DC60183B02681E4857B4879A10 ] \Device\Harddisk0\DR0\Partition2
09:58:43.0850 5876 \Device\Harddisk0\DR0\Partition2 - ok
09:58:43.0854 5876 ============================================================
09:58:43.0854 5876 Scan finished
09:58:43.0854 5876 ============================================================
09:58:43.0867 4156 Detected object count: 2
09:58:43.0867 4156 Actual detected object count: 2
09:58:48.0268 4156 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:48.0269 4156 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:58:48.0271 4156 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:58:48.0271 4156 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:56:44.0001 3596 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:56:44.0508 3596 ============================================================
09:56:44.0508 3596 Current date / time: 2012/10/28 09:56:44.0508
09:56:44.0508 3596 SystemInfo:
09:56:44.0508 3596
09:56:44.0508 3596 OS Version: 6.1.7601 ServicePack: 1.0
09:56:44.0508 3596 Product type: Workstation
09:56:44.0508 3596 ComputerName: USER-PC
09:56:44.0509 3596 UserName: User
09:56:44.0509 3596 Windows directory: C:\Windows
09:56:44.0509 3596 System windows directory: C:\Windows
09:56:44.0509 3596 Running under WOW64
09:56:44.0509 3596 Processor architecture: Intel x64
09:56:44.0509 3596 Number of processors: 2
09:56:44.0509 3596 Page size: 0x1000
09:56:44.0509 3596 Boot type: Normal boot
09:56:44.0509 3596 ============================================================
09:56:44.0879 3596 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:56:44.0917 3596 ============================================================
09:56:44.0917 3596 \Device\Harddisk0\DR0:
09:56:44.0917 3596 MBR partitions:
09:56:44.0917 3596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
09:56:44.0917 3596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465000
09:56:44.0917 3596 ============================================================
09:56:44.0933 3596 C: <-> \Device\Harddisk0\DR0\Partition2
09:56:44.0933 3596 ============================================================
09:56:44.0933 3596 Initialize success
09:56:44.0933 3596 ============================================================
09:56:57.0821 3368 ============================================================
09:56:57.0821 3368 Scan started
09:56:57.0821 3368 Mode: Manual; SigCheck; TDLFS;
09:56:57.0821 3368 ============================================================
09:56:57.0950 3368 ================ Scan system memory ========================
09:56:57.0950 3368 System memory - ok
09:56:57.0950 3368 ================ Scan services =============================
09:56:58.0039 3368 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:56:58.0102 3368 !SASCORE - ok
09:56:58.0278 3368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:56:58.0300 3368 1394ohci - ok
09:56:58.0363 3368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:56:58.0382 3368 ACPI - ok
09:56:58.0428 3368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:56:58.0447 3368 AcpiPmi - ok
09:56:58.0501 3368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:56:58.0523 3368 adp94xx - ok
09:56:58.0565 3368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:56:58.0585 3368 adpahci - ok
09:56:58.0609 3368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:56:58.0626 3368 adpu320 - ok
09:56:58.0662 3368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:56:58.0701 3368 AeLookupSvc - ok
09:56:58.0796 3368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:56:58.0817 3368 AFD - ok
09:56:58.0914 3368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:56:58.0930 3368 agp440 - ok
09:56:58.0944 3368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:56:58.0961 3368 ALG - ok
09:56:58.0969 3368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:56:58.0984 3368 aliide - ok
09:56:59.0002 3368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:56:59.0016 3368 amdide - ok
09:56:59.0028 3368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:56:59.0045 3368 AmdK8 - ok
09:56:59.0063 3368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:56:59.0080 3368 AmdPPM - ok
09:56:59.0135 3368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:56:59.0152 3368 amdsata - ok
09:56:59.0176 3368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:56:59.0195 3368 amdsbs - ok
09:56:59.0211 3368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:56:59.0227 3368 amdxata - ok
09:56:59.0273 3368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:56:59.0312 3368 AppID - ok
09:56:59.0333 3368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:56:59.0371 3368 AppIDSvc - ok
09:56:59.0419 3368 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:56:59.0458 3368 Appinfo - ok
09:56:59.0553 3368 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:56:59.0567 3368 Apple Mobile Device - ok
09:56:59.0608 3368 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:56:59.0625 3368 AppMgmt - ok
09:56:59.0656 3368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:56:59.0672 3368 arc - ok
09:56:59.0691 3368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:56:59.0708 3368 arcsas - ok
09:56:59.0726 3368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:56:59.0766 3368 AsyncMac - ok
09:56:59.0807 3368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:56:59.0822 3368 atapi - ok
09:56:59.0894 3368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:56:59.0940 3368 AudioEndpointBuilder - ok
09:56:59.0972 3368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:57:00.0016 3368 AudioSrv - ok
09:57:00.0123 3368 [ AEFC1353D0FB4E92A23CFB7E3372356D ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
09:57:00.0143 3368 AVP - ok
09:57:00.0206 3368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:57:00.0230 3368 AxInstSV - ok
09:57:00.0268 3368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:57:00.0303 3368 b06bdrv - ok
09:57:00.0338 3368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:57:00.0360 3368 b57nd60a - ok
09:57:00.0478 3368 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:57:00.0586 3368 BCM43XX - ok
09:57:00.0617 3368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:57:00.0635 3368 BDESVC - ok
09:57:00.0643 3368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:57:00.0682 3368 Beep - ok
09:57:00.0759 3368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:57:00.0817 3368 BFE - ok
09:57:00.0848 3368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:57:00.0912 3368 BITS - ok
09:57:00.0940 3368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:57:00.0957 3368 blbdrive - ok
09:57:01.0029 3368 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:57:01.0047 3368 Bonjour Service - ok
09:57:01.0104 3368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:57:01.0120 3368 bowser - ok
09:57:01.0146 3368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:57:01.0165 3368 BrFiltLo - ok
09:57:01.0179 3368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:57:01.0198 3368 BrFiltUp - ok
09:57:01.0238 3368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:57:01.0255 3368 Browser - ok
09:57:01.0278 3368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:57:01.0300 3368 Brserid - ok
09:57:01.0311 3368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:57:01.0332 3368 BrSerWdm - ok
09:57:01.0351 3368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:57:01.0370 3368 BrUsbMdm - ok
09:57:01.0386 3368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:57:01.0403 3368 BrUsbSer - ok
09:57:01.0422 3368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:57:01.0443 3368 BTHMODEM - ok
09:57:01.0482 3368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:57:01.0523 3368 bthserv - ok
09:57:01.0541 3368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:57:01.0582 3368 cdfs - ok
09:57:01.0629 3368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:57:01.0648 3368 cdrom - ok
09:57:01.0707 3368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:57:01.0746 3368 CertPropSvc - ok
09:57:01.0765 3368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:57:01.0786 3368 circlass - ok
09:57:01.0803 3368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:57:01.0826 3368 CLFS - ok
09:57:01.0886 3368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:57:01.0899 3368 clr_optimization_v2.0.50727_32 - ok
09:57:01.0961 3368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:57:01.0974 3368 clr_optimization_v2.0.50727_64 - ok
09:57:02.0088 3368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:57:02.0103 3368 clr_optimization_v4.0.30319_32 - ok
09:57:02.0131 3368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:57:02.0145 3368 clr_optimization_v4.0.30319_64 - ok
09:57:02.0162 3368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:57:02.0179 3368 CmBatt - ok
09:57:02.0198 3368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:57:02.0214 3368 cmdide - ok
09:57:02.0271 3368 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:57:02.0302 3368 CNG - ok
09:57:02.0351 3368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:57:02.0367 3368 Compbatt - ok
09:57:02.0431 3368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:57:02.0450 3368 CompositeBus - ok
09:57:02.0466 3368 COMSysApp - ok
09:57:02.0480 3368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:57:02.0495 3368 crcdisk - ok
09:57:02.0539 3368 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:57:02.0556 3368 CryptSvc - ok
09:57:02.0606 3368 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:57:02.0627 3368 CSC - ok
09:57:02.0686 3368 [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
09:57:02.0700 3368 CSCrySec - ok
09:57:02.0775 3368 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:57:02.0810 3368 CscService - ok
09:57:02.0910 3368 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
09:57:02.0947 3368 CSObjectsSrv - ok
09:57:02.0979 3368 [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
09:57:02.0992 3368 CSVirtualDiskDrv - ok
09:57:03.0064 3368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:57:03.0108 3368 DcomLaunch - ok
09:57:03.0145 3368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:57:03.0189 3368 defragsvc - ok
09:57:03.0245 3368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:57:03.0284 3368 DfsC - ok
09:57:03.0342 3368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:57:03.0385 3368 Dhcp - ok
09:57:03.0412 3368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:57:03.0452 3368 discache - ok
09:57:03.0486 3368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:57:03.0502 3368 Disk - ok
09:57:03.0555 3368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:57:03.0573 3368 Dnscache - ok
09:57:03.0617 3368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:57:03.0656 3368 dot3svc - ok
09:57:03.0703 3368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:57:03.0744 3368 DPS - ok
09:57:03.0772 3368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:57:03.0791 3368 drmkaud - ok
09:57:03.0854 3368 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:57:03.0883 3368 DXGKrnl - ok
09:57:03.0914 3368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:57:03.0955 3368 EapHost - ok
09:57:04.0055 3368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:57:04.0170 3368 ebdrv - ok
09:57:04.0214 3368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:57:04.0232 3368 EFS - ok
09:57:04.0279 3368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:57:04.0315 3368 ehRecvr - ok
09:57:04.0352 3368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:57:04.0371 3368 ehSched - ok
09:57:04.0436 3368 [ 702D5606CF2199E0EDEA6F0E0D27CD10 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
09:57:04.0449 3368 ElbyCDIO - ok
09:57:04.0498 3368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:57:04.0533 3368 elxstor - ok
09:57:04.0546 3368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:57:04.0563 3368 ErrDev - ok
09:57:04.0604 3368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:57:04.0650 3368 EventSystem - ok
09:57:04.0662 3368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:57:04.0705 3368 exfat - ok
09:57:04.0716 3368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:57:04.0759 3368 fastfat - ok
09:57:04.0824 3368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:57:04.0860 3368 Fax - ok
09:57:04.0880 3368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:57:04.0897 3368 fdc - ok
09:57:04.0923 3368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:57:04.0963 3368 fdPHost - ok
09:57:04.0976 3368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:57:05.0018 3368 FDResPub - ok
09:57:05.0033 3368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:57:05.0049 3368 FileInfo - ok
09:57:05.0067 3368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:57:05.0107 3368 Filetrace - ok
09:57:05.0120 3368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:57:05.0137 3368 flpydisk - ok
09:57:05.0179 3368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:57:05.0197 3368 FltMgr - ok
09:57:05.0242 3368 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:57:05.0308 3368 FontCache - ok
09:57:05.0376 3368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:57:05.0389 3368 FontCache3.0.0.0 - ok
09:57:05.0410 3368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:57:05.0426 3368 FsDepends - ok
09:57:05.0465 3368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:57:05.0481 3368 Fs_Rec - ok
09:57:05.0538 3368 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:57:05.0561 3368 fvevol - ok
09:57:05.0586 3368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:57:05.0604 3368 gagp30kx - ok
09:57:05.0628 3368 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:57:05.0640 3368 GEARAspiWDM - ok
09:57:05.0688 3368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:57:05.0749 3368 gpsvc - ok
09:57:05.0765 3368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:57:05.0782 3368 hcw85cir - ok
09:57:05.0842 3368 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:57:05.0868 3368 HdAudAddService - ok
09:57:05.0895 3368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:57:05.0916 3368 HDAudBus - ok
09:57:05.0960 3368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:57:05.0977 3368 HidBatt - ok
09:57:05.0996 3368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:57:06.0020 3368 HidBth - ok
09:57:06.0034 3368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:57:06.0054 3368 HidIr - ok
09:57:06.0082 3368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:57:06.0123 3368 hidserv - ok
09:57:06.0179 3368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:57:06.0196 3368 HidUsb - ok
09:57:06.0239 3368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:57:06.0278 3368 hkmsvc - ok
09:57:06.0328 3368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:57:06.0356 3368 HomeGroupListener - ok
09:57:06.0404 3368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:57:06.0424 3368 HomeGroupProvider - ok
09:57:06.0490 3368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:57:06.0507 3368 HpSAMD - ok
09:57:06.0585 3368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:57:06.0632 3368 HTTP - ok
09:57:06.0669 3368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:57:06.0683 3368 hwpolicy - ok
09:57:06.0748 3368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:57:06.0766 3368 i8042prt - ok
09:57:06.0822 3368 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:57:06.0842 3368 iaStor - ok
09:57:06.0893 3368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:57:06.0916 3368 iaStorV - ok
09:57:06.0991 3368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:57:07.0035 3368 idsvc - ok
09:57:07.0308 3368 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:57:07.0443 3368 igfx - ok
09:57:07.0515 3368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:57:07.0532 3368 iirsp - ok
09:57:07.0593 3368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:57:07.0654 3368 IKEEXT - ok
09:57:07.0698 3368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:57:07.0713 3368 intelide - ok
09:57:07.0752 3368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:57:07.0769 3368 intelppm - ok
09:57:07.0800 3368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:57:07.0842 3368 IPBusEnum - ok
09:57:07.0885 3368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:57:07.0924 3368 IpFilterDriver - ok
09:57:07.0991 3368 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:57:08.0039 3368 iphlpsvc - ok
09:57:08.0090 3368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:57:08.0108 3368 IPMIDRV - ok
09:57:08.0132 3368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:57:08.0173 3368 IPNAT - ok
09:57:08.0256 3368 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:57:08.0281 3368 iPod Service - ok
09:57:08.0312 3368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:57:08.0333 3368 IRENUM - ok
09:57:08.0349 3368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:57:08.0365 3368 isapnp - ok
09:57:08.0418 3368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:57:08.0438 3368 iScsiPrt - ok
09:57:08.0470 3368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:57:08.0486 3368 kbdclass - ok
09:57:08.0541 3368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:57:08.0558 3368 kbdhid - ok
09:57:08.0572 3368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:57:08.0588 3368 KeyIso - ok
09:57:08.0653 3368 [ 73BF91EFBE1F788D0615A396A9211A4B ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
09:57:08.0676 3368 KL1 - ok
09:57:08.0696 3368 [ DC3CF56209C6A19124FEDEF1CBFAF55B ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
09:57:08.0711 3368 kl2 - ok
09:57:08.0798 3368 [ 43D02C0E6BDCD216A01ECAE213A64F67 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
09:57:08.0832 3368 KLIF - ok
09:57:08.0872 3368 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
09:57:08.0886 3368 KLIM6 - ok
09:57:08.0905 3368 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
09:57:08.0918 3368 klmouflt - ok
09:57:09.0071 3368 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
09:57:09.0090 3368 Kodak AiO Network Discovery Service - ok
09:57:09.0131 3368 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
09:57:09.0146 3368 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - warning
09:57:09.0146 3368 Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic (1)
09:57:09.0192 3368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:57:09.0209 3368 KSecDD - ok
09:57:09.0257 3368 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:57:09.0275 3368 KSecPkg - ok
09:57:09.0320 3368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:57:09.0360 3368 ksthunk - ok
09:57:09.0393 3368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:57:09.0440 3368 KtmRm - ok
09:57:09.0496 3368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:57:09.0539 3368 LanmanServer - ok
09:57:09.0589 3368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:57:09.0633 3368 LanmanWorkstation - ok
09:57:09.0680 3368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:57:09.0720 3368 lltdio - ok
09:57:09.0769 3368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:57:09.0813 3368 lltdsvc - ok
09:57:09.0830 3368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:57:09.0871 3368 lmhosts - ok
09:57:09.0906 3368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:57:09.0923 3368 LSI_FC - ok
09:57:09.0968 3368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:57:09.0985 3368 LSI_SAS - ok
09:57:09.0996 3368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:57:10.0013 3368 LSI_SAS2 - ok
09:57:10.0028 3368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:57:10.0046 3368 LSI_SCSI - ok
09:57:10.0081 3368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:57:10.0124 3368 luafv - ok
09:57:10.0134 3368 lxcc_device - ok
09:57:10.0235 3368 [ 7FABCB154595488A9F3946F431D8D920 ] lxdkCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe
09:57:10.0248 3368 lxdkCATSCustConnectService - ok
09:57:10.0253 3368 lxdk_device - ok
09:57:10.0305 3368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:57:10.0325 3368 Mcx2Svc - ok
09:57:10.0339 3368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:57:10.0355 3368 megasas - ok
09:57:10.0368 3368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:57:10.0390 3368 MegaSR - ok
09:57:10.0442 3368 Microsoft SharePoint Workspace Audit Service - ok
09:57:10.0467 3368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:57:10.0507 3368 MMCSS - ok
09:57:10.0525 3368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:57:10.0566 3368 Modem - ok
09:57:10.0595 3368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:57:10.0615 3368 monitor - ok
09:57:10.0677 3368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:57:10.0692 3368 mouclass - ok
09:57:10.0698 3368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:57:10.0716 3368 mouhid - ok
09:57:10.0763 3368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:57:10.0780 3368 mountmgr - ok
09:57:10.0799 3368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:57:10.0818 3368 mpio - ok
09:57:10.0832 3368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:57:10.0874 3368 mpsdrv - ok
09:57:10.0935 3368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:57:10.0998 3368 MpsSvc - ok
09:57:11.0050 3368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:57:11.0073 3368 MRxDAV - ok
09:57:11.0112 3368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:57:11.0131 3368 mrxsmb - ok
09:57:11.0182 3368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:57:11.0203 3368 mrxsmb10 - ok
09:57:11.0219 3368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:57:11.0237 3368 mrxsmb20 - ok
09:57:11.0282 3368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:57:11.0298 3368 msahci - ok
09:57:11.0337 3368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:57:11.0355 3368 msdsm - ok
09:57:11.0413 3368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:57:11.0434 3368 MSDTC - ok
09:57:11.0471 3368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:57:11.0511 3368 Msfs - ok
09:57:11.0526 3368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:57:11.0566 3368 mshidkmdf - ok
09:57:11.0621 3368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:57:11.0637 3368 msisadrv - ok
09:57:11.0689 3368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:57:11.0730 3368 MSiSCSI - ok
09:57:11.0736 3368 msiserver - ok
09:57:11.0768 3368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:57:11.0809 3368 MSKSSRV - ok
09:57:11.0823 3368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:57:11.0864 3368 MSPCLOCK - ok
09:57:11.0878 3368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:57:11.0918 3368 MSPQM - ok
09:57:11.0978 3368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:57:12.0000 3368 MsRPC - ok
09:57:12.0023 3368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:57:12.0039 3368 mssmbios - ok
09:57:12.0044 3368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:57:12.0084 3368 MSTEE - ok
09:57:12.0095 3368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:57:12.0113 3368 MTConfig - ok
09:57:12.0140 3368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:57:12.0156 3368 Mup - ok
09:57:12.0220 3368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:57:12.0275 3368 napagent - ok
09:57:12.0306 3368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:57:12.0331 3368 NativeWifiP - ok
09:57:12.0401 3368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:57:12.0443 3368 NDIS - ok
09:57:12.0463 3368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:57:12.0502 3368 NdisCap - ok
09:57:12.0535 3368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:57:12.0574 3368 NdisTapi - ok
09:57:12.0623 3368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:57:12.0664 3368 Ndisuio - ok
09:57:12.0705 3368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:57:12.0747 3368 NdisWan - ok
09:57:12.0794 3368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:57:12.0832 3368 NDProxy - ok
09:57:12.0849 3368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:57:12.0889 3368 NetBIOS - ok
09:57:12.0936 3368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:57:12.0975 3368 NetBT - ok
09:57:12.0996 3368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:57:13.0013 3368 Netlogon - ok
09:57:13.0053 3368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:57:13.0098 3368 Netman - ok
09:57:13.0125 3368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:57:13.0174 3368 netprofm - ok
09:57:13.0198 3368 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:57:13.0211 3368 NetTcpPortSharing - ok
09:57:13.0245 3368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:57:13.0261 3368 nfrd960 - ok
09:57:13.0308 3368 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:57:13.0351 3368 NlaSvc - ok
09:57:13.0360 3368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:57:13.0401 3368 Npfs - ok
09:57:13.0418 3368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:57:13.0460 3368 nsi - ok
09:57:13.0470 3368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:57:13.0510 3368 nsiproxy - ok
09:57:13.0586 3368 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:57:13.0625 3368 Ntfs - ok
09:57:13.0637 3368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:57:13.0680 3368 Null - ok
09:57:13.0697 3368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:57:13.0715 3368 nvraid - ok
09:57:13.0768 3368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:57:13.0786 3368 nvstor - ok
09:57:13.0803 3368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:57:13.0821 3368 nv_agp - ok
09:57:13.0855 3368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:57:13.0873 3368 ohci1394 - ok
09:57:13.0945 3368 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:57:13.0959 3368 ose64 - ok
09:57:14.0135 3368 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:57:14.0296 3368 osppsvc - ok
09:57:14.0331 3368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:57:14.0353 3368 p2pimsvc - ok
09:57:14.0374 3368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:57:14.0412 3368 p2psvc - ok
09:57:14.0447 3368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:57:14.0465 3368 Parport - ok
09:57:14.0506 3368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:57:14.0522 3368 partmgr - ok
09:57:14.0541 3368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:57:14.0565 3368 PcaSvc - ok
09:57:14.0608 3368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:57:14.0627 3368 pci - ok
09:57:14.0644 3368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:57:14.0660 3368 pciide - ok
09:57:14.0678 3368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:57:14.0697 3368 pcmcia - ok
09:57:14.0706 3368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:57:14.0723 3368 pcw - ok
09:57:14.0747 3368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:57:14.0805 3368 PEAUTH - ok
09:57:14.0866 3368 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:57:14.0922 3368 PeerDistSvc - ok
09:57:14.0994 3368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:57:15.0011 3368 PerfHost - ok
09:57:15.0088 3368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:57:15.0166 3368 pla - ok
09:57:15.0211 3368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:57:15.0245 3368 PlugPlay - ok
09:57:15.0257 3368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:57:15.0275 3368 PNRPAutoReg - ok
09:57:15.0298 3368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:57:15.0319 3368 PNRPsvc - ok
09:57:15.0336 3368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:57:15.0394 3368 PolicyAgent - ok
09:57:15.0425 3368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:57:15.0469 3368 Power - ok
09:57:15.0518 3368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:57:15.0556 3368 PptpMiniport - ok
09:57:15.0581 3368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:57:15.0597 3368 Processor - ok
09:57:15.0644 3368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:57:15.0662 3368 ProfSvc - ok
09:57:15.0687 3368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:57:15.0704 3368 ProtectedStorage - ok
09:57:15.0780 3368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:57:15.0818 3368 Psched - ok
09:57:15.0868 3368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:57:15.0930 3368 ql2300 - ok
09:57:15.0972 3368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:57:15.0989 3368 ql40xx - ok
09:57:16.0026 3368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:57:16.0053 3368 QWAVE - ok
09:57:16.0060 3368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:57:16.0083 3368 QWAVEdrv - ok
09:57:16.0099 3368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:57:16.0139 3368 RasAcd - ok
09:57:16.0190 3368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:57:16.0233 3368 RasAgileVpn - ok
09:57:16.0249 3368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:57:16.0291 3368 RasAuto - ok
09:57:16.0339 3368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:57:16.0379 3368 Rasl2tp - ok
09:57:16.0429 3368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:57:16.0475 3368 RasMan - ok
09:57:16.0508 3368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:57:16.0550 3368 RasPppoe - ok
09:57:16.0565 3368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:57:16.0607 3368 RasSstp - ok
09:57:16.0661 3368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:57:16.0703 3368 rdbss - ok
09:57:16.0741 3368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:57:16.0760 3368 rdpbus - ok
09:57:16.0784 3368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:57:16.0824 3368 RDPCDD - ok
09:57:16.0887 3368 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:57:16.0914 3368 RDPDR - ok
09:57:16.0918 3368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:57:16.0958 3368 RDPENCDD - ok
09:57:16.0966 3368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:57:17.0006 3368 RDPREFMP - ok
09:57:17.0101 3368 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:57:17.0118 3368 RdpVideoMiniport - ok
09:57:17.0163 3368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:57:17.0179 3368 RDPWD - ok
09:57:17.0237 3368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:57:17.0256 3368 rdyboost - ok
09:57:17.0306 3368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:57:17.0348 3368 RemoteAccess - ok
09:57:17.0375 3368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:57:17.0420 3368 RemoteRegistry - ok
09:57:17.0430 3368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:57:17.0472 3368 RpcEptMapper - ok
09:57:17.0494 3368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:57:17.0512 3368 RpcLocator - ok
09:57:17.0560 3368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:57:17.0605 3368 RpcSs - ok
09:57:17.0637 3368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:57:17.0677 3368 rspndr - ok
09:57:17.0717 3368 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:57:17.0738 3368 s3cap - ok
09:57:17.0755 3368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:57:17.0771 3368 SamSs - ok
09:57:17.0820 3368 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:57:17.0833 3368 SASDIFSV - ok
09:57:17.0856 3368 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:57:17.0868 3368 SASKUTIL - ok
09:57:17.0913 3368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:57:17.0930 3368 sbp2port - ok
09:57:17.0975 3368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:57:18.0018 3368 SCardSvr - ok
09:57:18.0078 3368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:57:18.0115 3368 scfilter - ok
09:57:18.0178 3368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:57:18.0256 3368 Schedule - ok
09:57:18.0305 3368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:57:18.0343 3368 SCPolicySvc - ok
09:57:18.0383 3368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:57:18.0404 3368 SDRSVC - ok
09:57:18.0443 3368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:57:18.0483 3368 secdrv - ok
09:57:18.0526 3368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:57:18.0566 3368 seclogon - ok
09:57:18.0595 3368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:57:18.0636 3368 SENS - ok
09:57:18.0643 3368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:57:18.0661 3368 SensrSvc - ok
09:57:18.0667 3368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:57:18.0685 3368 Serenum - ok
09:57:18.0698 3368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:57:18.0716 3368 Serial - ok
09:57:18.0763 3368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:57:18.0780 3368 sermouse - ok
09:57:18.0837 3368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:57:18.0878 3368 SessionEnv - ok
09:57:18.0922 3368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:57:18.0942 3368 sffdisk - ok
09:57:18.0947 3368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:57:18.0967 3368 sffp_mmc - ok
09:57:18.0972 3368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:57:18.0992 3368 sffp_sd - ok
09:57:18.0999 3368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:57:19.0016 3368 sfloppy - ok
09:57:19.0069 3368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:57:19.0114 3368 SharedAccess - ok
09:57:19.0155 3368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:57:19.0200 3368 ShellHWDetection - ok
09:57:19.0220 3368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:57:19.0236 3368 SiSRaid2 - ok
09:57:19.0249 3368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:57:19.0266 3368 SiSRaid4 - ok
09:57:19.0311 3368 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:57:19.0325 3368 SkypeUpdate - ok
09:57:19.0341 3368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:57:19.0383 3368 Smb - ok
09:57:19.0421 3368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:57:19.0440 3368 SNMPTRAP - ok
09:57:19.0456 3368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:57:19.0472 3368 spldr - ok
09:57:19.0525 3368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:57:19.0548 3368 Spooler - ok
09:57:19.0672 3368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:57:19.0751 3368 sppsvc - ok
09:57:19.0763 3368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:57:19.0806 3368 sppuinotify - ok
09:57:19.0860 3368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:57:19.0893 3368 srv - ok
09:57:19.0946 3368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:57:19.0966 3368 srv2 - ok
09:57:20.0004 3368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:57:20.0023 3368 srvnet - ok
09:57:20.0047 3368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:57:20.0090 3368 SSDPSRV - ok
09:57:20.0104 3368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:57:20.0147 3368 SstpSvc - ok
09:57:20.0175 3368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:57:20.0191 3368 stexstor - ok
09:57:20.0250 3368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:57:20.0279 3368 stisvc - ok
09:57:20.0331 3368 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:57:20.0346 3368 storflt - ok
09:57:20.0360 3368 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:57:20.0376 3368 storvsc - ok
09:57:20.0385 3368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:57:20.0402 3368 swenum - ok
09:57:20.0428 3368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:57:20.0489 3368 swprv - ok
09:57:20.0503 3368 Synth3dVsc - ok
09:57:20.0575 3368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:57:20.0651 3368 SysMain - ok
09:57:20.0689 3368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:57:20.0713 3368 TabletInputService - ok
09:57:20.0757 3368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:57:20.0802 3368 TapiSrv - ok
09:57:20.0824 3368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:57:20.0866 3368 TBS - ok
09:57:20.0942 3368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:57:20.0985 3368 Tcpip - ok
09:57:21.0042 3368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:57:21.0086 3368 TCPIP6 - ok
09:57:21.0130 3368 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:57:21.0169 3368 tcpipreg - ok
09:57:21.0198 3368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:57:21.0216 3368 TDPIPE - ok
09:57:21.0249 3368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:57:21.0264 3368 TDTCP - ok
09:57:21.0310 3368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:57:21.0349 3368 tdx - ok
09:57:21.0392 3368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:57:21.0409 3368 TermDD - ok
09:57:21.0462 3368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:57:21.0524 3368 TermService - ok
09:57:21.0548 3368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:57:21.0570 3368 Themes - ok
09:57:21.0584 3368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:57:21.0624 3368 THREADORDER - ok
09:57:21.0643 3368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:57:21.0686 3368 TrkWks - ok
09:57:21.0750 3368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:57:21.0792 3368 TrustedInstaller - ok
09:57:21.0838 3368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:57:21.0877 3368 tssecsrv - ok
09:57:21.0910 3368 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:57:21.0928 3368 TsUsbFlt - ok
09:57:21.0950 3368 tsusbhub - ok
09:57:22.0010 3368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:57:22.0048 3368 tunnel - ok
09:57:22.0084 3368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:57:22.0101 3368 uagp35 - ok
09:57:22.0151 3368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:57:22.0194 3368 udfs - ok
09:57:22.0227 3368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:57:22.0247 3368 UI0Detect - ok
09:57:22.0270 3368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:57:22.0286 3368 uliagpkx - ok
09:57:22.0342 3368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:57:22.0360 3368 umbus - ok
09:57:22.0373 3368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:57:22.0399 3368 UmPass - ok
09:57:22.0459 3368 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:57:22.0481 3368 UmRdpService - ok
09:57:22.0506 3368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:57:22.0552 3368 upnphost - ok
09:57:22.0600 3368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:57:22.0627 3368 usbccgp - ok
09:57:22.0691 3368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:57:22.0711 3368 usbcir - ok
09:57:22.0719 3368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:57:22.0737 3368 usbehci - ok
09:57:22.0766 3368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:57:22.0788 3368 usbhub - ok
09:57:22.0832 3368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:57:22.0848 3368 usbohci - ok
09:57:22.0889 3368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:57:22.0908 3368 usbprint - ok
09:57:22.0946 3368 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:57:22.0965 3368 usbscan - ok
09:57:22.0981 3368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:57:22.0999 3368 USBSTOR - ok
09:57:23.0045 3368 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:57:23.0061 3368 usbuhci - ok
09:57:23.0089 3368 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:57:23.0111 3368 usbvideo - ok
09:57:23.0147 3368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:57:23.0188 3368 UxSms - ok
09:57:23.0201 3368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:57:23.0217 3368 VaultSvc - ok
09:57:23.0254 3368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:57:23.0269 3368 vdrvroot - ok
09:57:23.0318 3368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:57:23.0375 3368 vds - ok
09:57:23.0406 3368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:57:23.0426 3368 vga - ok
09:57:23.0442 3368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:57:23.0483 3368 VgaSave - ok
09:57:23.0494 3368 VGPU - ok
09:57:23.0549 3368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:57:23.0569 3368 vhdmp - ok
09:57:23.0614 3368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:57:23.0630 3368 viaide - ok
09:57:23.0685 3368 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:57:23.0704 3368 vmbus - ok
09:57:23.0741 3368 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:57:23.0757 3368 VMBusHID - ok
09:57:23.0776 3368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:57:23.0792 3368 volmgr - ok
09:57:23.0834 3368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:57:23.0859 3368 volmgrx - ok
09:57:23.0883 3368 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:57:23.0904 3368 volsnap - ok
09:57:23.0947 3368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:57:23.0965 3368 vsmraid - ok
09:57:24.0055 3368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:57:24.0145 3368 VSS - ok
09:57:24.0164 3368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:57:24.0184 3368 vwifibus - ok
09:57:24.0211 3368 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:57:24.0233 3368 vwififlt - ok
09:57:24.0264 3368 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:57:24.0284 3368 vwifimp - ok
09:57:24.0318 3368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:57:24.0364 3368 W32Time - ok
09:57:24.0384 3368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:57:24.0404 3368 WacomPen - ok
09:57:24.0467 3368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:57:24.0509 3368 WANARP - ok
09:57:24.0515 3368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:57:24.0555 3368 Wanarpv6 - ok
09:57:24.0608 3368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:57:24.0641 3368 WatAdminSvc - ok
09:57:24.0713 3368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:57:24.0747 3368 wbengine - ok
09:57:24.0770 3368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:57:24.0796 3368 WbioSrvc - ok
09:57:24.0848 3368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:57:24.0877 3368 wcncsvc - ok
09:57:24.0889 3368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:57:24.0913 3368 WcsPlugInService - ok
09:57:24.0942 3368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:57:24.0957 3368 Wd - ok
09:57:24.0978 3368 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:57:25.0014 3368 Wdf01000 - ok
09:57:25.0027 3368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:57:25.0051 3368 WdiServiceHost - ok
09:57:25.0056 3368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:57:25.0079 3368 WdiSystemHost - ok
09:57:25.0136 3368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:57:25.0164 3368 WebClient - ok
09:57:25.0187 3368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:57:25.0232 3368 Wecsvc - ok
09:57:25.0248 3368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:57:25.0290 3368 wercplsupport - ok
09:57:25.0303 3368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:57:25.0344 3368 WerSvc - ok
09:57:25.0371 3368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:57:25.0411 3368 WfpLwf - ok
09:57:25.0439 3368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:57:25.0455 3368 WIMMount - ok
09:57:25.0472 3368 WinDefend - ok
09:57:25.0478 3368 WinHttpAutoProxySvc - ok
09:57:25.0535 3368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:57:25.0578 3368 Winmgmt - ok
09:57:25.0664 3368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:57:25.0758 3368 WinRM - ok
09:57:25.0827 3368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:57:25.0849 3368 WinUsb - ok
09:57:25.0907 3368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:57:25.0954 3368 Wlansvc - ok
09:57:26.0054 3368 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:57:26.0143 3368 wlidsvc - ok
09:57:26.0186 3368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:57:26.0202 3368 WmiAcpi - ok
09:57:26.0242 3368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:57:26.0263 3368 wmiApSrv - ok
09:57:26.0308 3368 WMPNetworkSvc - ok
09:57:26.0335 3368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:57:26.0354 3368 WPCSvc - ok
09:57:26.0404 3368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:57:26.0424 3368 WPDBusEnum - ok
09:57:26.0456 3368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:57:26.0496 3368 ws2ifsl - ok
09:57:26.0515 3368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:57:26.0539 3368 wscsvc - ok
09:57:26.0545 3368 WSearch - ok
09:57:26.0645 3368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:57:26.0737 3368 wuauserv - ok
09:57:26.0785 3368 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:57:26.0825 3368 WudfPf - ok
09:57:26.0833 3368 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:57:26.0876 3368 WUDFRd - ok
09:57:26.0913 3368 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:57:26.0952 3368 wudfsvc - ok
09:57:26.0973 3368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:57:27.0000 3368 WwanSvc - ok
09:57:27.0067 3368 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:57:27.0087 3368 YahooAUService - ok
09:57:27.0156 3368 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
09:57:27.0188 3368 yukonw7 - ok
09:57:27.0197 3368 ================ Scan global ===============================
09:57:27.0217 3368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:57:27.0270 3368 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:57:27.0290 3368 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:57:27.0325 3368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:57:27.0360 3368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:57:27.0366 3368 [Global] - ok
09:57:27.0366 3368 ================ Scan MBR ==================================
09:57:27.0382 3368 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:57:27.0592 3368 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:57:27.0592 3368 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:57:27.0593 3368 ================ Scan VBR ==================================
09:57:27.0596 3368 [ D303BA92686F7F0332982606CAC13871 ] \Device\Harddisk0\DR0\Partition1
09:57:27.0597 3368 \Device\Harddisk0\DR0\Partition1 - ok
09:57:27.0626 3368 [ 9C3824DC60183B02681E4857B4879A10 ] \Device\Harddisk0\DR0\Partition2
09:57:27.0629 3368 \Device\Harddisk0\DR0\Partition2 - ok
09:57:27.0629 3368 ============================================================
09:57:27.0629 3368 Scan finished
09:57:27.0629 3368 ============================================================
09:57:27.0641 5184 Detected object count: 2
09:57:27.0641 5184 Actual detected object count: 2
09:57:34.0154 5184 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:57:34.0154 5184 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:57:34.0154 5184 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:57:34.0155 5184 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:58:17.0237 5876 ============================================================
09:58:17.0238 5876 Scan started
09:58:17.0238 5876 Mode: Manual; SigCheck; TDLFS;
09:58:17.0238 5876 ============================================================
09:58:17.0399 5876 ================ Scan system memory ========================
09:58:17.0399 5876 System memory - ok
09:58:17.0400 5876 ================ Scan services =============================
09:58:17.0451 5876 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:58:17.0474 5876 !SASCORE - ok
09:58:17.0634 5876 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:58:17.0655 5876 1394ohci - ok
09:58:17.0719 5876 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:58:17.0738 5876 ACPI - ok
09:58:17.0796 5876 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:58:17.0814 5876 AcpiPmi - ok
09:58:17.0857 5876 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:58:17.0878 5876 adp94xx - ok
09:58:17.0921 5876 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:58:17.0940 5876 adpahci - ok
09:58:17.0988 5876 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:58:18.0005 5876 adpu320 - ok
09:58:18.0062 5876 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:58:18.0102 5876 AeLookupSvc - ok
09:58:18.0152 5876 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:58:18.0172 5876 AFD - ok
09:58:18.0214 5876 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:58:18.0229 5876 agp440 - ok
09:58:18.0244 5876 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:58:18.0263 5876 ALG - ok
09:58:18.0281 5876 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:58:18.0295 5876 aliide - ok
09:58:18.0302 5876 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:58:18.0317 5876 amdide - ok
09:58:18.0329 5876 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:58:18.0345 5876 AmdK8 - ok
09:58:18.0364 5876 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:58:18.0380 5876 AmdPPM - ok
09:58:18.0425 5876 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:58:18.0441 5876 amdsata - ok
09:58:18.0477 5876 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:58:18.0494 5876 amdsbs - ok
09:58:18.0502 5876 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:58:18.0516 5876 amdxata - ok
09:58:18.0553 5876 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:58:18.0590 5876 AppID - ok
09:58:18.0601 5876 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:58:18.0639 5876 AppIDSvc - ok
09:58:18.0688 5876 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:58:18.0724 5876 Appinfo - ok
09:58:18.0810 5876 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:58:18.0823 5876 Apple Mobile Device - ok
09:58:18.0854 5876 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:58:18.0871 5876 AppMgmt - ok
09:58:18.0902 5876 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:58:18.0917 5876 arc - ok
09:58:18.0926 5876 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:58:18.0941 5876 arcsas - ok
09:58:18.0949 5876 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:18.0988 5876 AsyncMac - ok
09:58:19.0030 5876 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:58:19.0045 5876 atapi - ok
09:58:19.0095 5876 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:58:19.0143 5876 AudioEndpointBuilder - ok
09:58:19.0173 5876 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:58:19.0217 5876 AudioSrv - ok
09:58:19.0324 5876 [ AEFC1353D0FB4E92A23CFB7E3372356D ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
09:58:19.0340 5876 AVP - ok
09:58:19.0386 5876 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:58:19.0407 5876 AxInstSV - ok
09:58:19.0425 5876 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:58:19.0445 5876 b06bdrv - ok
09:58:19.0462 5876 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:58:19.0480 5876 b57nd60a - ok
09:58:19.0591 5876 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:58:19.0645 5876 BCM43XX - ok
09:58:19.0674 5876 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:58:19.0690 5876 BDESVC - ok
09:58:19.0700 5876 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:58:19.0738 5876 Beep - ok
09:58:19.0794 5876 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:58:19.0838 5876 BFE - ok
09:58:19.0872 5876 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:58:19.0919 5876 BITS - ok
09:58:19.0930 5876 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:58:19.0946 5876 blbdrive - ok
09:58:19.0997 5876 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:58:20.0014 5876 Bonjour Service - ok
09:58:20.0061 5876 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:58:20.0076 5876 bowser - ok
09:58:20.0092 5876 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:58:20.0110 5876 BrFiltLo - ok
09:58:20.0124 5876 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:58:20.0142 5876 BrFiltUp - ok
09:58:20.0184 5876 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:58:20.0200 5876 Browser - ok
09:58:20.0224 5876 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:58:20.0242 5876 Brserid - ok
09:58:20.0257 5876 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:58:20.0275 5876 BrSerWdm - ok
09:58:20.0296 5876 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:58:20.0314 5876 BrUsbMdm - ok
09:58:20.0332 5876 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:58:20.0347 5876 BrUsbSer - ok
09:58:20.0368 5876 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:58:20.0386 5876 BTHMODEM - ok
09:58:20.0416 5876 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:58:20.0455 5876 bthserv - ok
09:58:20.0476 5876 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:58:20.0515 5876 cdfs - ok
09:58:20.0552 5876 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:58:20.0569 5876 cdrom - ok
09:58:20.0620 5876 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:58:20.0657 5876 CertPropSvc - ok
09:58:20.0678 5876 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:58:20.0696 5876 circlass - ok
09:58:20.0715 5876 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:58:20.0735 5876 CLFS - ok
09:58:20.0787 5876 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:20.0801 5876 clr_optimization_v2.0.50727_32 - ok
09:58:20.0862 5876 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:58:20.0876 5876 clr_optimization_v2.0.50727_64 - ok
09:58:20.0934 5876 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:20.0948 5876 clr_optimization_v4.0.30319_32 - ok
09:58:20.0977 5876 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:58:20.0991 5876 clr_optimization_v4.0.30319_64 - ok
09:58:21.0007 5876 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:21.0023 5876 CmBatt - ok
09:58:21.0043 5876 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:58:21.0057 5876 cmdide - ok
09:58:21.0117 5876 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:58:21.0143 5876 CNG - ok
09:58:21.0164 5876 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:58:21.0178 5876 Compbatt - ok
09:58:21.0221 5876 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:58:21.0238 5876 CompositeBus - ok
09:58:21.0243 5876 COMSysApp - ok
09:58:21.0258 5876 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:58:21.0273 5876 crcdisk - ok
09:58:21.0318 5876 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:58:21.0334 5876 CryptSvc - ok
09:58:21.0396 5876 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:58:21.0416 5876 CSC - ok
09:58:21.0454 5876 [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
09:58:21.0466 5876 CSCrySec - ok
09:58:21.0520 5876 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:58:21.0542 5876 CscService - ok
09:58:21.0645 5876 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
09:58:21.0667 5876 CSObjectsSrv - ok
09:58:21.0680 5876 [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
09:58:21.0692 5876 CSVirtualDiskDrv - ok
09:58:21.0765 5876 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:58:21.0808 5876 DcomLaunch - ok
09:58:21.0846 5876 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:58:21.0888 5876 defragsvc - ok
09:58:21.0935 5876 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:58:21.0972 5876 DfsC - ok
09:58:22.0010 5876 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:58:22.0049 5876 Dhcp - ok
09:58:22.0080 5876 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:58:22.0118 5876 discache - ok
09:58:22.0131 5876 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:58:22.0146 5876 Disk - ok
09:58:22.0189 5876 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:58:22.0206 5876 Dnscache - ok
09:58:22.0251 5876 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:58:22.0291 5876 dot3svc - ok
09:58:22.0338 5876 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:58:22.0376 5876 DPS - ok
09:58:22.0395 5876 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:58:22.0413 5876 drmkaud - ok
09:58:22.0477 5876 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:58:22.0506 5876 DXGKrnl - ok
09:58:22.0549 5876 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:58:22.0588 5876 EapHost - ok
09:58:22.0679 5876 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:58:22.0731 5876 ebdrv - ok
09:58:22.0771 5876 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:58:22.0788 5876 EFS - ok
09:58:22.0835 5876 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:58:22.0858 5876 ehRecvr - ok
09:58:22.0898 5876 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:58:22.0914 5876 ehSched - ok
09:58:22.0959 5876 [ 702D5606CF2199E0EDEA6F0E0D27CD10 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
09:58:22.0972 5876 ElbyCDIO - ok
09:58:23.0000 5876 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:58:23.0021 5876 elxstor - ok
09:58:23.0036 5876 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:58:23.0051 5876 ErrDev - ok
09:58:23.0094 5876 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:58:23.0136 5876 EventSystem - ok
09:58:23.0153 5876 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:58:23.0193 5876 exfat - ok
09:58:23.0217 5876 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:58:23.0257 5876 fastfat - ok
09:58:23.0313 5876 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:58:23.0336 5876 Fax - ok
09:58:23.0359 5876 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:58:23.0376 5876 fdc - ok
09:58:23.0391 5876 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:58:23.0430 5876 fdPHost - ok
09:58:23.0444 5876 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:58:23.0483 5876 FDResPub - ok
09:58:23.0501 5876 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:58:23.0516 5876 FileInfo - ok
09:58:23.0524 5876 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:58:23.0562 5876 Filetrace - ok
09:58:23.0575 5876 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:23.0591 5876 flpydisk - ok
09:58:23.0634 5876 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:58:23.0653 5876 FltMgr - ok
09:58:23.0697 5876 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:58:23.0725 5876 FontCache - ok
09:58:23.0799 5876 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:58:23.0811 5876 FontCache3.0.0.0 - ok
09:58:23.0821 5876 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:58:23.0836 5876 FsDepends - ok
09:58:23.0877 5876 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:58:23.0891 5876 Fs_Rec - ok
09:58:23.0938 5876 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:58:23.0959 5876 fvevol - ok
09:58:23.0998 5876 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:58:24.0012 5876 gagp30kx - ok
09:58:24.0039 5876 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:58:24.0050 5876 GEARAspiWDM - ok
09:58:24.0100 5876 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:58:24.0145 5876 gpsvc - ok
09:58:24.0154 5876 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:58:24.0170 5876 hcw85cir - ok
09:58:24.0220 5876 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:58:24.0241 5876 HdAudAddService - ok
09:58:24.0273 5876 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:58:24.0292 5876 HDAudBus - ok
09:58:24.0315 5876 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:58:24.0331 5876 HidBatt - ok
09:58:24.0351 5876 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:58:24.0370 5876 HidBth - ok
09:58:24.0390 5876 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:58:24.0413 5876 HidIr - ok
09:58:24.0438 5876 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:58:24.0477 5876 hidserv - ok
09:58:24.0523 5876 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:58:24.0539 5876 HidUsb - ok
09:58:24.0583 5876 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:58:24.0622 5876 hkmsvc - ok
09:58:24.0672 5876 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:58:24.0690 5876 HomeGroupListener - ok
09:58:24.0737 5876 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:58:24.0755 5876 HomeGroupProvider - ok
09:58:24.0803 5876 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:58:24.0818 5876 HpSAMD - ok
09:58:24.0876 5876 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:58:24.0921 5876 HTTP - ok
09:58:24.0960 5876 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:58:24.0974 5876 hwpolicy - ok
09:58:25.0016 5876 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:58:25.0033 5876 i8042prt - ok
09:58:25.0091 5876 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:58:25.0111 5876 iaStor - ok
09:58:25.0162 5876 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:58:25.0182 5876 iaStorV - ok
09:58:25.0227 5876 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:58:25.0251 5876 idsvc - ok
09:58:25.0509 5876 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:58:25.0642 5876 igfx - ok
09:58:25.0717 5876 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:58:25.0731 5876 iirsp - ok
09:58:25.0783 5876 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:58:25.0830 5876 IKEEXT - ok
09:58:25.0866 5876 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:58:25.0881 5876 intelide - ok
09:58:25.0898 5876 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:58:25.0915 5876 intelppm - ok
09:58:25.0946 5876 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:58:25.0986 5876 IPBusEnum - ok
09:58:26.0031 5876 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:58:26.0069 5876 IpFilterDriver - ok
09:58:26.0126 5876 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:58:26.0169 5876 iphlpsvc - ok
09:58:26.0214 5876 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:58:26.0230 5876 IPMIDRV - ok
09:58:26.0245 5876 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:58:26.0285 5876 IPNAT - ok
09:58:26.0324 5876 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:58:26.0350 5876 iPod Service - ok
09:58:26.0358 5876 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:58:26.0379 5876 IRENUM - ok
09:58:26.0395 5876 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:58:26.0409 5876 isapnp - ok
09:58:26.0464 5876 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:58:26.0482 5876 iScsiPrt - ok
09:58:26.0526 5876 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:58:26.0541 5876 kbdclass - ok
09:58:26.0575 5876 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:58:26.0592 5876 kbdhid - ok
09:58:26.0617 5876 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:58:26.0633 5876 KeyIso - ok
09:58:26.0687 5876 [ 73BF91EFBE1F788D0615A396A9211A4B ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
09:58:26.0706 5876 KL1 - ok
09:58:26.0719 5876 [ DC3CF56209C6A19124FEDEF1CBFAF55B ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
09:58:26.0734 5876 kl2 - ok
09:58:26.0787 5876 [ 43D02C0E6BDCD216A01ECAE213A64F67 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
09:58:26.0809 5876 KLIF - ok
09:58:26.0851 5876 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
09:58:26.0863 5876 KLIM6 - ok
09:58:26.0884 5876 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
09:58:26.0895 5876 klmouflt - ok
09:58:27.0017 5876 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
09:58:27.0034 5876 Kodak AiO Network Discovery Service - ok
09:58:27.0076 5876 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
09:58:27.0090 5876 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - warning
09:58:27.0091 5876 Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic (1)
09:58:27.0137 5876 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:58:27.0153 5876 KSecDD - ok
09:58:27.0191 5876 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:58:27.0207 5876 KSecPkg - ok
09:58:27.0232 5876 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:58:27.0271 5876 ksthunk - ok
09:58:27.0305 5876 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:58:27.0347 5876 KtmRm - ok
09:58:27.0397 5876 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:58:27.0439 5876 LanmanServer - ok
09:58:27.0479 5876 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:58:27.0518 5876 LanmanWorkstation - ok
09:58:27.0536 5876 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:58:27.0574 5876 lltdio - ok
09:58:27.0614 5876 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:58:27.0655 5876 lltdsvc - ok
09:58:27.0664 5876 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:58:27.0704 5876 lmhosts - ok
09:58:27.0717 5876 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:58:27.0733 5876 LSI_FC - ok
09:58:27.0747 5876 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:58:27.0763 5876 LSI_SAS - ok
09:58:27.0775 5876 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:58:27.0790 5876 LSI_SAS2 - ok
09:58:27.0807 5876 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:58:27.0822 5876 LSI_SCSI - ok
09:58:27.0837 5876 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:58:27.0876 5876 luafv - ok
09:58:27.0882 5876 lxcc_device - ok
09:58:27.0958 5876 [ 7FABCB154595488A9F3946F431D8D920 ] lxdkCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe
09:58:27.0971 5876 lxdkCATSCustConnectService - ok
09:58:27.0976 5876 lxdk_device - ok
09:58:28.0028 5876 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:58:28.0045 5876 Mcx2Svc - ok
09:58:28.0062 5876 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:58:28.0076 5876 megasas - ok
09:58:28.0102 5876 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:58:28.0120 5876 MegaSR - ok
09:58:28.0176 5876 Microsoft SharePoint Workspace Audit Service - ok
09:58:28.0201 5876 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:58:28.0240 5876 MMCSS - ok
09:58:28.0248 5876 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:58:28.0288 5876 Modem - ok
09:58:28.0296 5876 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:58:28.0315 5876 monitor - ok
09:58:28.0366 5876 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:58:28.0380 5876 mouclass - ok
09:58:28.0386 5876 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:58:28.0405 5876 mouhid - ok
09:58:28.0453 5876 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:58:28.0469 5876 mountmgr - ok
09:58:28.0489 5876 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:58:28.0505 5876 mpio - ok
09:58:28.0522 5876 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:58:28.0561 5876 mpsdrv - ok
09:58:28.0625 5876 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:58:28.0672 5876 MpsSvc - ok
09:58:28.0717 5876 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:58:28.0738 5876 MRxDAV - ok
09:58:28.0779 5876 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:58:28.0796 5876 mrxsmb - ok
09:58:28.0838 5876 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:58:28.0855 5876 mrxsmb10 - ok
09:58:28.0875 5876 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:58:28.0891 5876 mrxsmb20 - ok
09:58:28.0939 5876 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:58:28.0953 5876 msahci - ok
09:58:28.0993 5876 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:58:29.0009 5876 msdsm - ok
09:58:29.0025 5876 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:58:29.0043 5876 MSDTC - ok
09:58:29.0071 5876 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:58:29.0109 5876 Msfs - ok
09:58:29.0127 5876 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:58:29.0165 5876 mshidkmdf - ok
09:58:29.0200 5876 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:58:29.0214 5876 msisadrv - ok
09:58:29.0245 5876 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:58:29.0287 5876 MSiSCSI - ok
09:58:29.0291 5876 msiserver - ok
09:58:29.0313 5876 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:58:29.0351 5876 MSKSSRV - ok
09:58:29.0356 5876 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:58:29.0396 5876 MSPCLOCK - ok
09:58:29.0412 5876 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:58:29.0450 5876 MSPQM - ok
09:58:29.0501 5876 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:58:29.0521 5876 MsRPC - ok
09:58:29.0535 5876 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:58:29.0549 5876 mssmbios - ok
09:58:29.0554 5876 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:58:29.0593 5876 MSTEE - ok
09:58:29.0607 5876 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:58:29.0622 5876 MTConfig - ok
09:58:29.0640 5876 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:58:29.0655 5876 Mup - ok
09:58:29.0715 5876 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:58:29.0758 5876 napagent - ok
09:58:29.0784 5876 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:58:29.0807 5876 NativeWifiP - ok
09:58:29.0867 5876 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:58:29.0896 5876 NDIS - ok
09:58:29.0907 5876 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:58:29.0946 5876 NdisCap - ok
09:58:29.0957 5876 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:58:29.0996 5876 NdisTapi - ok
09:58:30.0035 5876 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:58:30.0072 5876 Ndisuio - ok
09:58:30.0116 5876 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:58:30.0154 5876 NdisWan - ok
09:58:30.0206 5876 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:58:30.0243 5876 NDProxy - ok
09:58:30.0260 5876 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:58:30.0299 5876 NetBIOS - ok
09:58:30.0347 5876 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:58:30.0387 5876 NetBT - ok
09:58:30.0397 5876 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:58:30.0413 5876 Netlogon - ok
09:58:30.0475 5876 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:58:30.0521 5876 Netman - ok
09:58:30.0553 5876 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:58:30.0597 5876 netprofm - ok
09:58:30.0621 5876 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:58:30.0634 5876 NetTcpPortSharing - ok
09:58:30.0656 5876 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:58:30.0673 5876 nfrd960 - ok
09:58:30.0719 5876 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:58:30.0760 5876 NlaSvc - ok
09:58:30.0771 5876 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:58:30.0810 5876 Npfs - ok
09:58:30.0818 5876 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:58:30.0858 5876 nsi - ok
09:58:30.0870 5876 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:58:30.0909 5876 nsiproxy - ok
09:58:30.0987 5876 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:58:31.0026 5876 Ntfs - ok
09:58:31.0038 5876 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:58:31.0076 5876 Null - ok
09:58:31.0097 5876 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:58:31.0113 5876 nvraid - ok
09:58:31.0157 5876 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:58:31.0174 5876 nvstor - ok
09:58:31.0192 5876 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:58:31.0208 5876 nv_agp - ok
09:58:31.0244 5876 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:58:31.0261 5876 ohci1394 - ok
09:58:31.0324 5876 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:58:31.0337 5876 ose64 - ok
09:58:31.0490 5876 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:58:31.0582 5876 osppsvc - ok
09:58:31.0687 5876 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:58:31.0706 5876 p2pimsvc - ok
09:58:31.0741 5876 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:58:31.0762 5876 p2psvc - ok
09:58:31.0792 5876 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:58:31.0808 5876 Parport - ok
09:58:31.0850 5876 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:58:31.0866 5876 partmgr - ok
09:58:31.0886 5876 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:58:31.0909 5876 PcaSvc - ok
09:58:31.0953 5876 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:58:31.0970 5876 pci - ok
09:58:32.0011 5876 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:58:32.0026 5876 pciide - ok
09:58:32.0056 5876 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:58:32.0073 5876 pcmcia - ok
09:58:32.0084 5876 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:58:32.0099 5876 pcw - ok
09:58:32.0125 5876 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:58:32.0170 5876 PEAUTH - ok
09:58:32.0222 5876 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:58:32.0253 5876 PeerDistSvc - ok
09:58:32.0316 5876 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:58:32.0333 5876 PerfHost - ok
09:58:32.0410 5876 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:58:32.0464 5876 pla - ok
09:58:32.0500 5876 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:58:32.0521 5876 PlugPlay - ok
09:58:32.0535 5876 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:58:32.0552 5876 PNRPAutoReg - ok
09:58:32.0576 5876 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:58:32.0595 5876 PNRPsvc - ok
09:58:32.0648 5876 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:58:32.0691 5876 PolicyAgent - ok
09:58:32.0714 5876 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:58:32.0755 5876 Power - ok
09:58:32.0796 5876 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:58:32.0834 5876 PptpMiniport - ok
09:58:32.0859 5876 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:58:32.0876 5876 Processor - ok
09:58:32.0922 5876 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:58:32.0940 5876 ProfSvc - ok
09:58:32.0954 5876 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:58:32.0970 5876 ProtectedStorage - ok
09:58:33.0013 5876 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:58:33.0051 5876 Psched - ok
09:58:33.0101 5876 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:58:33.0138 5876 ql2300 - ok
09:58:33.0161 5876 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:58:33.0177 5876 ql40xx - ok
09:58:33.0215 5876 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:58:33.0238 5876 QWAVE - ok
09:58:33.0249 5876 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:58:33.0270 5876 QWAVEdrv - ok
09:58:33.0288 5876 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:58:33.0326 5876 RasAcd - ok
09:58:33.0357 5876 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:58:33.0396 5876 RasAgileVpn - ok
09:58:33.0405 5876 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:58:33.0445 5876 RasAuto - ok
09:58:33.0495 5876 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:58:33.0533 5876 Rasl2tp - ok
09:58:33.0585 5876 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:58:33.0626 5876 RasMan - ok
09:58:33.0642 5876 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:58:33.0681 5876 RasPppoe - ok
09:58:33.0699 5876 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:58:33.0738 5876 RasSstp - ok
09:58:33.0795 5876 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:58:33.0834 5876 rdbss - ok
09:58:33.0852 5876 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:58:33.0870 5876 rdpbus - ok
09:58:33.0885 5876 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:58:33.0923 5876 RDPCDD - ok
09:58:33.0977 5876 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:58:33.0993 5876 RDPDR - ok
09:58:33.0998 5876 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:58:34.0038 5876 RDPENCDD - ok
09:58:34.0046 5876 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:58:34.0086 5876 RDPREFMP - ok
09:58:34.0157 5876 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:58:34.0172 5876 RdpVideoMiniport - ok
09:58:34.0218 5876 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:58:34.0236 5876 RDPWD - ok
09:58:34.0281 5876 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:58:34.0298 5876 rdyboost - ok
09:58:34.0329 5876 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:58:34.0368 5876 RemoteAccess - ok
09:58:34.0398 5876 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:58:34.0439 5876 RemoteRegistry - ok
09:58:34.0453 5876 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:58:34.0493 5876 RpcEptMapper - ok
09:58:34.0516 5876 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:58:34.0533 5876 RpcLocator - ok
09:58:34.0582 5876 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:58:34.0625 5876 RpcSs - ok
09:58:34.0659 5876 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:58:34.0698 5876 rspndr - ok
09:58:34.0739 5876 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:58:34.0754 5876 s3cap - ok
09:58:34.0766 5876 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:58:34.0783 5876 SamSs - ok
09:58:34.0832 5876 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:58:34.0843 5876 SASDIFSV - ok
09:58:34.0856 5876 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:58:34.0868 5876 SASKUTIL - ok
09:58:34.0913 5876 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:58:34.0929 5876 sbp2port - ok
09:58:34.0964 5876 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:58:35.0005 5876 SCardSvr - ok
09:58:35.0056 5876 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:58:35.0093 5876 scfilter - ok
09:58:35.0156 5876 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:58:35.0206 5876 Schedule - ok
09:58:35.0250 5876 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:58:35.0287 5876 SCPolicySvc - ok
09:58:35.0327 5876 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:58:35.0345 5876 SDRSVC - ok
09:58:35.0376 5876 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:58:35.0415 5876 secdrv - ok
09:58:35.0449 5876 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:58:35.0486 5876 seclogon - ok
09:58:35.0506 5876 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:58:35.0547 5876 SENS - ok
09:58:35.0565 5876 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:58:35.0582 5876 SensrSvc - ok
09:58:35.0590 5876 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:58:35.0607 5876 Serenum - ok
09:58:35.0620 5876 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:58:35.0637 5876 Serial - ok
09:58:35.0674 5876 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:58:35.0690 5876 sermouse - ok
09:58:35.0748 5876 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:58:35.0788 5876 SessionEnv - ok
09:58:35.0833 5876 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:58:35.0851 5876 sffdisk - ok
09:58:35.0856 5876 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:58:35.0875 5876 sffp_mmc - ok
09:58:35.0881 5876 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:58:35.0900 5876 sffp_sd - ok
09:58:35.0911 5876 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:58:35.0927 5876 sfloppy - ok
09:58:35.0959 5876 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:58:36.0001 5876 SharedAccess - ok
09:58:36.0034 5876 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:58:36.0076 5876 ShellHWDetection - ok
09:58:36.0088 5876 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:58:36.0103 5876 SiSRaid2 - ok
09:58:36.0117 5876 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:58:36.0132 5876 SiSRaid4 - ok
09:58:36.0168 5876 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:58:36.0181 5876 SkypeUpdate - ok
09:58:36.0198 5876 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:58:36.0236 5876 Smb - ok
09:58:36.0277 5876 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:58:36.0295 5876 SNMPTRAP - ok
09:58:36.0302 5876 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:58:36.0316 5876 spldr - ok
09:58:36.0370 5876 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:58:36.0394 5876 Spooler - ok
09:58:36.0518 5876 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:58:36.0595 5876 sppsvc - ok
09:58:36.0608 5876 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:58:36.0649 5876 sppuinotify - ok
09:58:36.0705 5876 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:58:36.0724 5876 srv - ok
09:58:36.0781 5876 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:58:36.0799 5876 srv2 - ok
09:58:36.0816 5876 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:58:36.0832 5876 srvnet - ok
09:58:36.0848 5876 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:58:36.0889 5876 SSDPSRV - ok
09:58:36.0905 5876 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:58:36.0947 5876 SstpSvc - ok
09:58:36.0976 5876 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:58:36.0991 5876 stexstor - ok
09:58:37.0040 5876 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:58:37.0068 5876 stisvc - ok
09:58:37.0110 5876 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:58:37.0125 5876 storflt - ok
09:58:37.0139 5876 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:58:37.0154 5876 storvsc - ok
09:58:37.0208 5876 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:58:37.0222 5876 swenum - ok
09:58:37.0251 5876 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:58:37.0297 5876 swprv - ok
09:58:37.0302 5876 Synth3dVsc - ok
09:58:37.0387 5876 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:58:37.0428 5876 SysMain - ok
09:58:37.0467 5876 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:58:37.0490 5876 TabletInputService - ok
09:58:37.0536 5876 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:58:37.0577 5876 TapiSrv - ok
09:58:37.0603 5876 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:58:37.0643 5876 TBS - ok
09:58:37.0721 5876 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:58:37.0764 5876 Tcpip - ok
09:58:37.0821 5876 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:58:37.0875 5876 TCPIP6 - ok
09:58:37.0920 5876 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:58:37.0957 5876 tcpipreg - ok
09:58:38.0010 5876 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:58:38.0026 5876 TDPIPE - ok
09:58:38.0061 5876 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:58:38.0076 5876 TDTCP - ok
09:58:38.0122 5876 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:58:38.0161 5876 tdx - ok
09:58:38.0204 5876 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:58:38.0219 5876 TermDD - ok
09:58:38.0274 5876 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:58:38.0320 5876 TermService - ok
09:58:38.0349 5876 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:58:38.0371 5876 Themes - ok
09:58:38.0385 5876 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:58:38.0426 5876 THREADORDER - ok
09:58:38.0444 5876 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:58:38.0485 5876 TrkWks - ok
09:58:38.0551 5876 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:58:38.0589 5876 TrustedInstaller - ok
09:58:38.0640 5876 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:58:38.0681 5876 tssecsrv - ok
09:58:38.0724 5876 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:58:38.0739 5876 TsUsbFlt - ok
09:58:38.0744 5876 tsusbhub - ok
09:58:38.0790 5876 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:58:38.0828 5876 tunnel - ok
09:58:38.0864 5876 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:58:38.0880 5876 uagp35 - ok
09:58:38.0931 5876 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:58:38.0971 5876 udfs - ok
09:58:39.0006 5876 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:58:39.0024 5876 UI0Detect - ok
09:58:39.0038 5876 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:58:39.0053 5876 uliagpkx - ok
09:58:39.0099 5876 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:58:39.0115 5876 umbus - ok
09:58:39.0130 5876 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:58:39.0146 5876 UmPass - ok
09:58:39.0205 5876 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:58:39.0223 5876 UmRdpService - ok
09:58:39.0241 5876 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:58:39.0285 5876 upnphost - ok
09:58:39.0334 5876 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:58:39.0351 5876 usbccgp - ok
09:58:39.0403 5876 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:58:39.0422 5876 usbcir - ok
09:58:39.0431 5876 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:58:39.0446 5876 usbehci - ok
09:58:39.0467 5876 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:58:39.0485 5876 usbhub - ok
09:58:39.0533 5876 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:58:39.0548 5876 usbohci - ok
09:58:39.0557 5876 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:58:39.0575 5876 usbprint - ok
09:58:39.0614 5876 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:58:39.0632 5876 usbscan - ok
09:58:39.0649 5876 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:58:39.0666 5876 USBSTOR - ok
09:58:39.0712 5876 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:58:39.0727 5876 usbuhci - ok
09:58:39.0746 5876 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:58:39.0766 5876 usbvideo - ok
09:58:39.0803 5876 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:58:39.0843 5876 UxSms - ok
09:58:39.0858 5876 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:58:39.0874 5876 VaultSvc - ok
09:58:39.0888 5876 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:58:39.0902 5876 vdrvroot - ok
09:58:39.0953 5876 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:58:39.0997 5876 vds - ok
09:58:40.0029 5876 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:58:40.0048 5876 vga - ok
09:58:40.0066 5876 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:58:40.0104 5876 VgaSave - ok
09:58:40.0109 5876 VGPU - ok
09:58:40.0118 5876 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:58:40.0135 5876 vhdmp - ok
09:58:40.0182 5876 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:58:40.0196 5876 viaide - ok
09:58:40.0252 5876 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:58:40.0270 5876 vmbus - ok
09:58:40.0308 5876 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:58:40.0323 5876 VMBusHID - ok
09:58:40.0343 5876 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:58:40.0358 5876 volmgr - ok
09:58:40.0413 5876 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:58:40.0432 5876 volmgrx - ok
09:58:40.0484 5876 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:58:40.0502 5876 volsnap - ok
09:58:40.0526 5876 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:58:40.0542 5876 vsmraid - ok
09:58:40.0611 5876 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:58:40.0669 5876 VSS - ok
09:58:40.0687 5876 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:58:40.0706 5876 vwifibus - ok
09:58:40.0723 5876 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:58:40.0743 5876 vwififlt - ok
09:58:40.0754 5876 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:58:40.0774 5876 vwifimp - ok
09:58:40.0807 5876 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:58:40.0852 5876 W32Time - ok
09:58:40.0874 5876 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:58:40.0889 5876 WacomPen - ok
09:58:40.0935 5876 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:58:40.0972 5876 WANARP - ok
09:58:40.0976 5876 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:58:41.0015 5876 Wanarpv6 - ok
09:58:41.0075 5876 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:58:41.0108 5876 WatAdminSvc - ok
09:58:41.0181 5876 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:58:41.0215 5876 wbengine - ok
09:58:41.0237 5876 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:58:41.0260 5876 WbioSrvc - ok
09:58:41.0315 5876 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:58:41.0341 5876 wcncsvc - ok
09:58:41.0356 5876 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:58:41.0373 5876 WcsPlugInService - ok
09:58:41.0398 5876 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:58:41.0413 5876 Wd - ok
09:58:41.0436 5876 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:58:41.0459 5876 Wdf01000 - ok
09:58:41.0473 5876 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:58:41.0496 5876 WdiServiceHost - ok
09:58:41.0500 5876 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:58:41.0523 5876 WdiSystemHost - ok
09:58:41.0582 5876 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:58:41.0606 5876 WebClient - ok
09:58:41.0621 5876 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:58:41.0663 5876 Wecsvc - ok
09:58:41.0682 5876 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:58:41.0724 5876 wercplsupport - ok
09:58:41.0737 5876 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:58:41.0779 5876 WerSvc - ok
09:58:41.0794 5876 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:58:41.0833 5876 WfpLwf - ok
09:58:41.0851 5876 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:58:41.0866 5876 WIMMount - ok
09:58:41.0884 5876 WinDefend - ok
09:58:41.0890 5876 WinHttpAutoProxySvc - ok
09:58:41.0947 5876 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:58:41.0988 5876 Winmgmt - ok
09:58:42.0065 5876 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:58:42.0126 5876 WinRM - ok
09:58:42.0184 5876 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:58:42.0203 5876 WinUsb - ok
09:58:42.0275 5876 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:58:42.0306 5876 Wlansvc - ok
09:58:42.0400 5876 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:58:42.0447 5876 wlidsvc - ok
09:58:42.0497 5876 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:58:42.0513 5876 WmiAcpi - ok
09:58:42.0553 5876 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:58:42.0571 5876 wmiApSrv - ok
09:58:42.0597 5876 WMPNetworkSvc - ok
09:58:42.0613 5876 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:58:42.0630 5876 WPCSvc - ok
09:58:42.0681 5876 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:58:42.0701 5876 WPDBusEnum - ok
09:58:42.0734 5876 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:58:42.0772 5876 ws2ifsl - ok
09:58:42.0792 5876 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:58:42.0815 5876 wscsvc - ok
09:58:42.0819 5876 WSearch - ok
09:58:42.0922 5876 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:58:42.0974 5876 wuauserv - ok
09:58:43.0018 5876 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:58:43.0057 5876 WudfPf - ok
09:58:43.0064 5876 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:58:43.0103 5876 WUDFRd - ok
09:58:43.0146 5876 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:58:43.0185 5876 wudfsvc - ok
09:58:43.0206 5876 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:58:43.0230 5876 WwanSvc - ok
09:58:43.0311 5876 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:58:43.0331 5876 YahooAUService - ok
09:58:43.0389 5876 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
09:58:43.0412 5876 yukonw7 - ok
09:58:43.0421 5876 ================ Scan global ===============================
09:58:43.0447 5876 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:58:43.0491 5876 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:58:43.0512 5876 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:58:43.0547 5876 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:58:43.0582 5876 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:58:43.0586 5876 [Global] - ok
09:58:43.0586 5876 ================ Scan MBR ==================================
09:58:43.0604 5876 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:58:43.0814 5876 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:58:43.0814 5876 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:58:43.0814 5876 ================ Scan VBR ==================================
09:58:43.0817 5876 [ D303BA92686F7F0332982606CAC13871 ] \Device\Harddisk0\DR0\Partition1
09:58:43.0819 5876 \Device\Harddisk0\DR0\Partition1 - ok
09:58:43.0849 5876 [ 9C3824DC60183B02681E4857B4879A10 ] \Device\Harddisk0\DR0\Partition2
09:58:43.0850 5876 \Device\Harddisk0\DR0\Partition2 - ok
09:58:43.0854 5876 ============================================================
09:58:43.0854 5876 Scan finished
09:58:43.0854 5876 ============================================================
09:58:43.0867 4156 Detected object count: 2
09:58:43.0867 4156 Actual detected object count: 2
09:58:48.0268 4156 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:48.0269 4156 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:58:48.0271 4156 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:58:48.0271 4156 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
#18
Posted 28 October 2012 - 08:04 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK once combofix has completed then re-run TDSSKiller with the same parameters as before
When this element shows select delete :
\Device\Harddisk0\DR0 ( TDSS File System )
When this element shows select delete :
\Device\Harddisk0\DR0 ( TDSS File System )
#19
Posted 28 October 2012 - 08:50 AM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
ComboFix Log:
ComboFix 12-10-26.05 - User 10/28/2012 10:06:58.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4056.2798 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPLE937.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 14:35 . 2012-10-28 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-27 19:11 . 2012-10-27 19:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 16:43 . 2012-10-27 16:43 -------- d-----w- C:\_OTL
2012-10-27 00:03 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{268440C4-288A-4EF8-9EFF-975EDCA3EEEA}\mpengine.dll
2012-10-24 01:07 . 2012-10-24 01:07 -------- d-----r- C:\Backup
2012-10-24 01:03 . 2009-12-14 16:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-10-24 01:03 . 2009-12-14 16:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-24 01:03 . 2012-10-28 14:02 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-24 01:02 . 2012-10-24 01:02 636760 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-24 00:24 . 2012-10-24 00:24 -------- d-----w- c:\windows\system32\appmgmt
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- c:\programdata\Sophos
2012-10-14 14:52 . 2012-10-14 14:52 -------- d-----w- C:\SNOW_WHITE_AND_THE_HUNTSMAN
2012-10-10 09:32 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 09:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 09:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 09:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 09:30 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 09:30 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 09:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 09:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 09:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 09:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-04 08:25 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 02:46 . 2011-01-19 16:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-24 19:32 . 2012-09-03 14:20 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2011-03-30 12:50 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 02:26 . 2012-08-31 02:26 235960 ----a-w- c:\windows\system32\klogon.dll
2012-08-24 11:15 . 2012-09-22 02:47 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 02:47 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 02:47 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 02:47 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 02:47 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 02:47 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 02:47 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 02:47 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 02:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 02:47 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 02:47 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 02:47 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 02:47 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 02:47 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 02:47 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 02:47 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 02:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 02:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 02:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 02:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-22 10:38 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-22 10:38 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-22 00:21 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-22 10:38 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 09:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-22 00:21 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-22 00:21 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE" [2012-06-19 2784256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe [2007-06-14 33712]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 1053104]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24914187
*NewlyCreated* - 82608613
*Deregistered* - 24914187
*Deregistered* - 82608613
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b96ec4c9-008f-47a5-9c70-b418bf10995b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ba41386c-3fcd-4c41-ba4d-2ca29797dcab.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"lxdkmon.exe"="c:\program files (x86)\Lexmark 5300 Series\lxdkmon.exe" [2010-02-15 455336]
"lxdkamon"="c:\program files (x86)\Lexmark 5300 Series\lxdkamon.exe" [2010-02-15 25256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fuo3pq6z.default\
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; [email protected]; c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-28 10:48:11
ComboFix-quarantined-files.txt 2012-10-28 14:48
.
Pre-Run: 61,619,924,992 bytes free
Post-Run: 61,244,936,192 bytes free
.
- - End Of File - - 6EA666504BB44B13371DE8DA12D2BDB4
ComboFix 12-10-26.05 - User 10/28/2012 10:06:58.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4056.2798 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPLE937.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 14:35 . 2012-10-28 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-27 19:11 . 2012-10-27 19:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 16:43 . 2012-10-27 16:43 -------- d-----w- C:\_OTL
2012-10-27 00:03 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{268440C4-288A-4EF8-9EFF-975EDCA3EEEA}\mpengine.dll
2012-10-24 01:07 . 2012-10-24 01:07 -------- d-----r- C:\Backup
2012-10-24 01:03 . 2009-12-14 16:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-10-24 01:03 . 2009-12-14 16:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-24 01:03 . 2012-10-28 14:02 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-24 01:02 . 2012-10-24 01:02 636760 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-24 00:24 . 2012-10-24 00:24 -------- d-----w- c:\windows\system32\appmgmt
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- c:\programdata\Sophos
2012-10-14 14:52 . 2012-10-14 14:52 -------- d-----w- C:\SNOW_WHITE_AND_THE_HUNTSMAN
2012-10-10 09:32 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 09:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 09:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 09:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 09:30 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 09:30 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 09:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 09:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 09:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 09:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-04 08:25 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 02:46 . 2011-01-19 16:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-24 19:32 . 2012-09-03 14:20 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2011-03-30 12:50 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 02:26 . 2012-08-31 02:26 235960 ----a-w- c:\windows\system32\klogon.dll
2012-08-24 11:15 . 2012-09-22 02:47 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 02:47 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 02:47 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 02:47 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 02:47 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 02:47 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 02:47 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 02:47 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 02:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 02:47 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 02:47 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 02:47 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 02:47 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 02:47 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 02:47 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 02:47 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 02:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 02:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 02:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 02:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-22 10:38 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-22 10:38 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-22 00:21 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-22 10:38 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 09:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-22 00:21 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-22 00:21 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE" [2012-06-19 2784256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe [2007-06-14 33712]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 1053104]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24914187
*NewlyCreated* - 82608613
*Deregistered* - 24914187
*Deregistered* - 82608613
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b96ec4c9-008f-47a5-9c70-b418bf10995b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ba41386c-3fcd-4c41-ba4d-2ca29797dcab.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"lxdkmon.exe"="c:\program files (x86)\Lexmark 5300 Series\lxdkmon.exe" [2010-02-15 455336]
"lxdkamon"="c:\program files (x86)\Lexmark 5300 Series\lxdkamon.exe" [2010-02-15 25256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fuo3pq6z.default\
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; [email protected]; c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-28 10:48:11
ComboFix-quarantined-files.txt 2012-10-28 14:48
.
Pre-Run: 61,619,924,992 bytes free
Post-Run: 61,244,936,192 bytes free
.
- - End Of File - - 6EA666504BB44B13371DE8DA12D2BDB4
#20
Posted 28 October 2012 - 08:55 AM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
Ran TDSSKiller and deleted file as instructed. Ran TDSSKiller again and did not re-appear. Would you like me to post the log?
#21
Posted 28 October 2012 - 08:59 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
No, there is no neeed for the log
OK I see it
on completion could you check for redirects
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
OK I see it
on completion could you check for redirects 1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Firefox::
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; [email protected]; c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
#22
Posted 28 October 2012 - 09:37 AM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
ComboFix Log after script posted:
ComboFix 12-10-26.05 - User 10/28/2012 11:16:25.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4056.2622 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 15:24 . 2012-10-28 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 14:53 . 2012-10-28 14:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-27 19:11 . 2012-10-27 19:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 16:43 . 2012-10-27 16:43 -------- d-----w- C:\_OTL
2012-10-27 00:03 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{268440C4-288A-4EF8-9EFF-975EDCA3EEEA}\mpengine.dll
2012-10-24 01:07 . 2012-10-24 01:07 -------- d-----r- C:\Backup
2012-10-24 01:03 . 2009-12-14 16:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-10-24 01:03 . 2009-12-14 16:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-24 01:03 . 2012-10-28 14:02 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-24 01:02 . 2012-10-24 01:02 636760 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-24 00:24 . 2012-10-24 00:24 -------- d-----w- c:\windows\system32\appmgmt
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- c:\programdata\Sophos
2012-10-14 14:52 . 2012-10-14 14:52 -------- d-----w- C:\SNOW_WHITE_AND_THE_HUNTSMAN
2012-10-10 09:32 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 09:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 09:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 09:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 09:30 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 09:30 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 09:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 09:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 09:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 09:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-04 08:25 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 02:46 . 2011-01-19 16:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-24 19:32 . 2012-09-03 14:20 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2011-03-30 12:50 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 02:26 . 2012-08-31 02:26 235960 ----a-w- c:\windows\system32\klogon.dll
2012-08-24 11:15 . 2012-09-22 02:47 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 02:47 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 02:47 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 02:47 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 02:47 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 02:47 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 02:47 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 02:47 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 02:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 02:47 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 02:47 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 02:47 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 02:47 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 02:47 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 02:47 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 02:47 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 02:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 02:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 02:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 02:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-22 10:38 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-22 10:38 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-22 00:21 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-22 10:38 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 09:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-22 00:21 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-22 00:21 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE" [2012-06-19 2784256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe [2007-06-14 33712]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 1053104]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24914187
*NewlyCreated* - 70440724
*NewlyCreated* - 82608613
*Deregistered* - 24914187
*Deregistered* - 70440724
*Deregistered* - 82608613
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b96ec4c9-008f-47a5-9c70-b418bf10995b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ba41386c-3fcd-4c41-ba4d-2ca29797dcab.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"lxdkmon.exe"="c:\program files (x86)\Lexmark 5300 Series\lxdkmon.exe" [2010-02-15 455336]
"lxdkamon"="c:\program files (x86)\Lexmark 5300 Series\lxdkamon.exe" [2010-02-15 25256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fuo3pq6z.default\
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; [email protected]; c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-28 11:35:27
ComboFix-quarantined-files.txt 2012-10-28 15:35
ComboFix2.txt 2012-10-28 14:48
.
Pre-Run: 61,298,987,008 bytes free
Post-Run: 61,240,684,544 bytes free
.
- - End Of File - - C3A63E412BE396578D813DB93BFBEE66
ComboFix 12-10-26.05 - User 10/28/2012 11:16:25.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4056.2622 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 15:24 . 2012-10-28 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 14:53 . 2012-10-28 14:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-27 19:11 . 2012-10-27 19:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 16:43 . 2012-10-27 16:43 -------- d-----w- C:\_OTL
2012-10-27 00:03 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{268440C4-288A-4EF8-9EFF-975EDCA3EEEA}\mpengine.dll
2012-10-24 01:07 . 2012-10-24 01:07 -------- d-----r- C:\Backup
2012-10-24 01:03 . 2009-12-14 16:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-10-24 01:03 . 2009-12-14 16:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-24 01:03 . 2012-10-28 14:02 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-24 01:02 . 2012-10-24 01:02 636760 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-24 00:24 . 2012-10-24 00:24 -------- d-----w- c:\windows\system32\appmgmt
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-23 01:17 . 2012-10-23 01:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- c:\programdata\Sophos
2012-10-14 14:52 . 2012-10-14 14:52 -------- d-----w- C:\SNOW_WHITE_AND_THE_HUNTSMAN
2012-10-10 09:32 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 09:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 09:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 09:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 09:30 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 09:30 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 09:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 09:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 09:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 09:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-04 08:25 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 02:46 . 2011-01-19 16:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-24 19:32 . 2012-09-03 14:20 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2011-03-30 12:50 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 02:26 . 2012-08-31 02:26 235960 ----a-w- c:\windows\system32\klogon.dll
2012-08-24 11:15 . 2012-09-22 02:47 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 02:47 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 02:47 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 02:47 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 02:47 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 02:47 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 02:47 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 02:47 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 02:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 02:47 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 02:47 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 02:47 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 02:47 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 02:47 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 02:47 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 02:47 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 02:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 02:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 02:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 02:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-22 10:38 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-22 10:38 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-22 00:21 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-22 10:38 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 09:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-22 00:21 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-22 00:21 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE" [2012-06-19 2784256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe [2007-06-14 33712]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 1053104]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24914187
*NewlyCreated* - 70440724
*NewlyCreated* - 82608613
*Deregistered* - 24914187
*Deregistered* - 70440724
*Deregistered* - 82608613
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b96ec4c9-008f-47a5-9c70-b418bf10995b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ba41386c-3fcd-4c41-ba4d-2ca29797dcab.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"lxdkmon.exe"="c:\program files (x86)\Lexmark 5300 Series\lxdkmon.exe" [2010-02-15 455336]
"lxdkamon"="c:\program files (x86)\Lexmark 5300 Series\lxdkamon.exe" [2010-02-15 25256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fuo3pq6z.default\
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; [email protected]; c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-28 11:35:27
ComboFix-quarantined-files.txt 2012-10-28 15:35
ComboFix2.txt 2012-10-28 14:48
.
Pre-Run: 61,298,987,008 bytes free
Post-Run: 61,240,684,544 bytes free
.
- - End Of File - - C3A63E412BE396578D813DB93BFBEE66
#23
Posted 28 October 2012 - 10:18 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hmm that did not want to go that way... So lets try another
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
#24
Posted 28 October 2012 - 05:41 PM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
ComboFix Log Round 2:
ComboFix 12-10-26.05 - User 10/28/2012 19:21:09.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4056.2551 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Temp\SAS9A00.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 23:29 . 2012-10-28 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 14:53 . 2012-10-28 14:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-27 19:11 . 2012-10-27 19:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 16:43 . 2012-10-27 16:43 -------- d-----w- C:\_OTL
2012-10-27 00:03 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{268440C4-288A-4EF8-9EFF-975EDCA3EEEA}\mpengine.dll
2012-10-24 01:07 . 2012-10-24 01:07 -------- d-----r- C:\Backup
2012-10-24 01:03 . 2009-12-14 16:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-10-24 01:03 . 2009-12-14 16:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-24 01:03 . 2012-10-28 14:02 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-24 01:02 . 2012-10-24 01:02 636760 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-24 00:24 . 2012-10-24 00:24 -------- d-----w- c:\windows\system32\appmgmt
2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- c:\programdata\Sophos
2012-10-14 14:52 . 2012-10-14 14:52 -------- d-----w- C:\SNOW_WHITE_AND_THE_HUNTSMAN
2012-10-10 09:32 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 09:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 09:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 09:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 09:30 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 09:30 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 09:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 09:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 09:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 09:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-04 08:25 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 02:46 . 2011-01-19 16:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-24 19:32 . 2012-09-03 14:20 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2011-03-30 12:50 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 02:26 . 2012-08-31 02:26 235960 ----a-w- c:\windows\system32\klogon.dll
2012-08-24 11:15 . 2012-09-22 02:47 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 02:47 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 02:47 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 02:47 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 02:47 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 02:47 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 02:47 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 02:47 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 02:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 02:47 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 02:47 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 02:47 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 02:47 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 02:47 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 02:47 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 02:47 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 02:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 02:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 02:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 02:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-22 10:38 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-22 10:38 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-22 00:21 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-22 10:38 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 09:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-22 00:21 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-22 00:21 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE" [2012-06-19 2784256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe [2007-06-14 33712]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 1053104]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24914187
*NewlyCreated* - 70440724
*NewlyCreated* - 82608613
*Deregistered* - 24914187
*Deregistered* - 70440724
*Deregistered* - 82608613
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"lxdkmon.exe"="c:\program files (x86)\Lexmark 5300 Series\lxdkmon.exe" [2010-02-15 455336]
"lxdkamon"="c:\program files (x86)\Lexmark 5300 Series\lxdkamon.exe" [2010-02-15 25256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fuo3pq6z.default\
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; [email protected]; c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-28 19:39:57
ComboFix-quarantined-files.txt 2012-10-28 23:39
ComboFix2.txt 2012-10-28 15:35
ComboFix3.txt 2012-10-28 14:48
.
Pre-Run: 61,053,595,648 bytes free
Post-Run: 61,108,035,584 bytes free
.
- - End Of File - - B6EFE73AC6323CC983839AB400CFFFAE
ComboFix 12-10-26.05 - User 10/28/2012 19:21:09.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4056.2551 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Temp\SAS9A00.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 23:29 . 2012-10-28 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 14:53 . 2012-10-28 14:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-27 19:11 . 2012-10-27 19:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-27 16:43 . 2012-10-27 16:43 -------- d-----w- C:\_OTL
2012-10-27 00:03 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{268440C4-288A-4EF8-9EFF-975EDCA3EEEA}\mpengine.dll
2012-10-24 01:07 . 2012-10-24 01:07 -------- d-----r- C:\Backup
2012-10-24 01:03 . 2009-12-14 16:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-10-24 01:03 . 2009-12-14 16:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2012-10-24 01:03 . 2012-10-24 01:03 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-24 01:03 . 2012-10-28 14:02 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-24 01:02 . 2012-10-24 01:02 636760 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-24 00:24 . 2012-10-24 00:24 -------- d-----w- c:\windows\system32\appmgmt
2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- c:\programdata\Sophos
2012-10-14 14:52 . 2012-10-14 14:52 -------- d-----w- C:\SNOW_WHITE_AND_THE_HUNTSMAN
2012-10-10 09:32 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 09:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 09:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 09:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 09:30 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 09:30 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 09:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 09:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 09:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 09:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-04 08:25 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 02:46 . 2011-01-19 16:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-24 19:32 . 2012-09-03 14:20 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2011-03-30 12:50 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 02:26 . 2012-08-31 02:26 235960 ----a-w- c:\windows\system32\klogon.dll
2012-08-24 11:15 . 2012-09-22 02:47 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 02:47 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 02:47 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 02:47 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 02:47 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 02:47 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 02:47 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 02:47 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 02:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 02:47 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 02:47 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 02:47 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 02:47 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 02:47 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 02:47 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 02:47 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 02:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 02:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 02:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 02:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 02:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-22 10:38 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-22 10:38 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-22 00:21 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-22 10:38 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 09:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-22 00:21 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-22 00:21 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE" [2012-06-19 2784256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe [2007-06-14 33712]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 1053104]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24914187
*NewlyCreated* - 70440724
*NewlyCreated* - 82608613
*Deregistered* - 24914187
*Deregistered* - 70440724
*Deregistered* - 82608613
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 18:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"lxdkmon.exe"="c:\program files (x86)\Lexmark 5300 Series\lxdkmon.exe" [2010-02-15 455336]
"lxdkamon"="c:\program files (x86)\Lexmark 5300 Series\lxdkamon.exe" [2010-02-15 25256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fuo3pq6z.default\
FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; [email protected]; c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-28 19:39:57
ComboFix-quarantined-files.txt 2012-10-28 23:39
ComboFix2.txt 2012-10-28 15:35
ComboFix3.txt 2012-10-28 14:48
.
Pre-Run: 61,053,595,648 bytes free
Post-Run: 61,108,035,584 bytes free
.
- - End Of File - - B6EFE73AC6323CC983839AB400CFFFAE
#25
Posted 29 October 2012 - 07:53 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Are the redirects still occuring ?
#26
Posted 30 October 2012 - 06:46 AM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
My fiancee says the 2nd search she tried on google redirected her to another site...This thing just will not go away. 
#27
Posted 30 October 2012 - 07:58 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yep it is still there, i was hoping that it was just the key and not the file
I will try OTL on it and if that fails I will find something stronger
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
I will try OTL on it and if that fails I will find something stronger
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected] :Commands [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#28
Posted 31 October 2012 - 06:07 PM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
OTL Run Fix Log:
All processes killed
========== FILES ==========
File\Folder c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected] not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User
->Temp folder emptied: 1410691 bytes
->Temporary Internet Files folder emptied: 466537 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 384284084 bytes
->Flash cache emptied: 562 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6478 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 15059671 bytes
Total Files Cleaned = 383.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 10312012_200155
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
All processes killed
========== FILES ==========
File\Folder c:\users\User\Application Data\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions\[email protected] not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: User
->Temp folder emptied: 1410691 bytes
->Temporary Internet Files folder emptied: 466537 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 384284084 bytes
->Flash cache emptied: 562 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6478 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 15059671 bytes
Total Files Cleaned = 383.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 10312012_200155
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#29
Posted 31 October 2012 - 06:20 PM
hellooomcfly
- Topic Starter
-
- Member
-
- 48 posts
Member
OTL Quick Scan Log:
OTL logfile created on: 10/31/2012 8:08:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.74% Memory free
7.92 Gb Paging File | 6.08 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 51.56 Gb Free Space | 23.63% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/27 09:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2012/06/19 13:44:22 | 002,784,256 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2010/02/15 12:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
PRC - [2010/02/15 12:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/10 06:06:15 | 000,460,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 06:06:13 | 012,435,992 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 06:06:12 | 004,005,912 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 06:04:57 | 000,578,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 06:04:55 | 000,123,928 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 06:04:44 | 000,156,712 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 06:04:43 | 000,275,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 06:04:42 | 002,168,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/08/30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012/06/14 10:21:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:20:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 08:22:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 08:22:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 08:22:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 08:21:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/02/15 12:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
MOD - [2010/02/15 12:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
MOD - [2010/02/09 07:41:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.core.dll
MOD - [2010/02/09 07:41:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.common.dll
MOD - [2010/02/09 07:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/06/06 06:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/05/22 16:19:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkscw.dll
MOD - [2007/05/03 10:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkdatr.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkcats.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/14 07:15:50 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdkcoms.exe -- (lxdk_device)
SRV:64bit: - [2007/06/14 07:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV:64bit: - [2005/07/06 12:04:44 | 000,414,208 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/14 07:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/06/14 07:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdkcoms.exe -- (lxdk_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/10/23 21:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/06/15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/12/14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 13:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/01 10:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/03 10:20:56 | 000,000,000 | ---D | M]
[2011/06/08 11:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/10/27 12:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions
[2012/10/27 15:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/03 10:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/27 15:10:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/12/21 08:01:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/21 08:01:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 08:01:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Virtual Keyboard = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Skype Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
O1 HOSTS File: ([2012/10/31 20:01:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdkamon] C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe ()
O4:64bit: - HKLM..\Run: [lxdkmon.exe] C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D6B9BB-4084-4035-A1C6-FEB527AA9A3A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/31 16:54:51 | 000,000,000 | ---D | C] -- C:\Users\User\New folder
[2012/10/29 07:30:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/28 19:40:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/28 19:19:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/28 10:53:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/28 10:05:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 10:05:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 10:05:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/28 10:05:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 10:05:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/28 10:04:11 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 15:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/27 14:02:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA33728A-6A86-4621-9DD8-C5B763852CD4}
[2012/10/27 12:43:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/26 09:45:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ADA81C03-782F-4B4F-8A0C-E1C3AE304FF6}
[2012/10/25 21:45:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5B403C6A-E557-4A2E-98C1-308394D5BC8C}
[2012/10/25 05:32:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2C68AE0-90FD-44CF-AB28-97C6C88F9371}
[2012/10/23 21:07:32 | 000,000,000 | R--D | C] -- C:\Backup
[2012/10/23 21:06:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27AAE9B6-21FC-4F1E-A210-75BE59B31DAD}
[2012/10/23 21:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
[2012/10/23 21:03:49 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2012/10/23 21:03:49 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2012/10/23 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2012/10/23 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/23 21:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/23 21:02:39 | 000,636,760 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 20:24:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/10/22 21:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/22 09:05:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{765D74CE-8B36-4E6C-9D2B-693BB2EDCF45}
[2012/10/21 09:04:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2D152C3F-F984-424E-945F-872505753375}
[2012/10/20 09:04:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9991A9D4-1FBE-4242-8BC7-B89B670643E6}
[2012/10/19 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3B5EA071-0DF6-4EDF-BCD2-523763E21662}
[2012/10/19 07:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F8FEE630-8975-45C7-AB32-CB71968D1CB6}
[2012/10/18 19:46:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{48FBFEE6-AE58-49F0-BF5F-7A9D40072BDC}
[2012/10/18 07:46:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DAC43719-1E41-48C0-BE81-FDF5BC830570}
[2012/10/17 07:45:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BEC684CD-00DA-443F-ABC3-20F36DE13F4C}
[2012/10/15 07:44:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BF81F53-C7B1-4092-9683-A0D3595BBED3}
[2012/10/14 10:52:40 | 000,000,000 | ---D | C] -- C:\SNOW_WHITE_AND_THE_HUNTSMAN
[2012/10/14 07:01:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B915AE48-3EF9-4C21-A43A-CD7ABDAB48B5}
[2012/10/13 07:00:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B7F5874-F6CC-491E-87FF-E43C29696A4B}
[2012/10/12 05:45:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4312F491-DF38-400F-A76D-1C51D569D45B}
[2012/10/11 05:45:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE0B1F43-B37B-4F2F-A6D5-EB379C258333}
[2012/10/10 05:44:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1781C365-41E1-46F9-811F-9E89A6EB5C5B}
[2012/10/09 05:43:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{771D728F-8BE2-411E-B1F1-3E8A88D05DBA}
[2012/10/08 05:43:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B22D03F9-A5A4-49A5-BE54-F9379D4A75C8}
[2012/10/07 17:42:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{356108A0-88AE-4467-BA0E-A1FB0036AB84}
[2012/10/06 05:15:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB3B69D0-3D56-4160-9BA7-EA1176026888}
[2012/10/05 04:19:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C471D91A-5579-4E52-83D2-99B1508C0E77}
[2012/10/04 04:18:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F69E8D1-DFBF-47D5-8326-5EE1E0EAF635}
========== Files - Modified Within 30 Days ==========
[2012/10/31 20:11:54 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 20:11:54 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 20:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
[2012/10/31 20:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/31 20:04:15 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 20:01:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/31 17:00:34 | 005,290,493 | ---- | M] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/31 16:56:26 | 000,013,902 | ---- | M] () -- C:\Users\User\Desktop\normal_melissa_pumpkin1.jpg
[2012/10/31 16:52:46 | 000,041,474 | ---- | M] () -- C:\Users\User\Desktop\image-001090f2632ed32d5c16118bfc2329d6-Rebecca2.jpg
[2012/10/31 16:49:32 | 000,653,624 | ---- | M] () -- C:\Users\User\Desktop\halloween-8.jpg
[2012/10/31 07:11:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
[2012/10/30 19:20:29 | 000,087,889 | ---- | M] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/30 19:20:29 | 000,008,892 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2012/10/28 10:04:53 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 07:07:50 | 000,016,958 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 07:07:22 | 000,057,307 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 07:01:50 | 000,053,151 | ---- | M] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 06:59:36 | 000,100,302 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 06:57:15 | 000,084,041 | ---- | M] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 06:54:46 | 000,104,445 | ---- | M] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 07:41:38 | 000,097,685 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 07:41:12 | 000,066,280 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 07:38:29 | 000,107,105 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 07:37:22 | 000,177,962 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 07:28:29 | 000,022,429 | ---- | M] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 07:27:29 | 000,051,073 | ---- | M] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 07:17:46 | 000,058,277 | ---- | M] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 06:55:56 | 000,062,039 | ---- | M] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 06:42:40 | 000,055,196 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 06:18:14 | 000,100,803 | ---- | M] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 21:07:34 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 21:04:31 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 21:04:31 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/23 21:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 20:58:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/15 20:48:15 | 000,012,183 | ---- | M] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 06:41:09 | 000,002,288 | ---- | M] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/10 19:13:09 | 000,002,481 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/10/10 13:05:17 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/10 13:05:17 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/10 13:05:17 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/08 12:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/08 12:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/07 19:03:23 | 000,018,117 | ---- | M] () -- C:\Users\User\Desktop\Capture.GIF
[2012/10/05 21:24:50 | 000,035,276 | ---- | M] () -- C:\Users\User\Desktop\draft_lens18983966module155781753photo_1_1323813840twilight_wedding_invitation.jpg
[2012/10/05 05:33:27 | 003,816,802 | ---- | M] () -- C:\Users\User\Desktop\fltbirdinstrumental.mp3
========== Files Created - No Company Name ==========
[2012/10/31 17:00:27 | 005,290,493 | ---- | C] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/31 16:56:16 | 000,013,902 | ---- | C] () -- C:\Users\User\Desktop\normal_melissa_pumpkin1.jpg
[2012/10/31 16:52:46 | 000,041,474 | ---- | C] () -- C:\Users\User\Desktop\image-001090f2632ed32d5c16118bfc2329d6-Rebecca2.jpg
[2012/10/31 16:49:32 | 000,653,624 | ---- | C] () -- C:\Users\User\Desktop\halloween-8.jpg
[2012/10/30 19:20:29 | 000,008,892 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012/10/30 19:05:09 | 000,087,889 | ---- | C] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/29 07:35:03 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/28 10:05:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 10:05:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 10:05:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 10:05:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 10:05:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/27 07:07:49 | 000,016,958 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 07:07:17 | 000,057,307 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 07:01:47 | 000,053,151 | ---- | C] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 06:59:28 | 000,100,302 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 06:57:10 | 000,084,041 | ---- | C] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 06:54:41 | 000,104,445 | ---- | C] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 07:41:38 | 000,097,685 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 07:41:12 | 000,066,280 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 07:38:29 | 000,107,105 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 07:37:21 | 000,177,962 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 07:29:33 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 07:28:29 | 000,022,429 | ---- | C] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 07:27:29 | 000,051,073 | ---- | C] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 07:17:45 | 000,058,277 | ---- | C] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 06:55:55 | 000,062,039 | ---- | C] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 06:42:40 | 000,055,196 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 06:18:13 | 000,100,803 | ---- | C] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 21:07:34 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 21:04:31 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 21:04:31 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/15 20:48:15 | 000,012,183 | ---- | C] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 06:41:08 | 000,002,288 | ---- | C] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/08 09:53:28 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/07 19:03:23 | 000,018,117 | ---- | C] () -- C:\Users\User\Desktop\Capture.GIF
[2012/10/05 21:24:49 | 000,035,276 | ---- | C] () -- C:\Users\User\Desktop\draft_lens18983966module155781753photo_1_1323813840twilight_wedding_invitation.jpg
[2012/10/05 05:33:19 | 003,816,802 | ---- | C] () -- C:\Users\User\Desktop\fltbirdinstrumental.mp3
[2012/08/21 20:05:21 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdkcomx.dll
[2012/08/21 20:05:21 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkinpa.dll
[2012/08/21 20:05:21 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdkinst.dll
[2012/08/21 20:05:20 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkserv.dll
[2012/08/21 20:05:20 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkusb1.dll
[2012/08/21 20:05:20 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkpmui.dll
[2012/08/21 20:05:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkiesc.dll
[2012/08/21 20:05:19 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkhbn3.dll
[2012/08/21 20:05:19 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcoms.exe
[2012/08/21 20:05:19 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdklmpm.dll
[2012/08/21 20:05:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomm.dll
[2012/08/21 20:05:19 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkih.exe
[2012/08/21 20:05:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkprox.dll
[2012/08/21 20:05:18 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomc.dll
[2012/08/21 20:05:18 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcfg.exe
[2011/12/21 12:00:50 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/12/17 10:18:17 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/08 11:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/06 15:07:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/16 14:59:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/15 13:47:42 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/11/02 08:30:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012/10/30 19:06:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2012/08/21 20:11:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio
[2012/09/21 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Temp
[2012/10/19 12:53:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A
< End of report >
OTL logfile created on: 10/31/2012 8:08:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.74% Memory free
7.92 Gb Paging File | 6.08 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 51.56 Gb Free Space | 23.63% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/27 09:24:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2012/06/19 13:44:22 | 002,784,256 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2010/02/15 12:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
PRC - [2010/02/15 12:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/10 06:06:15 | 000,460,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 06:06:13 | 012,435,992 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 06:06:12 | 004,005,912 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 06:04:57 | 000,578,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 06:04:55 | 000,123,928 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 06:04:44 | 000,156,712 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 06:04:43 | 000,275,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 06:04:42 | 002,168,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/08/30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2012/08/30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2012/08/30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2012/08/30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2012/08/30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2012/08/30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2012/08/30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2012/06/14 10:21:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:20:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 08:22:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 08:22:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 08:22:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 08:21:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/02/15 12:26:42 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe
MOD - [2010/02/15 12:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe
MOD - [2010/02/09 07:41:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.core.dll
MOD - [2010/02/09 07:41:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.monitor.common.dll
MOD - [2010/02/09 07:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll
MOD - [2008/06/06 06:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/05/22 16:19:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkscw.dll
MOD - [2007/05/03 10:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkdatr.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5300 Series\lxdkcats.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/14 07:15:50 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdkcoms.exe -- (lxdk_device)
SRV:64bit: - [2007/06/14 07:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV:64bit: - [2005/07/06 12:04:44 | 000,414,208 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2012/08/30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/14 07:15:40 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/06/14 07:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdkcoms.exe -- (lxdk_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/10/23 21:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/06/15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/12/14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 13:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\[email protected] [2012/10/23 21:03:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/01 10:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/03 10:20:56 | 000,000,000 | ---D | M]
[2011/06/08 11:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/10/27 12:43:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fuo3pq6z.default\extensions
[2012/10/27 15:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/03 10:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/27 15:10:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/12/21 08:01:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/21 08:01:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 08:01:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Virtual Keyboard = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Skype Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
O1 HOSTS File: ([2012/10/31 20:01:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdkamon] C:\Program Files (x86)\Lexmark 5300 Series\lxdkamon.exe ()
O4:64bit: - HKLM..\Run: [lxdkmon.exe] C:\Program Files (x86)\Lexmark 5300 Series\lxdkmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D6B9BB-4084-4035-A1C6-FEB527AA9A3A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/31 16:54:51 | 000,000,000 | ---D | C] -- C:\Users\User\New folder
[2012/10/29 07:30:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/28 19:40:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/28 19:19:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/28 10:53:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/28 10:05:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 10:05:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 10:05:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/28 10:05:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 10:05:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/28 10:04:11 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 15:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/27 14:02:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA33728A-6A86-4621-9DD8-C5B763852CD4}
[2012/10/27 12:43:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/26 09:45:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ADA81C03-782F-4B4F-8A0C-E1C3AE304FF6}
[2012/10/25 21:45:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5B403C6A-E557-4A2E-98C1-308394D5BC8C}
[2012/10/25 05:32:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2C68AE0-90FD-44CF-AB28-97C6C88F9371}
[2012/10/23 21:07:32 | 000,000,000 | R--D | C] -- C:\Backup
[2012/10/23 21:06:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27AAE9B6-21FC-4F1E-A210-75BE59B31DAD}
[2012/10/23 21:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0
[2012/10/23 21:03:49 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2012/10/23 21:03:49 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2012/10/23 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2012/10/23 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/23 21:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/23 21:02:39 | 000,636,760 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 20:24:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/10/22 21:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/22 09:05:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{765D74CE-8B36-4E6C-9D2B-693BB2EDCF45}
[2012/10/21 09:04:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2D152C3F-F984-424E-945F-872505753375}
[2012/10/20 09:04:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9991A9D4-1FBE-4242-8BC7-B89B670643E6}
[2012/10/19 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3B5EA071-0DF6-4EDF-BCD2-523763E21662}
[2012/10/19 07:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F8FEE630-8975-45C7-AB32-CB71968D1CB6}
[2012/10/18 19:46:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{48FBFEE6-AE58-49F0-BF5F-7A9D40072BDC}
[2012/10/18 07:46:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DAC43719-1E41-48C0-BE81-FDF5BC830570}
[2012/10/17 07:45:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BEC684CD-00DA-443F-ABC3-20F36DE13F4C}
[2012/10/15 07:44:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BF81F53-C7B1-4092-9683-A0D3595BBED3}
[2012/10/14 10:52:40 | 000,000,000 | ---D | C] -- C:\SNOW_WHITE_AND_THE_HUNTSMAN
[2012/10/14 07:01:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B915AE48-3EF9-4C21-A43A-CD7ABDAB48B5}
[2012/10/13 07:00:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8B7F5874-F6CC-491E-87FF-E43C29696A4B}
[2012/10/12 05:45:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4312F491-DF38-400F-A76D-1C51D569D45B}
[2012/10/11 05:45:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE0B1F43-B37B-4F2F-A6D5-EB379C258333}
[2012/10/10 05:44:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1781C365-41E1-46F9-811F-9E89A6EB5C5B}
[2012/10/09 05:43:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{771D728F-8BE2-411E-B1F1-3E8A88D05DBA}
[2012/10/08 05:43:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B22D03F9-A5A4-49A5-BE54-F9379D4A75C8}
[2012/10/07 17:42:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{356108A0-88AE-4467-BA0E-A1FB0036AB84}
[2012/10/06 05:15:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BB3B69D0-3D56-4160-9BA7-EA1176026888}
[2012/10/05 04:19:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C471D91A-5579-4E52-83D2-99B1508C0E77}
[2012/10/04 04:18:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F69E8D1-DFBF-47D5-8326-5EE1E0EAF635}
========== Files - Modified Within 30 Days ==========
[2012/10/31 20:11:54 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 20:11:54 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 20:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000UA.job
[2012/10/31 20:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/31 20:04:15 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 20:01:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/31 17:00:34 | 005,290,493 | ---- | M] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/31 16:56:26 | 000,013,902 | ---- | M] () -- C:\Users\User\Desktop\normal_melissa_pumpkin1.jpg
[2012/10/31 16:52:46 | 000,041,474 | ---- | M] () -- C:\Users\User\Desktop\image-001090f2632ed32d5c16118bfc2329d6-Rebecca2.jpg
[2012/10/31 16:49:32 | 000,653,624 | ---- | M] () -- C:\Users\User\Desktop\halloween-8.jpg
[2012/10/31 07:11:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736551342-4217978772-3593102293-1000Core.job
[2012/10/30 19:20:29 | 000,087,889 | ---- | M] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/30 19:20:29 | 000,008,892 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2012/10/28 10:04:53 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/10/27 07:07:50 | 000,016,958 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 07:07:22 | 000,057,307 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 07:01:50 | 000,053,151 | ---- | M] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 06:59:36 | 000,100,302 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 06:57:15 | 000,084,041 | ---- | M] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 06:54:46 | 000,104,445 | ---- | M] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 07:41:38 | 000,097,685 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 07:41:12 | 000,066,280 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 07:38:29 | 000,107,105 | ---- | M] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 07:37:22 | 000,177,962 | ---- | M] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | M] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 07:28:29 | 000,022,429 | ---- | M] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 07:27:29 | 000,051,073 | ---- | M] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 07:17:46 | 000,058,277 | ---- | M] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 06:55:56 | 000,062,039 | ---- | M] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 06:42:40 | 000,055,196 | ---- | M] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 06:18:14 | 000,100,803 | ---- | M] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 21:07:34 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 21:04:31 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 21:04:31 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/23 21:02:39 | 000,636,760 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/23 20:58:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/15 20:48:15 | 000,012,183 | ---- | M] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 06:41:09 | 000,002,288 | ---- | M] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/10 19:13:09 | 000,002,481 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/10/10 13:05:17 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/10 13:05:17 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/10 13:05:17 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/08 12:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/08 12:55:24 | 000,063,376 | ---- | M] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/07 19:03:23 | 000,018,117 | ---- | M] () -- C:\Users\User\Desktop\Capture.GIF
[2012/10/05 21:24:50 | 000,035,276 | ---- | M] () -- C:\Users\User\Desktop\draft_lens18983966module155781753photo_1_1323813840twilight_wedding_invitation.jpg
[2012/10/05 05:33:27 | 003,816,802 | ---- | M] () -- C:\Users\User\Desktop\fltbirdinstrumental.mp3
========== Files Created - No Company Name ==========
[2012/10/31 17:00:27 | 005,290,493 | ---- | C] () -- C:\Users\User\Desktop\vsq_flightlessbird.mp3
[2012/10/31 16:56:16 | 000,013,902 | ---- | C] () -- C:\Users\User\Desktop\normal_melissa_pumpkin1.jpg
[2012/10/31 16:52:46 | 000,041,474 | ---- | C] () -- C:\Users\User\Desktop\image-001090f2632ed32d5c16118bfc2329d6-Rebecca2.jpg
[2012/10/31 16:49:32 | 000,653,624 | ---- | C] () -- C:\Users\User\Desktop\halloween-8.jpg
[2012/10/30 19:20:29 | 000,008,892 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012/10/30 19:05:09 | 000,087,889 | ---- | C] () -- C:\Users\User\Desktop\num - Copy.jpg
[2012/10/29 07:35:03 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358 - Copy.jpg
[2012/10/28 10:05:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 10:05:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 10:05:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 10:05:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 10:05:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/27 07:07:49 | 000,016,958 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.174067210.jpg
[2012/10/27 07:07:17 | 000,057,307 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.340363817.jpg
[2012/10/27 07:01:47 | 000,053,151 | ---- | C] () -- C:\Users\User\Desktop\block.jpg
[2012/10/27 06:59:28 | 000,100,302 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.317436470.jpg
[2012/10/27 06:57:10 | 000,084,041 | ---- | C] () -- C:\Users\User\Desktop\num2.jpg
[2012/10/27 06:54:41 | 000,104,445 | ---- | C] () -- C:\Users\User\Desktop\num.jpg
[2012/10/26 07:41:38 | 000,097,685 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_FOLDED_3x5-30201-5548-MERCHLARGE_FRONT-v133546688100097685.jpg
[2012/10/26 07:41:12 | 000,066,280 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.350946046.jpg
[2012/10/26 07:38:29 | 000,107,105 | ---- | C] () -- C:\Users\User\Desktop\il_570xN.386653431_m4u8.jpg
[2012/10/26 07:37:21 | 000,177,962 | ---- | C] () -- C:\Users\User\Desktop\il_fullxfull.372455837_ityu.jpg
[2012/10/26 07:29:33 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds - Copy.jpg
[2012/10/26 07:29:17 | 000,017,921 | ---- | C] () -- C:\Users\User\Desktop\blankbirds.jpg
[2012/10/26 07:28:29 | 000,022,429 | ---- | C] () -- C:\Users\User\Desktop\birds2.jpg
[2012/10/26 07:27:29 | 000,051,073 | ---- | C] () -- C:\Users\User\Desktop\birds1.jpg
[2012/10/26 07:17:45 | 000,058,277 | ---- | C] () -- C:\Users\User\Desktop\birds.jpg
[2012/10/26 06:55:55 | 000,062,039 | ---- | C] () -- C:\Users\User\Desktop\us.jpg
[2012/10/26 06:42:40 | 000,055,196 | ---- | C] () -- C:\Users\User\Desktop\STATIONERYCARD_A2-24004-4997-MERCHLARGE_FRONT-v131906950000055196.jpg
[2012/10/26 06:18:13 | 000,100,803 | ---- | C] () -- C:\Users\User\Desktop\date.jpg
[2012/10/23 21:07:34 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/10/23 21:04:31 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/23 21:04:31 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/15 20:48:15 | 000,012,183 | ---- | C] () -- C:\Users\User\Desktop\pitcher01-240x240.jpg
[2012/10/11 06:41:08 | 000,002,288 | ---- | C] () -- C:\Users\User\Desktop\eng.GIF
[2012/10/08 09:53:28 | 000,063,376 | ---- | C] () -- C:\Users\User\Desktop\edilhr 358.jpg
[2012/10/07 19:03:23 | 000,018,117 | ---- | C] () -- C:\Users\User\Desktop\Capture.GIF
[2012/10/05 21:24:49 | 000,035,276 | ---- | C] () -- C:\Users\User\Desktop\draft_lens18983966module155781753photo_1_1323813840twilight_wedding_invitation.jpg
[2012/10/05 05:33:19 | 003,816,802 | ---- | C] () -- C:\Users\User\Desktop\fltbirdinstrumental.mp3
[2012/08/21 20:05:21 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdkcomx.dll
[2012/08/21 20:05:21 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkinpa.dll
[2012/08/21 20:05:21 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdkinst.dll
[2012/08/21 20:05:20 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkserv.dll
[2012/08/21 20:05:20 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkusb1.dll
[2012/08/21 20:05:20 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkpmui.dll
[2012/08/21 20:05:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkiesc.dll
[2012/08/21 20:05:19 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkhbn3.dll
[2012/08/21 20:05:19 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcoms.exe
[2012/08/21 20:05:19 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdklmpm.dll
[2012/08/21 20:05:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomm.dll
[2012/08/21 20:05:19 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkih.exe
[2012/08/21 20:05:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkprox.dll
[2012/08/21 20:05:18 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcomc.dll
[2012/08/21 20:05:18 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdkcfg.exe
[2011/12/21 12:00:50 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/12/17 10:18:17 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/08 11:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/06 15:07:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/16 14:59:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/15 13:47:42 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/11/02 08:30:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012/10/30 19:06:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2012/08/21 20:11:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio
[2012/09/21 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Temp
[2012/10/19 12:53:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A
< End of report >
#30
Posted 01 November 2012 - 08:30 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
If you are still getting redirects please do the following
Run Firefox in safe mode, details here
Have the redirects ceased ?
If so then re-enable the addons one at time to determine which is the bad one
When the bad one is located could you let me know its name
If you get redirected in safe mode we will have to totally uninstall Firefox
Run Firefox in safe mode, details here
Have the redirects ceased ?
If so then re-enable the addons one at time to determine which is the bad one
When the bad one is located could you let me know its name
If you get redirected in safe mode we will have to totally uninstall Firefox
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
