[TrueCharismaX]

Hello.

First I would like to say that I am new to this forum, as this is obviously my first post:) Anyway, when checking Microsoft Security Essentials yesterday I noticed that it had found a Trojan with a severe alert level. This was the Trojan that it found:

Trojan:Win64/Alureon.gen!K

The thing is, MSE said the virus had been removed, however, what instantly concerned me was that it also said it had encountered an error and could not find the Malware and other potentially unwanted software on the computer.

So afterward, I scanned Malwarebytes. The only thing Malwarebytes found and supposedly successfully removed was C:\Users\Dell\AppData\Local\Temp\0.2927146628338083 (Exploit.Drop.9)

Then, I system restored to July 4, 2012.

However, the thing that concerns me is what MSE said about not being able to find the Alureon Malware. After reading up a bit on how serious this Trojan is this is something I really want to make sure is not on my computer.

Any help on how to take care of this problem will be greatly appreciated. Thank you!

[Advertisements]

Just bumping this before I get some rest for a few hours.

[TrueCharismaX]

Just bumping this before I get some rest for a few hours.

[Essexboy]

Hi there I will need a little data first

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[TrueCharismaX]

Hello. Sorry for taking so long to respond. I will do as you said and provide this information in my next reply.

[TrueCharismaX]

First, here is the OTL.Txt log

OTL logfile created on: 7/29/2012 10:50:41 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\ThE MaInEvenTa\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.17% Memory free
5.98 Gb Paging File | 5.27 Gb Available in Paging File | 88.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.00 Gb Total Space | 112.06 Gb Free Space | 75.20% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 74.32 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

Computer Name: DELL530 | User Name: ThE MaInEvenTa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/29 22:46:24 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\ThE MaInEvenTa\Desktop\OTL.exe
PRC - [2012/06/17 20:41:20 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Users\ThE MaInEvenTa\Downloads\ThE MaInEvenTa\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/17 20:41:19 | 002,042,848 | ---- | M] () -- C:\Users\ThE MaInEvenTa\Downloads\ThE MaInEvenTa\mozjs.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/12/13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/05 01:46:12 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/07 19:22:28 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2011/12/07 19:22:22 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/16 15:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/07 19:22:48 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 14:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011/02/22 14:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011/02/22 14:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/09/23 20:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 15:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/07/26 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/07/23 16:05:22 | 000,009,968 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2007/07/23 16:05:12 | 000,135,152 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2007/07/23 16:05:12 | 000,046,448 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2007/07/23 16:05:10 | 000,144,112 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2007/07/23 16:05:08 | 000,035,056 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2007/07/23 16:05:06 | 000,042,352 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2007/07/23 16:05:06 | 000,019,824 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2007/07/23 16:05:04 | 000,146,672 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2007/07/23 15:55:46 | 000,124,112 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV:64bit: - [2007/07/23 15:49:50 | 000,041,072 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2007/07/23 15:49:50 | 000,017,776 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
DRV:64bit: - [2007/07/23 15:43:46 | 000,063,984 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV - [2011/09/16 15:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3043359913-4138655392-2109314318-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3043359913-4138655392-2109314318-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3043359913-4138655392-2109314318-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 12 09 49 93 55 CD 01 [binary data]
IE - HKU\S-1-5-21-3043359913-4138655392-2109314318-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3043359913-4138655392-2109314318-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3043359913-4138655392-2109314318-1003\..\SearchScopes\{C5726F03-711A-451B-95AD-A233F19EDE14}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3043359913-4138655392-2109314318-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Users\ThE MaInEvenTa\Downloads\ThE MaInEvenTa\components [2012/07/29 22:39:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Users\ThE MaInEvenTa\Downloads\ThE MaInEvenTa\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Users\ThE MaInEvenTa\Downloads\ThE MaInEvenTa\components [2012/07/29 22:39:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Users\ThE MaInEvenTa\Downloads\ThE MaInEvenTa\plugins

[2012/03/18 04:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ThE MaInEvenTa\AppData\Roaming\Mozilla\Extensions
[2012/06/17 21:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ThE MaInEvenTa\AppData\Roaming\Mozilla\Firefox\Profiles\p8v0dkuz.default\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ThE MaInEvenTa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\ThE MaInEvenTa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\ThE MaInEvenTa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\ThE MaInEvenTa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\ThE MaInEvenTa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\
CHR - Extension: Gmail = C:\Users\ThE MaInEvenTa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3043359913-4138655392-2109314318-1003..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0C5CF442-582E-4357-B116-765DA99CAA8C} https://bxsprod.apps...t/IrcViewer.cab (CompositeView Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C047485-6435-4F10-81AE-9A57596A58BB}: DhcpNameServer = 64.22.178.45 64.22.186.47
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B12FAE55-D76F-48E2-9A2A-CE87D2169C88}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{29cbbc3d-5024-11e1-8ec3-00219b0679b4}\Shell - "" = AutoRun
O33 - MountPoints2\{29cbbc3d-5024-11e1-8ec3-00219b0679b4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 22:46:19 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\ThE MaInEvenTa\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2012/07/29 22:46:24 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\ThE MaInEvenTa\Desktop\OTL.exe
[2012/07/29 22:46:01 | 000,729,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 22:46:01 | 000,626,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 22:46:01 | 000,107,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/29 22:41:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/29 22:41:29 | 2407,403,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 22:40:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 22:27:48 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 22:27:48 | 000,019,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 20:29:35 | 000,019,843 | ---- | M] () -- C:\Users\ThE MaInEvenTa\Desktop\YESSSSSSS!!!!!.png
[2012/07/18 21:20:01 | 000,039,499 | ---- | M] () -- C:\Users\ThE MaInEvenTa\Desktop\582080_333278233424740_1411703141_n.jpg
[2012/07/11 02:42:05 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/11 02:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

========== Files Created - No Company Name ==========

[2012/07/22 20:29:34 | 000,019,843 | ---- | C] () -- C:\Users\ThE MaInEvenTa\Desktop\YESSSSSSS!!!!!.png
[2012/07/18 21:19:59 | 000,039,499 | ---- | C] () -- C:\Users\ThE MaInEvenTa\Desktop\582080_333278233424740_1411703141_n.jpg
[2012/03/17 02:27:59 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/10 18:13:07 | 000,000,234 | -H-- | C] () -- C:\Windows\wininit.ini

========== LOP Check ==========

[2012/02/22 10:23:49 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/02/22 10:23:49 | 000,000,000 | -H-D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012/01/14 01:17:51 | 000,000,000 | ---D | M] -- C:\Users\ThE MaInEvenTa\AppData\Roaming\IObit
[2012/05/14 18:11:54 | 000,000,000 | ---D | M] -- C:\Users\ThE MaInEvenTa\AppData\Roaming\Sublime Text 2
[2012/06/05 06:26:55 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/01/03 08:10:44 | 000,585,874 | ---- | M] () MD5=0E19E0BEA7B159153258688CF8ED7716 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 02:38:21 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 02:38:21 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 02:38:19 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 02:38:21 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 02:38:19 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 02:38:21 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 18:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011/12/24 18:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >

Edited by TrueCharismaX, 29 July 2012 - 10:52 PM.

[TrueCharismaX]

Extras.Txt log


OTL Extras logfile created on: 7/29/2012 10:50:41 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\ThE MaInEvenTa\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.17% Memory free
5.98 Gb Paging File | 5.27 Gb Available in Paging File | 88.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.00 Gb Total Space | 112.06 Gb Free Space | 75.20% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 74.32 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

Computer Name: DELL530 | User Name: ThE MaInEvenTa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3043359913-4138655392-2109314318-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\ThE MaInEvenTa\Downloads\ThE MaInEvenTa\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{968A036F-4B15-448F-A8DF-8C6A17088C20}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0163E5BE-BE26-4019-B599-9A81F2A86F71}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{14922D05-7E57-4871-BE1D-D5DE4C4C8BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{15D2C18F-68B0-43DF-AAF4-4C8252D5A482}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{17C61A63-6DE9-4AAA-83B8-11B189A7412A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{1BA73684-AF64-4E97-929E-F15DFCF13B86}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{1C19637F-F9B9-4A9C-926A-081D38FCC203}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{26546DFC-5446-46DE-BB13-E036F439524B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{39309D68-12E6-4ABD-A00A-2BC5FD0CF208}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{4E51D3A3-E4B6-4A87-A533-91EF651BEA1C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{697D6992-55A2-45EE-A635-C3D1E85BA2B9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{74FA753D-F3E3-44B0-B077-D8D0DCE53F6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{863270D8-B4EC-4FEB-92B1-63E5F6E767CA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8E8D56F2-9CDD-4261-A73C-7F0B020DFA52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{ABC70353-A511-40C4-B0E2-1C0AC85F09DF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{ADEDFB99-7566-456E-B22F-A3B06182DDC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B71CD701-652A-479A-8255-7ECF8BE91077}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{BD7889C0-78E3-4F59-A7BC-475C417C1F14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{CEB4DAB8-8E0D-41BD-B409-A12207F8D293}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E107DE58-2DE4-4B1C-9280-25E3CF1C9979}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{EDDC15CD-D7A0-4BCE-811D-0B57100FEBBC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{FF1EB220-F4F4-4CF5-9DB4-ECC4728D5037}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Google Chrome" = Google Chrome
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Sublime Text 2_is1" = Sublime Text 2 Build 2181
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3043359913-4138655392-2109314318-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/29/2012 8:43:12 PM | Computer Name = Dell530 | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 10:08:46 PM | Computer Name = Dell530 | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 10:22:39 PM | Computer Name = Dell530 | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 10:46:30 PM | Computer Name = Dell530 | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 11:14:01 PM | Computer Name = Dell530 | Source = System Restore | ID = 8193
Description =

Error - 7/29/2012 11:14:06 PM | Computer Name = Dell530 | Source = System Restore | ID = 8193
Description =

Error - 7/29/2012 11:19:48 PM | Computer Name = Dell530 | Source = MsiInstaller | ID = 11720
Description =

Error - 7/29/2012 11:19:55 PM | Computer Name = Dell530 | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 11:30:16 PM | Computer Name = Dell530 | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 11:43:14 PM | Computer Name = Dell530 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/5/2012 2:38:50 PM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 4/6/2012 3:30:29 PM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 4/6/2012 8:25:28 PM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 4/7/2012 9:54:16 AM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 4/7/2012 2:04:31 PM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 4/8/2012 3:18:11 AM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 4/8/2012 9:54:34 AM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 4/8/2012 1:10:28 PM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 4/8/2012 1:21:50 PM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2

Error - 4/8/2012 3:20:42 PM | Computer Name = Dell530 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%2


< End of report >

Edited by TrueCharismaX, 29 July 2012 - 10:53 PM.

[TrueCharismaX]

aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 23:27:30
-----------------------------
23:27:30.811 OS Version: Windows x64 6.1.7601 Service Pack 1
23:27:30.812 Number of processors: 2 586 0xF0D
23:27:30.812 ComputerName: DELL530 UserName:
23:27:31.423 Initialize success
23:27:36.485 AVAST engine defs: 12072901
23:27:39.431 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:27:39.434 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
23:27:39.438 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-6
23:27:39.441 Disk 1 Vendor: WDC_WD800JD-75LSA0 09.01D09 Size: 76293MB BusType: 3
23:27:39.461 Disk 0 MBR read successfully
23:27:39.465 Disk 0 MBR scan
23:27:39.471 Disk 0 Windows 7 default MBR code
23:27:39.481 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152578 MB offset 63
23:27:39.500 Disk 0 scanning C:\Windows\system32\drivers
23:27:48.933 Service scanning
23:28:10.949 Modules scanning
23:28:10.949 Disk 0 trace - called modules:
23:28:10.963 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:28:10.964 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003388730]
23:28:10.964 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8002f52520]
23:28:10.964 5 ACPI.sys[fffff88000ef77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f4e680]
23:28:11.540 AVAST engine scan C:\Windows
23:28:13.751 AVAST engine scan C:\Windows\system32
23:30:38.224 AVAST engine scan C:\Windows\system32\drivers
23:30:47.415 AVAST engine scan C:\Users\ThE MaInEvenTa
23:33:28.580 AVAST engine scan C:\ProgramData
23:33:49.225 Scan finished successfully
23:35:29.217 Disk 0 MBR has been saved successfully to "C:\Users\ThE MaInEvenTa\Desktop\MBR.dat"
23:35:29.226 The log file has been saved successfully to "C:\Users\ThE MaInEvenTa\Desktop\aswMBR.txt"


Also, when you respond, I have two questions. When it asked if I wanted to download the latest Avast virus definitions, I said yes, and am wondering if I should not have done that.

And, the file MBR.Dat did not have a program for it, so I selected it to be opened with notepad. When I did this and opened the file, I was confused with what was in there and now I am unable to remove MBR.Dat from being opened with notepad. So I'm also wondering if the MBR.Dat file should not be opened with any programs and if that will cause any problems.

[TrueCharismaX]

bumping for later

[Essexboy]

With the aswMBR definitions it will also conduct a virus scan in addition to checking the MBR

As it stands the logs are showing clean

Are you experiencing any problems at all ?

Please download the following tool

Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

[TrueCharismaX]

About to complete the ListParts scan now. Do I need to check List BCD before conducting scan? And I have been noticing that the Internet is slower than usual thus far, but that is the only problem I am experiencing right now.

[Essexboy]

No real need at this stage for BCD

[TrueCharismaX]

ListParts log:

ListParts by Farbar Version: 25-07-2012
Ran by ThE MaInEvenTa (administrator) on 30-07-2012 at 14:47:49
Windows 7 (X64)
Running From: C:\Users\ThE MaInEvenTa\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 35%
Total physical RAM: 3061.18 MB
Available physical RAM: 1967.8 MB
Total Pagefile: 6120.54 MB
Available Pagefile: 5115.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.3 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:149 GB) (Free:112.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: () (Fixed) (Total:74.5 GB) (Free:74.32 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 7168 KB
Disk 1 Online 74 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 149 GB Healthy System (partition with boot components)

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 74 GB Healthy

======================================================================================================

****** End Of Log ******

[Essexboy]

OK one final check on the MBR, are you still getting the alerts ?

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application
  
  
• Then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
• Click the Start Scan button.
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
• Get the report by selecting Reports
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

[TrueCharismaX]

TDSSKiller Log:



15:49:28.0308 1896 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:49:28.0617 1896 ============================================================
15:49:28.0617 1896 Current date / time: 2012/07/30 15:49:28.0617
15:49:28.0617 1896 SystemInfo:
15:49:28.0617 1896
15:49:28.0617 1896 OS Version: 6.1.7601 ServicePack: 1.0
15:49:28.0617 1896 Product type: Workstation
15:49:28.0617 1896 ComputerName: DELL530
15:49:28.0617 1896 UserName: ThE MaInEvenTa
15:49:28.0617 1896 Windows directory: C:\Windows
15:49:28.0617 1896 System windows directory: C:\Windows
15:49:28.0617 1896 Running under WOW64
15:49:28.0617 1896 Processor architecture: Intel x64
15:49:28.0617 1896 Number of processors: 2
15:49:28.0617 1896 Page size: 0x1000
15:49:28.0617 1896 Boot type: Safe boot with network
15:49:28.0617 1896 ============================================================
15:49:29.0522 1896 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:29.0523 1896 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:29.0527 1896 ============================================================
15:49:29.0527 1896 \Device\Harddisk0\DR0:
15:49:29.0527 1896 MBR partitions:
15:49:29.0527 1896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
15:49:29.0527 1896 \Device\Harddisk1\DR1:
15:49:29.0527 1896 MBR partitions:
15:49:29.0527 1896 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9501800
15:49:29.0527 1896 ============================================================
15:49:29.0551 1896 C: <-> \Device\Harddisk0\DR0\Partition0
15:49:29.0552 1896 D: <-> \Device\Harddisk1\DR1\Partition0
15:49:29.0552 1896 ============================================================
15:49:29.0552 1896 Initialize success
15:49:29.0552 1896 ============================================================
15:49:48.0229 1320 ============================================================
15:49:48.0229 1320 Scan started
15:49:48.0229 1320 Mode: Manual; SigCheck; TDLFS;
15:49:48.0229 1320 ============================================================
15:49:48.0756 1320 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:49:48.0820 1320 1394ohci - ok
15:49:48.0850 1320 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:49:48.0867 1320 ACPI - ok
15:49:48.0878 1320 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:49:48.0893 1320 AcpiPmi - ok
15:49:48.0968 1320 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:49:48.0979 1320 AdobeARMservice - ok
15:49:49.0122 1320 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:49:49.0135 1320 AdobeFlashPlayerUpdateSvc - ok
15:49:49.0184 1320 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:49:49.0203 1320 adp94xx - ok
15:49:49.0252 1320 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:49:49.0268 1320 adpahci - ok
15:49:49.0289 1320 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:49:49.0302 1320 adpu320 - ok
15:49:49.0331 1320 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:49:49.0367 1320 AeLookupSvc - ok
15:49:49.0427 1320 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:49:49.0444 1320 AFD - ok
15:49:49.0459 1320 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:49:49.0472 1320 agp440 - ok
15:49:49.0493 1320 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:49:49.0506 1320 ALG - ok
15:49:49.0523 1320 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:49:49.0534 1320 aliide - ok
15:49:49.0544 1320 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:49:49.0555 1320 amdide - ok
15:49:49.0576 1320 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:49:49.0589 1320 AmdK8 - ok
15:49:49.0596 1320 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:49:49.0609 1320 AmdPPM - ok
15:49:49.0632 1320 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:49:49.0645 1320 amdsata - ok
15:49:49.0675 1320 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:49:49.0688 1320 amdsbs - ok
15:49:49.0700 1320 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:49:49.0712 1320 amdxata - ok
15:49:49.0720 1320 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:49:49.0754 1320 AppID - ok
15:49:49.0770 1320 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:49:49.0805 1320 AppIDSvc - ok
15:49:49.0828 1320 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:49:49.0861 1320 Appinfo - ok
15:49:49.0886 1320 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:49:49.0899 1320 AppMgmt - ok
15:49:49.0928 1320 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:49:49.0940 1320 arc - ok
15:49:49.0960 1320 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:49:49.0972 1320 arcsas - ok
15:49:49.0984 1320 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:50.0019 1320 AsyncMac - ok
15:49:50.0034 1320 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:49:50.0045 1320 atapi - ok
15:49:50.0107 1320 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:49:50.0148 1320 AudioEndpointBuilder - ok
15:49:50.0156 1320 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:49:50.0197 1320 AudioSrv - ok
15:49:50.0224 1320 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:49:50.0242 1320 AxInstSV - ok
15:49:50.0289 1320 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:49:50.0306 1320 b06bdrv - ok
15:49:50.0340 1320 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:49:50.0354 1320 b57nd60a - ok
15:49:50.0380 1320 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:49:50.0394 1320 BDESVC - ok
15:49:50.0406 1320 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:49:50.0441 1320 Beep - ok
15:49:50.0490 1320 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:49:50.0532 1320 BFE - ok
15:49:50.0608 1320 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:49:50.0651 1320 BITS - ok
15:49:50.0696 1320 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:49:50.0709 1320 blbdrive - ok
15:49:50.0746 1320 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:49:50.0758 1320 bowser - ok
15:49:50.0775 1320 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:49:50.0789 1320 BrFiltLo - ok
15:49:50.0794 1320 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:49:50.0810 1320 BrFiltUp - ok
15:49:50.0849 1320 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:49:50.0884 1320 Browser - ok
15:49:50.0916 1320 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:49:50.0931 1320 Brserid - ok
15:49:50.0939 1320 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:49:50.0954 1320 BrSerWdm - ok
15:49:50.0959 1320 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:49:50.0974 1320 BrUsbMdm - ok
15:49:50.0991 1320 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:49:51.0003 1320 BrUsbSer - ok
15:49:51.0012 1320 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:49:51.0028 1320 BTHMODEM - ok
15:49:51.0049 1320 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:49:51.0085 1320 bthserv - ok
15:49:51.0106 1320 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:49:51.0142 1320 cdfs - ok
15:49:51.0166 1320 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:49:51.0180 1320 cdrom - ok
15:49:51.0199 1320 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:49:51.0233 1320 CertPropSvc - ok
15:49:51.0253 1320 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:49:51.0268 1320 circlass - ok
15:49:51.0301 1320 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:49:51.0318 1320 CLFS - ok
15:49:51.0377 1320 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:49:51.0389 1320 clr_optimization_v2.0.50727_32 - ok
15:49:51.0430 1320 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:49:51.0441 1320 clr_optimization_v2.0.50727_64 - ok
15:49:51.0496 1320 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:49:51.0507 1320 clr_optimization_v4.0.30319_32 - ok
15:49:51.0537 1320 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:49:51.0548 1320 clr_optimization_v4.0.30319_64 - ok
15:49:51.0564 1320 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:49:51.0576 1320 CmBatt - ok
15:49:51.0586 1320 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:49:51.0598 1320 cmdide - ok
15:49:51.0657 1320 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:49:51.0682 1320 CNG - ok
15:49:51.0700 1320 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:49:51.0712 1320 Compbatt - ok
15:49:51.0728 1320 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:49:51.0743 1320 CompositeBus - ok
15:49:51.0748 1320 COMSysApp - ok
15:49:51.0767 1320 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:49:51.0778 1320 crcdisk - ok
15:49:51.0856 1320 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:49:51.0870 1320 CryptSvc - ok
15:49:51.0912 1320 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:49:51.0929 1320 CSC - ok
15:49:51.0985 1320 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:49:52.0005 1320 CscService - ok
15:49:52.0057 1320 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:49:52.0097 1320 DcomLaunch - ok
15:49:52.0130 1320 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:49:52.0168 1320 defragsvc - ok
15:49:52.0217 1320 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:49:52.0251 1320 DfsC - ok
15:49:52.0287 1320 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:49:52.0324 1320 Dhcp - ok
15:49:52.0337 1320 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:49:52.0371 1320 discache - ok
15:49:52.0390 1320 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:49:52.0402 1320 Disk - ok
15:49:52.0432 1320 DLABMFSE (ea30e307c7597cd63fd80789381aa7ee) C:\Windows\system32\Drivers\DLABMFSE.SYS
15:49:52.0445 1320 DLABMFSE - ok
15:49:52.0458 1320 DLABOIOE (1d393ba0b3e3cd9c104cb38ff72fbe95) C:\Windows\system32\Drivers\DLABOIOE.SYS
15:49:52.0466 1320 DLABOIOE - ok
15:49:52.0479 1320 DLACDBHE (2575c3ca7c51b9d14a3abfc622c9e6c7) C:\Windows\system32\Drivers\DLACDBHE.SYS
15:49:52.0486 1320 DLACDBHE - ok
15:49:52.0502 1320 DLADResE (5ddf633063ff1fee3dc0237080067e4a) C:\Windows\system32\Drivers\DLADResE.SYS
15:49:52.0510 1320 DLADResE - ok
15:49:52.0533 1320 DLAIFS_E (431f127d564abade3ac737b4575c6b9c) C:\Windows\system32\Drivers\DLAIFS_E.SYS
15:49:52.0542 1320 DLAIFS_E - ok
15:49:52.0557 1320 DLAOPIOE (ec379d9c31dd6597cfdf97db44c3b370) C:\Windows\system32\Drivers\DLAOPIOE.SYS
15:49:52.0566 1320 DLAOPIOE - ok
15:49:52.0582 1320 DLAPoolE (4f64a963e4213fc83943b8d6e6c4c5c6) C:\Windows\system32\Drivers\DLAPoolE.SYS
15:49:52.0589 1320 DLAPoolE - ok
15:49:52.0606 1320 DLARTL_E (6d818721dd4a5e86683cc4bc5fd447fb) C:\Windows\system32\Drivers\DLARTL_E.SYS
15:49:52.0615 1320 DLARTL_E - ok
15:49:52.0638 1320 DLAUDFAE (3adef2cf78438f74035f5d1248204124) C:\Windows\system32\Drivers\DLAUDFAE.SYS
15:49:52.0647 1320 DLAUDFAE - ok
15:49:52.0670 1320 DLAUDF_E (adf79d03473e320788ec0f2cff3091d4) C:\Windows\system32\Drivers\DLAUDF_E.SYS
15:49:52.0680 1320 DLAUDF_E - ok
15:49:52.0705 1320 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:49:52.0717 1320 dmvsc - ok
15:49:52.0751 1320 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:49:52.0764 1320 Dnscache - ok
15:49:52.0811 1320 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:49:52.0847 1320 dot3svc - ok
15:49:52.0874 1320 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:49:52.0910 1320 DPS - ok
15:49:52.0930 1320 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:49:52.0944 1320 drmkaud - ok
15:49:52.0970 1320 DRVECDB (0e0c5b8768cfb27a513fe8528a291ef9) C:\Windows\system32\Drivers\DRVECDB.SYS
15:49:52.0980 1320 DRVECDB - ok
15:49:52.0994 1320 DRVEDDM (fbf2605c90bd04c3b625a67961eeabb6) C:\Windows\system32\Drivers\DRVEDDM.SYS
15:49:53.0003 1320 DRVEDDM - ok
15:49:53.0134 1320 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:49:53.0160 1320 DXGKrnl - ok
15:49:53.0196 1320 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
15:49:53.0211 1320 e1express - ok
15:49:53.0239 1320 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:49:53.0276 1320 EapHost - ok
15:49:53.0489 1320 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:49:53.0537 1320 ebdrv - ok
15:49:53.0656 1320 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:49:53.0668 1320 EFS - ok
15:49:53.0751 1320 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:49:53.0773 1320 ehRecvr - ok
15:49:53.0792 1320 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:49:53.0806 1320 ehSched - ok
15:49:53.0886 1320 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:49:53.0905 1320 elxstor - ok
15:49:53.0919 1320 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:49:53.0931 1320 ErrDev - ok
15:49:53.0998 1320 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:49:54.0039 1320 EventSystem - ok
15:49:54.0068 1320 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:49:54.0104 1320 exfat - ok
15:49:54.0128 1320 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:49:54.0166 1320 fastfat - ok
15:49:54.0229 1320 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:49:54.0248 1320 Fax - ok
15:49:54.0264 1320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:49:54.0276 1320 fdc - ok
15:49:54.0297 1320 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:49:54.0332 1320 fdPHost - ok
15:49:54.0348 1320 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:49:54.0383 1320 FDResPub - ok
15:49:54.0402 1320 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:49:54.0414 1320 FileInfo - ok
15:49:54.0430 1320 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:49:54.0465 1320 Filetrace - ok
15:49:54.0477 1320 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:49:54.0490 1320 flpydisk - ok
15:49:54.0531 1320 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:49:54.0546 1320 FltMgr - ok
15:49:54.0642 1320 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:49:54.0666 1320 FontCache - ok
15:49:54.0760 1320 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:49:54.0770 1320 FontCache3.0.0.0 - ok
15:49:54.0816 1320 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:49:54.0828 1320 FsDepends - ok
15:49:54.0859 1320 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:49:54.0870 1320 Fs_Rec - ok
15:49:54.0895 1320 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:49:54.0912 1320 fvevol - ok
15:49:54.0929 1320 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:49:54.0941 1320 gagp30kx - ok
15:49:55.0024 1320 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:49:55.0066 1320 gpsvc - ok
15:49:55.0123 1320 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:49:55.0133 1320 gupdate - ok
15:49:55.0138 1320 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:49:55.0148 1320 gupdatem - ok
15:49:55.0167 1320 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:49:55.0178 1320 hcw85cir - ok
15:49:55.0230 1320 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:49:55.0248 1320 HdAudAddService - ok
15:49:55.0277 1320 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:49:55.0292 1320 HDAudBus - ok
15:49:55.0309 1320 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:49:55.0321 1320 HidBatt - ok
15:49:55.0345 1320 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:49:55.0360 1320 HidBth - ok
15:49:55.0378 1320 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:49:55.0393 1320 HidIr - ok
15:49:55.0418 1320 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:49:55.0453 1320 hidserv - ok
15:49:55.0490 1320 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:49:55.0503 1320 HidUsb - ok
15:49:55.0537 1320 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:49:55.0571 1320 hkmsvc - ok
15:49:55.0601 1320 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:49:55.0615 1320 HomeGroupListener - ok
15:49:55.0651 1320 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:49:55.0665 1320 HomeGroupProvider - ok
15:49:55.0694 1320 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:49:55.0706 1320 HpSAMD - ok
15:49:55.0783 1320 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:49:55.0825 1320 HTTP - ok
15:49:55.0837 1320 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:49:55.0848 1320 hwpolicy - ok
15:49:55.0877 1320 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:49:55.0890 1320 i8042prt - ok
15:49:55.0944 1320 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:49:55.0961 1320 iaStorV - ok
15:49:56.0109 1320 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:49:56.0130 1320 idsvc - ok
15:49:56.0519 1320 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:49:56.0598 1320 igfx - ok
15:49:56.0738 1320 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:49:56.0749 1320 iirsp - ok
15:49:56.0829 1320 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:49:56.0871 1320 IKEEXT - ok
15:49:56.0891 1320 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:49:56.0902 1320 intelide - ok
15:49:56.0923 1320 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:49:56.0936 1320 intelppm - ok
15:49:56.0962 1320 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:49:56.0997 1320 IPBusEnum - ok
15:49:57.0026 1320 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:49:57.0059 1320 IpFilterDriver - ok
15:49:57.0119 1320 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:49:57.0159 1320 iphlpsvc - ok
15:49:57.0181 1320 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:49:57.0194 1320 IPMIDRV - ok
15:49:57.0215 1320 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:49:57.0250 1320 IPNAT - ok
15:49:57.0266 1320 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:49:57.0282 1320 IRENUM - ok
15:49:57.0295 1320 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:49:57.0306 1320 isapnp - ok
15:49:57.0347 1320 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:49:57.0362 1320 iScsiPrt - ok
15:49:57.0381 1320 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:49:57.0392 1320 kbdclass - ok
15:49:57.0428 1320 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:49:57.0440 1320 kbdhid - ok
15:49:57.0481 1320 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:57.0493 1320 KeyIso - ok
15:49:57.0517 1320 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:49:57.0529 1320 KSecDD - ok
15:49:57.0557 1320 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:49:57.0570 1320 KSecPkg - ok
15:49:57.0587 1320 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:49:57.0622 1320 ksthunk - ok
15:49:57.0671 1320 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:49:57.0709 1320 KtmRm - ok
15:49:57.0742 1320 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:49:57.0779 1320 LanmanServer - ok
15:49:57.0815 1320 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:49:57.0851 1320 LanmanWorkstation - ok
15:49:57.0871 1320 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:49:57.0907 1320 lltdio - ok
15:49:57.0948 1320 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:49:57.0986 1320 lltdsvc - ok
15:49:57.0997 1320 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:49:58.0033 1320 lmhosts - ok
15:49:58.0121 1320 LMIGuardianSvc (c834c08ab79c650cd9f1a45ab881f1b7) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
15:49:58.0135 1320 LMIGuardianSvc - ok
15:49:58.0152 1320 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
15:49:58.0161 1320 LMIInfo - ok
15:49:58.0185 1320 LMIMaint (e0eeab902836fce06852d2fa041759d4) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
15:49:58.0195 1320 LMIMaint - ok
15:49:58.0200 1320 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
15:49:58.0209 1320 lmimirr - ok
15:49:58.0213 1320 LMIRfsClientNP - ok
15:49:58.0230 1320 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
15:49:58.0238 1320 LMIRfsDriver - ok
15:49:58.0282 1320 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
15:49:58.0295 1320 LogMeIn - ok
15:49:58.0325 1320 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:49:58.0337 1320 LSI_FC - ok
15:49:58.0364 1320 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:49:58.0377 1320 LSI_SAS - ok
15:49:58.0400 1320 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:49:58.0411 1320 LSI_SAS2 - ok
15:49:58.0436 1320 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:49:58.0449 1320 LSI_SCSI - ok
15:49:58.0476 1320 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:49:58.0512 1320 luafv - ok
15:49:58.0541 1320 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:49:58.0554 1320 Mcx2Svc - ok
15:49:58.0577 1320 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:49:58.0588 1320 megasas - ok
15:49:58.0617 1320 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:49:58.0633 1320 MegaSR - ok
15:49:58.0694 1320 Microsoft SharePoint Workspace Audit Service - ok
15:49:58.0720 1320 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:49:58.0756 1320 MMCSS - ok
15:49:58.0772 1320 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:49:58.0807 1320 Modem - ok
15:49:58.0828 1320 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:49:58.0843 1320 monitor - ok
15:49:58.0883 1320 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:49:58.0894 1320 mouclass - ok
15:49:58.0907 1320 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:49:58.0919 1320 mouhid - ok
15:49:58.0940 1320 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:49:58.0952 1320 mountmgr - ok
15:49:59.0001 1320 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
15:49:59.0018 1320 MpFilter - ok
15:49:59.0041 1320 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:49:59.0055 1320 mpio - ok
15:49:59.0082 1320 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:49:59.0117 1320 mpsdrv - ok
15:49:59.0193 1320 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:49:59.0236 1320 MpsSvc - ok
15:49:59.0263 1320 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:49:59.0281 1320 MRxDAV - ok
15:49:59.0313 1320 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:49:59.0326 1320 mrxsmb - ok
15:49:59.0358 1320 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:49:59.0372 1320 mrxsmb10 - ok
15:49:59.0395 1320 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:49:59.0408 1320 mrxsmb20 - ok
15:49:59.0430 1320 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:49:59.0442 1320 msahci - ok
15:49:59.0530 1320 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:49:59.0541 1320 MSCamSvc - ok
15:49:59.0567 1320 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:49:59.0580 1320 msdsm - ok
15:49:59.0614 1320 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:49:59.0628 1320 MSDTC - ok
15:49:59.0644 1320 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:49:59.0678 1320 Msfs - ok
15:49:59.0692 1320 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:49:59.0726 1320 mshidkmdf - ok
15:49:59.0771 1320 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
15:49:59.0781 1320 MSHUSBVideo - ok
15:49:59.0795 1320 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:49:59.0806 1320 msisadrv - ok
15:49:59.0837 1320 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:49:59.0873 1320 MSiSCSI - ok
15:49:59.0878 1320 msiserver - ok
15:49:59.0900 1320 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:49:59.0935 1320 MSKSSRV - ok
15:50:00.0010 1320 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:50:00.0022 1320 MsMpSvc - ok
15:50:00.0036 1320 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:00.0070 1320 MSPCLOCK - ok
15:50:00.0074 1320 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:50:00.0110 1320 MSPQM - ok
15:50:00.0148 1320 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:50:00.0164 1320 MsRPC - ok
15:50:00.0179 1320 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:50:00.0190 1320 mssmbios - ok
15:50:00.0203 1320 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:50:00.0237 1320 MSTEE - ok
15:50:00.0260 1320 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:50:00.0272 1320 MTConfig - ok
15:50:00.0294 1320 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:50:00.0306 1320 Mup - ok
15:50:00.0361 1320 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:50:00.0400 1320 napagent - ok
15:50:00.0438 1320 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:50:00.0458 1320 NativeWifiP - ok
15:50:00.0531 1320 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:50:00.0557 1320 NDIS - ok
15:50:00.0576 1320 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:50:00.0611 1320 NdisCap - ok
15:50:00.0629 1320 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:00.0663 1320 NdisTapi - ok
15:50:00.0679 1320 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:00.0713 1320 Ndisuio - ok
15:50:00.0740 1320 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:00.0775 1320 NdisWan - ok
15:50:00.0788 1320 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:50:00.0821 1320 NDProxy - ok
15:50:00.0840 1320 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:50:00.0874 1320 NetBIOS - ok
15:50:00.0902 1320 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:50:00.0937 1320 NetBT - ok
15:50:00.0980 1320 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:00.0992 1320 Netlogon - ok
15:50:01.0036 1320 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:50:01.0074 1320 Netman - ok
15:50:01.0114 1320 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:50:01.0154 1320 netprofm - ok
15:50:01.0248 1320 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:50:01.0258 1320 NetTcpPortSharing - ok
15:50:01.0302 1320 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:50:01.0314 1320 nfrd960 - ok
15:50:01.0357 1320 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:50:01.0368 1320 NisDrv - ok
15:50:01.0462 1320 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
15:50:01.0481 1320 NisSrv - ok
15:50:01.0524 1320 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:50:01.0562 1320 NlaSvc - ok
15:50:01.0577 1320 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:50:01.0612 1320 Npfs - ok
15:50:01.0633 1320 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:50:01.0668 1320 nsi - ok
15:50:01.0694 1320 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:50:01.0728 1320 nsiproxy - ok
15:50:01.0851 1320 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:50:01.0887 1320 Ntfs - ok
15:50:01.0994 1320 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:50:02.0028 1320 Null - ok
15:50:02.0062 1320 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:50:02.0075 1320 nvraid - ok
15:50:02.0110 1320 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:50:02.0123 1320 nvstor - ok
15:50:02.0147 1320 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:50:02.0160 1320 nv_agp - ok
15:50:02.0177 1320 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:50:02.0191 1320 ohci1394 - ok
15:50:02.0243 1320 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:50:02.0253 1320 ose - ok
15:50:02.0600 1320 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:50:02.0686 1320 osppsvc - ok
15:50:02.0830 1320 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:02.0846 1320 p2pimsvc - ok
15:50:02.0891 1320 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:50:02.0907 1320 p2psvc - ok
15:50:02.0983 1320 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:50:02.0996 1320 Parport - ok
15:50:03.0037 1320 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:50:03.0049 1320 partmgr - ok
15:50:03.0075 1320 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:50:03.0094 1320 PcaSvc - ok
15:50:03.0120 1320 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:50:03.0134 1320 pci - ok
15:50:03.0150 1320 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:50:03.0161 1320 pciide - ok
15:50:03.0200 1320 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:50:03.0214 1320 pcmcia - ok
15:50:03.0231 1320 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:50:03.0243 1320 pcw - ok
15:50:03.0298 1320 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:50:03.0340 1320 PEAUTH - ok
15:50:03.0442 1320 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:50:03.0470 1320 PeerDistSvc - ok
15:50:03.0540 1320 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:50:03.0553 1320 PerfHost - ok
15:50:03.0727 1320 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:50:03.0775 1320 pla - ok
15:50:03.0827 1320 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:50:03.0844 1320 PlugPlay - ok
15:50:03.0860 1320 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:50:03.0872 1320 PNRPAutoReg - ok
15:50:03.0908 1320 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:03.0924 1320 PNRPsvc - ok
15:50:03.0976 1320 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:50:04.0014 1320 PolicyAgent - ok
15:50:04.0048 1320 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:50:04.0086 1320 Power - ok
15:50:04.0142 1320 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:50:04.0176 1320 PptpMiniport - ok
15:50:04.0196 1320 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:50:04.0208 1320 Processor - ok
15:50:04.0258 1320 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:50:04.0272 1320 ProfSvc - ok
15:50:04.0312 1320 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:04.0324 1320 ProtectedStorage - ok
15:50:04.0346 1320 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:50:04.0380 1320 Psched - ok
15:50:04.0413 1320 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\Windows\system32\Drivers\PxHlpa64.sys
15:50:04.0421 1320 PxHlpa64 - ok
15:50:04.0532 1320 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:50:04.0568 1320 ql2300 - ok
15:50:04.0696 1320 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:50:04.0709 1320 ql40xx - ok
15:50:04.0747 1320 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:50:04.0767 1320 QWAVE - ok
15:50:04.0793 1320 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:50:04.0811 1320 QWAVEdrv - ok
15:50:04.0825 1320 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:50:04.0859 1320 RasAcd - ok
15:50:04.0886 1320 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:50:04.0920 1320 RasAgileVpn - ok
15:50:04.0947 1320 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:50:04.0983 1320 RasAuto - ok
15:50:05.0009 1320 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:50:05.0044 1320 Rasl2tp - ok
15:50:05.0083 1320 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:50:05.0121 1320 RasMan - ok
15:50:05.0139 1320 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:50:05.0174 1320 RasPppoe - ok
15:50:05.0195 1320 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:50:05.0231 1320 RasSstp - ok
15:50:05.0262 1320 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:50:05.0298 1320 rdbss - ok
15:50:05.0315 1320 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:50:05.0330 1320 rdpbus - ok
15:50:05.0339 1320 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:50:05.0374 1320 RDPCDD - ok
15:50:05.0401 1320 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:50:05.0414 1320 RDPDR - ok
15:50:05.0433 1320 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:50:05.0467 1320 RDPENCDD - ok
15:50:05.0479 1320 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:50:05.0514 1320 RDPREFMP - ok
15:50:05.0551 1320 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:50:05.0563 1320 RdpVideoMiniport - ok
15:50:05.0603 1320 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:50:05.0616 1320 RDPWD - ok
15:50:05.0644 1320 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:50:05.0658 1320 rdyboost - ok
15:50:05.0710 1320 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:50:05.0746 1320 RemoteAccess - ok
15:50:05.0785 1320 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:50:05.0823 1320 RemoteRegistry - ok
15:50:05.0840 1320 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:50:05.0876 1320 RpcEptMapper - ok
15:50:05.0907 1320 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:50:05.0920 1320 RpcLocator - ok
15:50:05.0976 1320 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:50:06.0015 1320 RpcSs - ok
15:50:06.0040 1320 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:50:06.0076 1320 rspndr - ok
15:50:06.0092 1320 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:50:06.0104 1320 s3cap - ok
15:50:06.0142 1320 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:06.0154 1320 SamSs - ok
15:50:06.0182 1320 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:50:06.0194 1320 sbp2port - ok
15:50:06.0232 1320 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:50:06.0270 1320 SCardSvr - ok
15:50:06.0291 1320 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:50:06.0325 1320 scfilter - ok
15:50:06.0400 1320 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:50:06.0446 1320 Schedule - ok
15:50:06.0474 1320 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:50:06.0508 1320 SCPolicySvc - ok
15:50:06.0532 1320 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:50:06.0546 1320 SDRSVC - ok
15:50:06.0590 1320 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:50:06.0624 1320 secdrv - ok
15:50:06.0638 1320 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:50:06.0672 1320 seclogon - ok
15:50:06.0696 1320 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:50:06.0732 1320 SENS - ok
15:50:06.0756 1320 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:50:06.0768 1320 SensrSvc - ok
15:50:06.0780 1320 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:50:06.0793 1320 Serenum - ok
15:50:06.0814 1320 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:50:06.0827 1320 Serial - ok
15:50:06.0833 1320 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:50:06.0846 1320 sermouse - ok
15:50:06.0879 1320 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:50:06.0914 1320 SessionEnv - ok
15:50:06.0936 1320 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:50:06.0950 1320 sffdisk - ok
15:50:06.0957 1320 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:50:06.0973 1320 sffp_mmc - ok
15:50:06.0978 1320 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:50:06.0994 1320 sffp_sd - ok
15:50:07.0009 1320 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:50:07.0021 1320 sfloppy - ok
15:50:07.0079 1320 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:50:07.0117 1320 SharedAccess - ok
15:50:07.0176 1320 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:50:07.0213 1320 ShellHWDetection - ok
15:50:07.0234 1320 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:50:07.0245 1320 SiSRaid2 - ok
15:50:07.0270 1320 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:50:07.0282 1320 SiSRaid4 - ok
15:50:07.0535 1320 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:50:07.0589 1320 Skype C2C Service - ok
15:50:07.0636 1320 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:50:07.0646 1320 SkypeUpdate - ok
15:50:07.0767 1320 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:50:07.0802 1320 Smb - ok
15:50:07.0829 1320 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:50:07.0843 1320 SNMPTRAP - ok
15:50:07.0854 1320 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:50:07.0865 1320 spldr - ok
15:50:07.0918 1320 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:50:07.0958 1320 Spooler - ok
15:50:08.0197 1320 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:50:08.0269 1320 sppsvc - ok
15:50:08.0362 1320 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:50:08.0398 1320 sppuinotify - ok
15:50:08.0466 1320 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:50:08.0482 1320 srv - ok
15:50:08.0526 1320 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:50:08.0541 1320 srv2 - ok
15:50:08.0570 1320 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:50:08.0583 1320 srvnet - ok
15:50:08.0615 1320 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:50:08.0652 1320 SSDPSRV - ok
15:50:08.0694 1320 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:50:08.0730 1320 SstpSvc - ok
15:50:08.0764 1320 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:50:08.0775 1320 stexstor - ok
15:50:08.0829 1320 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:50:08.0853 1320 stisvc - ok
15:50:08.0905 1320 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:50:08.0909 1320 stllssvr ( UnsignedFile.Multi.Generic ) - warning
15:50:08.0909 1320 stllssvr - detected UnsignedFile.Multi.Generic (1)
15:50:08.0931 1320 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:50:08.0943 1320 storflt - ok
15:50:08.0974 1320 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:50:08.0986 1320 StorSvc - ok
15:50:09.0005 1320 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:50:09.0017 1320 storvsc - ok
15:50:09.0029 1320 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:50:09.0041 1320 swenum - ok
15:50:09.0091 1320 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:50:09.0132 1320 swprv - ok
15:50:09.0155 1320 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
15:50:09.0167 1320 Synth3dVsc - ok
15:50:09.0281 1320 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:50:09.0318 1320 SysMain - ok
15:50:09.0413 1320 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:50:09.0432 1320 TabletInputService - ok
15:50:09.0476 1320 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:50:09.0514 1320 TapiSrv - ok
15:50:09.0535 1320 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:50:09.0571 1320 TBS - ok
15:50:09.0743 1320 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:50:09.0783 1320 Tcpip - ok
15:50:09.0997 1320 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:50:10.0037 1320 TCPIP6 - ok
15:50:10.0137 1320 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:50:10.0178 1320 tcpipreg - ok
15:50:10.0194 1320 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:50:10.0205 1320 TDPIPE - ok
15:50:10.0223 1320 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:50:10.0234 1320 TDTCP - ok
15:50:10.0264 1320 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:50:10.0298 1320 tdx - ok
15:50:10.0545 1320 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:50:10.0598 1320 TeamViewer7 - ok
15:50:10.0722 1320 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:50:10.0733 1320 TermDD - ok
15:50:10.0747 1320 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
15:50:10.0759 1320 terminpt - ok
15:50:10.0829 1320 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:50:10.0870 1320 TermService - ok
15:50:10.0908 1320 TfFsMon (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys
15:50:10.0917 1320 TfFsMon - ok
15:50:10.0936 1320 TfNetMon (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys
15:50:10.0944 1320 TfNetMon - ok
15:50:10.0968 1320 TfSysMon (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys
15:50:10.0977 1320 TfSysMon - ok
15:50:10.0994 1320 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:50:11.0012 1320 Themes - ok
15:50:11.0040 1320 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:50:11.0076 1320 THREADORDER - ok
15:50:11.0093 1320 ThreatFire - ok
15:50:11.0123 1320 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:50:11.0159 1320 TrkWks - ok
15:50:11.0216 1320 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:50:11.0250 1320 TrustedInstaller - ok
15:50:11.0276 1320 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:50:11.0309 1320 tssecsrv - ok
15:50:11.0328 1320 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:50:11.0339 1320 TsUsbFlt - ok
15:50:11.0346 1320 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:50:11.0358 1320 TsUsbGD - ok
15:50:11.0377 1320 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
15:50:11.0389 1320 tsusbhub - ok
15:50:11.0408 1320 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:50:11.0442 1320 tunnel - ok
15:50:11.0453 1320 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:50:11.0466 1320 uagp35 - ok
15:50:11.0501 1320 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:50:11.0537 1320 udfs - ok
15:50:11.0567 1320 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:50:11.0581 1320 UI0Detect - ok
15:50:11.0603 1320 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:50:11.0615 1320 uliagpkx - ok
15:50:11.0630 1320 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:50:11.0642 1320 umbus - ok
15:50:11.0647 1320 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:50:11.0660 1320 UmPass - ok
15:50:11.0695 1320 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:50:11.0709 1320 UmRdpService - ok
15:50:11.0748 1320 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:50:11.0787 1320 upnphost - ok
15:50:11.0832 1320 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:50:11.0847 1320 usbaudio - ok
15:50:11.0877 1320 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:50:11.0889 1320 usbccgp - ok
15:50:11.0915 1320 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:50:11.0930 1320 usbcir - ok
15:50:11.0959 1320 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:50:11.0970 1320 usbehci - ok
15:50:12.0010 1320 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:50:12.0024 1320 usbhub - ok
15:50:12.0046 1320 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:50:12.0057 1320 usbohci - ok
15:50:12.0076 1320 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:50:12.0092 1320 usbprint - ok
15:50:12.0110 1320 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:50:12.0122 1320 USBSTOR - ok
15:50:12.0142 1320 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:50:12.0153 1320 usbuhci - ok
15:50:12.0207 1320 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:50:12.0224 1320 usbvideo - ok
15:50:12.0250 1320 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:50:12.0286 1320 UxSms - ok
15:50:12.0305 1320 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:12.0317 1320 VaultSvc - ok
15:50:12.0336 1320 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:50:12.0347 1320 vdrvroot - ok
15:50:12.0403 1320 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:50:12.0443 1320 vds - ok
15:50:12.0460 1320 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:50:12.0475 1320 vga - ok
15:50:12.0492 1320 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:50:12.0526 1320 VgaSave - ok
15:50:12.0531 1320 VGPU - ok
15:50:12.0554 1320 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:50:12.0568 1320 vhdmp - ok
15:50:12.0580 1320 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:50:12.0592 1320 viaide - ok
15:50:12.0622 1320 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:50:12.0636 1320 vmbus - ok
15:50:12.0649 1320 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:50:12.0660 1320 VMBusHID - ok
15:50:12.0687 1320 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:50:12.0699 1320 volmgr - ok
15:50:12.0733 1320 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:50:12.0749 1320 volmgrx - ok
15:50:12.0783 1320 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:50:12.0799 1320 volsnap - ok
15:50:12.0836 1320 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:50:12.0850 1320 vsmraid - ok
15:50:12.0969 1320 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:50:13.0020 1320 VSS - ok
15:50:13.0166 1320 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
15:50:13.0182 1320 VST64HWBS2 - ok
15:50:13.0275 1320 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:50:13.0303 1320 VST64_DPV - ok
15:50:13.0400 1320 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:50:13.0415 1320 vwifibus - ok
15:50:13.0461 1320 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:50:13.0502 1320 W32Time - ok
15:50:13.0519 1320 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:50:13.0531 1320 WacomPen - ok
15:50:13.0559 1320 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:13.0593 1320 WANARP - ok
15:50:13.0597 1320 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:13.0632 1320 Wanarpv6 - ok
15:50:13.0731 1320 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:50:13.0760 1320 WatAdminSvc - ok
15:50:13.0876 1320 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:50:13.0905 1320 wbengine - ok
15:50:14.0016 1320 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:50:14.0035 1320 WbioSrvc - ok
15:50:14.0077 1320 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:50:14.0099 1320 wcncsvc - ok
15:50:14.0119 1320 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:50:14.0132 1320 WcsPlugInService - ok
15:50:14.0172 1320 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:50:14.0184 1320 Wd - ok
15:50:14.0235 1320 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:50:14.0256 1320 Wdf01000 - ok
15:50:14.0275 1320 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:14.0293 1320 WdiServiceHost - ok
15:50:14.0297 1320 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:14.0317 1320 WdiSystemHost - ok
15:50:14.0345 1320 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:50:14.0366 1320 WebClient - ok
15:50:14.0394 1320 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:50:14.0432 1320 Wecsvc - ok
15:50:14.0447 1320 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:50:14.0484 1320 wercplsupport - ok
15:50:14.0505 1320 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:50:14.0541 1320 WerSvc - ok
15:50:14.0585 1320 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:50:14.0620 1320 WfpLwf - ok
15:50:14.0639 1320 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:50:14.0650 1320 WIMMount - ok
15:50:14.0715 1320 winachsf (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:50:14.0735 1320 winachsf - ok
15:50:14.0776 1320 WinDefend - ok
15:50:14.0790 1320 WinHttpAutoProxySvc - ok
15:50:14.0848 1320 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:50:14.0884 1320 Winmgmt - ok
15:50:15.0039 1320 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:50:15.0096 1320 WinRM - ok
15:50:15.0252 1320 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:50:15.0280 1320 Wlansvc - ok
15:50:15.0327 1320 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:50:15.0339 1320 WmiAcpi - ok
15:50:15.0410 1320 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:50:15.0424 1320 wmiApSrv - ok
15:50:15.0475 1320 WMPNetworkSvc - ok
15:50:15.0496 1320 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:50:15.0508 1320 WPCSvc - ok
15:50:15.0531 1320 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:50:15.0547 1320 WPDBusEnum - ok
15:50:15.0562 1320 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:50:15.0597 1320 ws2ifsl - ok
15:50:15.0620 1320 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:50:15.0638 1320 wscsvc - ok
15:50:15.0643 1320 WSearch - ok
15:50:15.0832 1320 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:50:15.0879 1320 wuauserv - ok
15:50:16.0049 1320 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:50:16.0083 1320 WudfPf - ok
15:50:16.0115 1320 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:16.0150 1320 WUDFRd - ok
15:50:16.0189 1320 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:50:16.0224 1320 wudfsvc - ok
15:50:16.0274 1320 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:50:16.0294 1320 WwanSvc - ok
15:50:16.0451 1320 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:50:16.0468 1320 YahooAUService - ok
15:50:16.0484 1320 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:50:16.0833 1320 \Device\Harddisk0\DR0 - ok
15:50:16.0838 1320 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
15:50:16.0856 1320 \Device\Harddisk1\DR1 - ok
15:50:16.0859 1320 Boot (0x1200) (8dafa6a03e8266ebe4abd93eb20a9eed) \Device\Harddisk0\DR0\Partition0
15:50:16.0861 1320 \Device\Harddisk0\DR0\Partition0 - ok
15:50:16.0866 1320 Boot (0x1200) (1694924bf854a9d4fba0e457a98602d2) \Device\Harddisk1\DR1\Partition0
15:50:16.0867 1320 \Device\Harddisk1\DR1\Partition0 - ok
15:50:16.0869 1320 ============================================================
15:50:16.0869 1320 Scan finished
15:50:16.0869 1320 ============================================================
15:50:16.0882 0812 Detected object count: 1
15:50:16.0882 0812 Actual detected object count: 1
15:50:27.0668 0812 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:27.0668 0812 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

[Essexboy]

I can see no sign of alureon is it still being reported ?