Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware: Advanced System Protector and RegCleaner Pro [Solved]


  • This topic is locked This topic is locked

#1
btaylor89

btaylor89

    New Member

  • Member
  • Pip
  • 5 posts
Keep getting pop ups of the program on start up, usual spyware stuff asking my to purchase licence cause it finds million and one viruses or reg keys that are broken. Don't know how I come across this, help is much appreciated as I don't want to resort to a full nuke.

Thanks

OTL logfile created on: 21/01/2013 11:59:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ben\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.74 Gb Available Physical Memory | 71.78% Memory free
16.00 Gb Paging File | 13.23 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 297.83 Gb Free Space | 31.98% Space Free | Partition Type: NTFS
Drive E: | 3.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/21 11:59:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
PRC - [2013/01/02 12:31:00 | 000,142,776 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Purplizer.exe
PRC - [2013/01/02 12:30:54 | 000,035,256 | ---- | M] (Overwolf) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/20 17:52:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/19 14:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\VaudiX\VaudiX.exe
PRC - [2012/08/09 22:43:02 | 000,316,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/07/17 10:36:10 | 000,143,360 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWOW64\UAService7.exe
PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/04/04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/22 09:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/10 12:07:08 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2024a7339aa5ad2712d239d454d3c355\System.Management.ni.dll
MOD - [2013/01/10 12:05:24 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/10 12:05:24 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll
MOD - [2013/01/10 12:05:23 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 12:05:22 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\84068bac0b3859c94652214e0b90dfc6\System.Xml.Linq.ni.dll
MOD - [2013/01/10 12:04:59 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/01/10 12:03:59 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\1149dca3c109f46c30cf25cb34873dd4\System.AddIn.ni.dll
MOD - [2013/01/10 12:03:59 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\4e9a3b9427dae6b94cb5ae1d134282ac\System.AddIn.Contract.ni.dll
MOD - [2013/01/10 12:03:34 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/09 23:48:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 23:48:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/09 23:47:50 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 23:47:50 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/09 23:47:50 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.Wrapper.dll
MOD - [2013/01/09 23:47:49 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll
MOD - [2013/01/09 23:47:42 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/09 23:47:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 23:47:25 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 23:47:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/01/09 23:47:22 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/09 23:47:14 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 23:47:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 23:47:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 23:47:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 23:47:01 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 09:01:49 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll
MOD - [2013/01/09 09:01:38 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll
MOD - [2013/01/09 09:01:36 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\08fca556cf3fe582233fa080cdbec8f1\System.Windows.Forms.ni.dll
MOD - [2013/01/09 09:01:33 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll
MOD - [2013/01/09 09:01:30 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/09 09:01:30 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll
MOD - [2013/01/09 09:01:28 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/09 09:01:28 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll
MOD - [2013/01/09 09:01:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7d6b122bee0977d953ee2409d74c3c25\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 09:01:27 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/09 09:01:22 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2013/01/08 00:06:22 | 000,460,392 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/08 00:06:21 | 012,459,624 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/08 00:06:19 | 004,012,648 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/08 00:05:29 | 000,598,120 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/08 00:05:28 | 000,124,520 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/08 00:05:25 | 001,553,000 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2013/01/02 12:31:10 | 000,633,784 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWServer.dll
MOD - [2013/01/02 12:31:10 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Overwolf\BrowserWindow.dll
MOD - [2013/01/02 12:31:10 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll
MOD - [2013/01/02 12:31:08 | 000,323,844 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libjabber.dll
MOD - [2013/01/02 12:31:08 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libfontconfig-1.dll
MOD - [2013/01/02 12:31:08 | 000,190,138 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libymsg.dll
MOD - [2013/01/02 12:31:08 | 000,118,712 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWService.dll
MOD - [2013/01/02 12:31:08 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libpangocairo-1.0-0.dll
MOD - [2013/01/02 12:31:08 | 000,083,896 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
MOD - [2013/01/02 12:31:08 | 000,037,304 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWInjector.dll
MOD - [2013/01/02 12:31:06 | 016,246,200 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
MOD - [2013/01/02 12:31:04 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libxml2-2.dll
MOD - [2013/01/02 12:31:04 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libpng14-14.dll
MOD - [2013/01/02 12:31:04 | 000,077,240 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorer-10615.dll
MOD - [2013/01/02 12:31:04 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Overwolf\SteamAPI.dll
MOD - [2013/01/02 12:31:02 | 000,402,360 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWAgent.dll
MOD - [2013/01/02 12:31:02 | 000,301,681 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\libmsn.dll
MOD - [2013/01/02 12:31:02 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Overwolf\CoreAudioApi.dll
MOD - [2013/01/02 12:31:00 | 000,142,776 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Purplizer.exe
MOD - [2013/01/02 12:31:00 | 000,018,706 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\ssl-nss.dll
MOD - [2013/01/02 12:30:56 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libexpat-1.dll
MOD - [2013/01/02 12:30:56 | 000,006,526 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\ssl.dll
MOD - [2013/01/02 12:30:54 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libcairo-2.dll
MOD - [2013/01/02 12:30:54 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\freetype6.dll
MOD - [2013/01/02 12:30:54 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\sqlite3.dll
MOD - [2013/01/02 12:30:54 | 000,037,304 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWLog.dll
MOD - [2013/01/02 12:30:54 | 000,016,330 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\libyahoo.dll
MOD - [2013/01/02 12:30:50 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libgio-2.0-0.dll
MOD - [2013/01/02 12:30:50 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\zlib1.dll
MOD - [2013/01/02 12:30:50 | 000,016,371 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\libxmpp.dll
MOD - [2012/10/03 17:39:00 | 000,355,328 | ---- | M] () -- c:\Program Files (x86)\VaudiX\sprotector.dll
MOD - [2012/07/31 12:04:07 | 000,112,318 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
MOD - [2012/01/04 02:50:53 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
MOD - [2011/02/16 12:38:44 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
MOD - [2010/11/21 03:24:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
MOD - [2010/11/21 03:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/21 03:24:07 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/07/14 01:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/10 21:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/02 12:30:50 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/11/15 14:55:34 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/20 17:52:00 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/17 10:36:10 | 000,143,360 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\Windows\SysWOW64\UAService7.exe -- (UserAccess7)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/23 11:28:32 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/09/22 18:55:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/31 08:22:06 | 000,026,112 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2012/07/31 08:22:04 | 000,022,528 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2012/07/31 08:22:00 | 000,105,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/07/31 08:21:58 | 000,021,504 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2012/05/14 06:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/03/26 13:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/09 09:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 03:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 03:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/12 08:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/01 10:04:54 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/07/23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 76 63 B6 80 50 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=1.0.6: C:\Users\Ben\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Ben\AppData\Roaming\TorrentStream\extensions\firefox\[email protected] [2013/01/19 16:03:38 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - Extension: No name found = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\
CHR - Extension: No name found = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgiboeohbaiebcfikafjkakabkahepg\1.3_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Vaudix Class) - {504B410B-2B08-98AE-E2D8-55FEFDF8D59D} - C:\ProgramData\Vaudix\50a010bf072b3.ocx ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BAAE1D2-A7BC-4A4C-BEE1-C13CBD6B8F41}: DhcpNameServer = 88.82.13.60 88.82.13.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4DE073-7857-4CEE-8438-B3B5E3DB2E3B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\vaudix\sprote~1.dll) - c:\Program Files (x86)\VaudiX\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/20 07:26:12 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f9354f40-0571-11e2-8b5d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9354f40-0571-11e2-8b5d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/11/20 07:27:51 | 000,664,891 | R--- | M] ( )
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/11/20 07:27:51 | 000,664,891 | R--- | M] ( )
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 11:59:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2013/01/21 11:50:45 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/01/21 11:50:45 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/01/21 11:50:45 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/01/21 11:50:45 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/01/21 11:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Clean Pro Removal Tool
[2013/01/21 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reg Clean Pro Removal Tool
[2013/01/20 15:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs
[2013/01/19 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Programs
[2013/01/19 17:53:30 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Malwarebytes
[2013/01/19 17:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/19 17:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/19 17:53:23 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/19 17:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/19 15:15:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\.Torrent Stream
[2013/01/19 15:15:25 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Stream
[2013/01/19 15:15:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\TorrentStream
[2013/01/19 15:15:01 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\TorrentStream[wiziwig mirror]
[2013/01/19 00:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/01/19 00:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/01/19 00:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2013/01/19 00:31:23 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Systweak
[2013/01/19 00:31:22 | 000,019,896 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/01/19 00:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/01/19 00:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2013/01/18 16:45:35 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Realtek_LAN_V5790_V752_XPWin7
[2013/01/13 22:19:58 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\New folder
[2013/01/13 18:58:05 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Purplizer
[2013/01/07 19:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf
[2012/12/31 13:16:53 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\My Curse
[2012/12/31 13:16:43 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/12/23 19:29:54 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\fltk.org
[2012/12/23 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Playstation Emulator
[2012/12/22 22:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sonic Adventure 2
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/21 11:59:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2013/01/21 11:50:45 | 000,001,938 | ---- | M] () -- C:\Users\Ben\Desktop\Reg Clean Pro Removal Tool.lnk
[2013/01/21 11:47:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3881410413-1527467530-2302416625-1000UA.job
[2013/01/21 11:43:20 | 000,000,366 | -H-- | M] () -- C:\Windows\tasks\VaudiXUpdaterTask{5B681784-2C68-41B0-A3FD-832CC629BDA0}.job
[2013/01/21 11:42:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/21 11:42:45 | 2146,275,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/20 18:19:58 | 000,000,219 | ---- | M] () -- C:\Users\Ben\Desktop\Dota 2.url
[2013/01/20 16:49:18 | 000,231,981 | ---- | M] () -- C:\Users\Ben\Desktop\Rw.ini
[2013/01/20 15:02:12 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/01/19 17:54:24 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 15:15:25 | 000,001,995 | ---- | M] () -- C:\Users\Ben\Desktop\TS Player.lnk
[2013/01/19 14:50:21 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/01/19 02:01:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3881410413-1527467530-2302416625-1000Core.job
[2013/01/18 01:12:18 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 01:12:18 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 04:39:18 | 000,056,127 | ---- | M] () -- C:\Users\Ben\Desktop\jvdto.jpg
[2013/01/16 04:27:15 | 089,674,187 | ---- | M] () -- C:\Users\Ben\Desktop\Tgh.mp3
[2013/01/11 21:49:51 | 000,002,356 | ---- | M] () -- C:\Users\Ben\Desktop\Google Chrome.lnk
[2013/01/09 23:46:17 | 004,916,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 09:02:34 | 000,777,586 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 09:02:34 | 000,660,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 09:02:34 | 000,124,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 09:02:23 | 000,777,586 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/31 13:16:52 | 000,000,000 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/12/31 13:16:43 | 000,000,318 | ---- | M] () -- C:\Users\Ben\Desktop\Curse Client.appref-ms
[2012/12/22 22:47:14 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Sonic Adventure 2.lnk
[2012/12/22 13:53:33 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\Tony Hawks Pro Skater HD.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/21 11:50:45 | 000,001,938 | ---- | C] () -- C:\Users\Ben\Desktop\Reg Clean Pro Removal Tool.lnk
[2013/01/20 18:19:58 | 000,000,219 | ---- | C] () -- C:\Users\Ben\Desktop\Dota 2.url
[2013/01/19 17:53:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 15:15:25 | 000,001,995 | ---- | C] () -- C:\Users\Ben\Desktop\TS Player.lnk
[2013/01/19 00:31:34 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2013/01/19 00:31:30 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/01/19 00:31:29 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/01/16 04:39:17 | 000,056,127 | ---- | C] () -- C:\Users\Ben\Desktop\jvdto.jpg
[2013/01/16 03:24:56 | 089,674,187 | ---- | C] () -- C:\Users\Ben\Desktop\Tgh.mp3
[2012/12/31 13:16:52 | 000,000,000 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/12/31 13:16:43 | 000,000,318 | ---- | C] () -- C:\Users\Ben\Desktop\Curse Client.appref-ms
[2012/12/22 22:47:14 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Sonic Adventure 2.lnk
[2012/12/22 22:47:13 | 000,001,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Adventure 2.lnk
[2012/12/22 13:53:33 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\Tony Hawks Pro Skater HD.lnk
[2012/10/28 15:58:39 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/20 13:52:14 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2012/09/20 13:52:11 | 000,000,336 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2012/09/20 13:51:59 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2012/09/20 13:51:59 | 000,001,337 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012/08/15 15:56:45 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/07/17 19:15:49 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/17 09:28:05 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/07/05 20:16:09 | 000,000,043 | ---- | C] () -- C:\Users\Ben\jagex_cl_runescape_LIVE1.dat
[2012/07/05 19:24:22 | 000,000,024 | ---- | C] () -- C:\Users\Ben\jagexappletviewer.preferences
[2012/07/03 14:02:00 | 000,000,091 | ---- | C] () -- C:\Users\Ben\AppData\Local\fusioncache.dat
[2012/07/03 14:00:51 | 000,777,586 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 18:09:09 | 000,000,047 | ---- | C] () -- C:\Users\Ben\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/28 18:09:09 | 000,000,024 | ---- | C] () -- C:\Users\Ben\random.dat
[2012/06/24 19:04:34 | 000,000,042 | ---- | C] () -- C:\Users\Ben\jagex_cl_runescape_LIVE.dat
[2012/06/23 00:34:07 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/23 00:34:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/22 13:05:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/06/21 19:33:54 | 000,007,602 | ---- | C] () -- C:\Users\Ben\AppData\Local\resmon.resmoncfg
[2012/06/16 00:17:24 | 000,042,432 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/06 01:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/06 01:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/05 13:18:37 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.techniclauncher
[2013/01/19 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.Torrent Stream
[2012/07/01 14:28:13 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Bioshock
[2012/10/25 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\CasinoOnNet
[2012/08/30 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\CorsixTH
[2012/09/22 18:56:51 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\DAEMON Tools Lite
[2012/12/23 19:29:54 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\fltk.org
[2012/09/25 12:02:07 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Hackety Hack
[2012/07/31 12:04:09 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Ideazon
[2013/01/18 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ImgBurn
[2012/07/17 09:34:21 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Leadertech
[2012/06/30 23:26:41 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\LolClient
[2012/06/22 17:26:20 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\LolClient2
[2012/10/04 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\SPORE
[2012/10/28 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\StreamTorrent
[2012/12/03 13:40:58 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\SystemRequirementsLab
[2013/01/19 00:31:36 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Systweak
[2012/08/14 18:43:09 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\TS3Client
[2012/07/22 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ts3overlay
[2012/11/27 20:54:46 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Tunngle
[2013/01/19 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\uTorrent
[2012/10/19 16:15:37 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Wanted - Weapons of Fate
[2012/09/17 23:53:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\X-Chat 2
[2012/12/30 18:45:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\XBMC

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
removed
  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O20 - AppInit_DLLs: (c:\progra~2\vaudix\sprote~1.dll) - c:\Program Files (x86)\VaudiX\sprotector.dll ()
[2013/01/21 11:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Clean Pro Removal Tool
[2013/01/21 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reg Clean Pro Removal Tool
[2013/01/19 00:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/01/19 00:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2013/01/19 00:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/01/19 00:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2013/01/21 11:50:45 | 000,001,938 | ---- | M] () -- C:\Users\Ben\Desktop\Reg Clean Pro Removal Tool.lnk
[2013/01/20 15:02:12 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/01/19 14:50:21 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/01/21 11:50:45 | 000,001,938 | ---- | C] () -- C:\Users\Ben\Desktop\Reg Clean Pro Removal Tool.lnk
[2013/01/19 00:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/01/19 00:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2013/01/19 00:31:23 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Systweak
[2013/01/19 00:31:22 | 000,019,896 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/01/19 00:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/01/21 11:43:20 | 000,000,366 | -H-- | M] () -- C:\Windows\tasks\VaudiXUpdaterTask{5B681784-2C68-41B0-A3FD-832CC629BDA0}.job

:files
C:\Program Files (x86)\Advanced System Protector
C:\Program Files (x86)\RegClean Pro
C:\ProgramData\Systweak
C:\Windows\SysNative\roboot64.exe
C:\Users\Ben\AppData\Roaming\Systweak
C:\Windows\SysNative\sasnative64.exe

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01212013-some number.log so look there if you don't see it.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Are you still seeing the popups?
  • 0

#4
btaylor89

btaylor89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Just done the steps here are the two logs

first one

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\vaudix\sprote~1.dll deleted successfully.
File c:\Program Files (x86)\VaudiX\sprotector.dll not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Clean Pro Removal Tool\ not found.
Folder C:\Program Files\Reg Clean Pro Removal Tool\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\ not found.
Folder move failed. C:\Program Files (x86)\Advanced System Protector scheduled to be moved on reboot.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\ not found.
Folder C:\Program Files (x86)\RegClean Pro\ not found.
File C:\Users\Ben\Desktop\Reg Clean Pro Removal Tool.lnk not found.
File C:\Windows\tasks\RegClean Pro_DEFAULT.job not found.
File C:\Windows\tasks\RegClean Pro_UPDATES.job not found.
File C:\Users\Ben\Desktop\Reg Clean Pro Removal Tool.lnk not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\ not found.
Folder move failed. C:\Program Files (x86)\Advanced System Protector scheduled to be moved on reboot.
Folder move failed. C:\Users\Ben\AppData\Roaming\Systweak\RegClean Pro\Version 6.1 scheduled to be moved on reboot.
Folder move failed. C:\Users\Ben\AppData\Roaming\Systweak\RegClean Pro scheduled to be moved on reboot.
Folder move failed. C:\Users\Ben\AppData\Roaming\Systweak scheduled to be moved on reboot.
File C:\Windows\SysNative\roboot64.exe not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\ not found.
File C:\Windows\tasks\VaudiXUpdaterTask{5B681784-2C68-41B0-A3FD-832CC629BDA0}.job not found.
========== FILES ==========
Folder move failed. C:\Program Files (x86)\Advanced System Protector scheduled to be moved on reboot.
File\Folder C:\Program Files (x86)\RegClean Pro not found.
File\Folder C:\ProgramData\Systweak not found.
File\Folder C:\Windows\SysNative\roboot64.exe not found.
Folder move failed. C:\Users\Ben\AppData\Roaming\Systweak\RegClean Pro\Version 6.1 scheduled to be moved on reboot.
Folder move failed. C:\Users\Ben\AppData\Roaming\Systweak\RegClean Pro scheduled to be moved on reboot.
Folder move failed. C:\Users\Ben\AppData\Roaming\Systweak scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\sasnative64.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Ben
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Mcx1-BEN-PC

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Ben
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Mcx1-BEN-PC

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01222013_112505

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files (x86)\Advanced System Protector scheduled to be moved on reboot.
C:\Users\Ben\AppData\Roaming\Systweak\RegClean Pro\Version 6.1 folder moved successfully.
C:\Users\Ben\AppData\Roaming\Systweak\RegClean Pro folder moved successfully.
C:\Users\Ben\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10493 folder moved successfully.
C:\Users\Ben\AppData\Roaming\Systweak\Advanced System Protector folder moved successfully.
C:\Users\Ben\AppData\Roaming\Systweak folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

second

Error: Unable to interpret <DRIVES> in the current context!
Error: Unable to interpret <nnetsvcs> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\assembly\GAC_32\*.ini> in the current context!
Error: Unable to interpret <%systemroot%\assembly\GAC_64\*.ini> in the current context!
Error: Unable to interpret <msconfig> in the current context!
Error: Unable to interpret <safebootminimal> in the current context!
Error: Unable to interpret <safebootnetwork> in the current context!
Error: Unable to interpret <activex> in the current context!
Error: Unable to interpret <drivers32> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe> in the current context!
Error: Unable to interpret <%APPDATA%\*.> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <rsvpsp.dll> in the current context!
Error: Unable to interpret <pnrpnsp.dll > in the current context!
Error: Unable to interpret <nwprovau.dll> in the current context!
Error: Unable to interpret <nlaapi.dll> in the current context!
Error: Unable to interpret <napinsp.dll> in the current context!
Error: Unable to interpret <mswsock.dll> in the current context!
Error: Unable to interpret <winrnr.dll> in the current context!
Error: Unable to interpret <wshelper.dll> in the current context!
Error: Unable to interpret <services.exe> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret <Userinit.exe> in the current context!
Error: Unable to interpret <svchost.exe> in the current context!
Error: Unable to interpret <csrss.exe> in the current context!
Error: Unable to interpret <PrintIsolationHost.exe> in the current context!
Error: Unable to interpret <consrv.dll> in the current context!
Error: Unable to interpret <user32.dll> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <C:\Windows\assembly\tmp\U\*.* /s> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <hklm\software\clients\startmenuinternet|command /rs> in the current context!
Error: Unable to interpret <hklm\software\clients\startmenuinternet|command /64 /rs> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\Tasks\*.job /lockedfiles> in the current context!
Error: Unable to interpret <%ProgramFiles%\WINDOWS NT\*.* /s> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!
Error: Unable to interpret <%systemdrive%\$Recycle.Bin|@;true;true;true /fp > in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 01222013_113014

Didnt see the programs run on reboot, but my reboot was really slow for some reason
  • 0

#5
btaylor89

btaylor89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Advanced system protector is still running in the processes I have uploaded a pic to show
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
The second OTl scan didn't work. Looks like you might have hit Run Fix instead of Run Scan.

In addition to that let's run some more scans since it's more stubborn than I expected.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complete without complaining?)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.
  • 0

#7
btaylor89

btaylor89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
all done, everything seems spot on now

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-22 17:06:12
-----------------------------
17:06:12.097 OS Version: Windows x64 6.1.7601 Service Pack 1
17:06:12.097 Number of processors: 6 586 0x102
17:06:12.097 ComputerName: BEN-PC UserName: Ben
17:06:13.712 Initialize success
17:08:37.736 AVAST engine defs: 13012200
17:09:01.379 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
17:09:01.381 Disk 0 Vendor: ST310003 LC15 Size: 953869MB BusType: 3
17:09:01.390 Disk 0 MBR read successfully
17:09:01.392 Disk 0 MBR scan
17:09:01.395 Disk 0 Windows 7 default MBR code
17:09:01.405 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:09:01.415 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
17:09:01.429 Disk 0 scanning C:\Windows\system32\drivers
17:09:12.980 Service scanning
17:09:30.164 Modules scanning
17:09:32.843 AVAST engine scan C:\Windows
17:09:35.767 AVAST engine scan C:\Windows\system32
17:12:55.198 AVAST engine scan C:\Windows\system32\drivers
17:13:07.258 AVAST engine scan C:\Users\Ben
17:26:08.385 AVAST engine scan C:\ProgramData
17:27:47.921 Scan finished successfully
17:33:08.102 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
17:33:08.106 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"

ComboFix 13-01-22.01 - Ben 22/01/2013 17:36:31.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8190.5508 [GMT 0:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Ben\AppData\Local\assembly\tmp
c:\users\Ben\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Game - R3d Logs\2013-01-20_15-49-51_r3dlog.txt
c:\windows\SysWow64\tmpEBAA.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))
.
.
2013-01-22 11:28 . 2013-01-22 11:28 -------- d-----w- c:\users\Ben\AppData\Local\Systweak
2013-01-22 11:28 . 2013-01-22 11:28 -------- d-----w- c:\users\Ben\AppData\Roaming\Systweak
2013-01-22 11:26 . 2013-01-22 11:26 -------- d-----w- c:\programdata\Systweak
2013-01-22 11:23 . 2013-01-22 11:23 -------- d-----w- C:\_OTL
2013-01-22 11:19 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{948BD58C-36AB-437D-A785-D3937C2EAEAE}\mpengine.dll
2013-01-21 11:50 . 2012-12-10 10:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2013-01-21 11:50 . 2012-12-10 10:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2013-01-21 11:50 . 2009-07-23 17:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll
2013-01-21 11:50 . 2009-07-23 17:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2013-01-19 17:54 . 2013-01-19 17:54 -------- d-----w- c:\users\Ben\AppData\Local\Programs
2013-01-19 17:53 . 2013-01-19 17:53 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2013-01-19 17:53 . 2013-01-19 17:53 -------- d-----w- c:\programdata\Malwarebytes
2013-01-19 17:53 . 2013-01-19 17:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-19 17:53 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-19 15:15 . 2013-01-21 19:48 -------- d-----w- c:\users\Ben\AppData\Roaming\.Torrent Stream
2013-01-19 15:15 . 2013-01-19 15:16 -------- d-----w- c:\users\Ben\AppData\Roaming\TorrentStream
2013-01-13 18:58 . 2013-01-22 17:42 -------- d-----w- c:\users\Ben\AppData\Local\Purplizer
2013-01-09 08:47 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-07 19:05 . 2013-01-07 19:05 -------- d-----w- c:\program files (x86)\Common Files\Overwolf
2012-12-23 19:29 . 2012-12-23 19:29 -------- d-----w- c:\users\Ben\AppData\Roaming\fltk.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:56 . 2012-12-08 11:52 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 00:18 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 00:18 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:18 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 08:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-11 23:53 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-11 23:53 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-11 23:53 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-11 23:53 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-11 23:53 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-11 23:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-11 23:53 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-11 23:53 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-11 23:53 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-11 23:53 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-11 23:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-11 23:53 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-11 23:53 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-11 23:53 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-11 23:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-11 23:53 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-11 23:53 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-11 23:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-11 23:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-11 23:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-11 23:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-11 23:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-11 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-11 22:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-11 22:16 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-11 22:16 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-28 15:56 . 2012-10-28 15:56 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-28 15:56 . 2012-10-28 15:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-28 15:56 . 2012-10-28 15:56 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-06-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-06-21 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{504B410B-2B08-98AE-E2D8-55FEFDF8D59D}]
2012-11-11 20:55 129024 ----a-w- c:\programdata\Vaudix\50a010bf072b3.ocx
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2013-01-02 35256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-08-09 316840]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-12-31 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2013-01-02 18360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 rzdaendpt;%rzdaendpt.SvcDesc%;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-07-31 26112]
R3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-07-31 21504]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-07-31 105984]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-07-31 22528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-01 1307648]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-21 1255736]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-22 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3881410413-1527467530-2302416625-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 14:29]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3881410413-1527467530-2302416625-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 14:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-09 8151040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-RegClean Pro_is1 - c:\program files (x86)\RegClean Pro\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\UAService7.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Overwolf\Purplizer\Purplizer.exe
.
**************************************************************************
.
Completion time: 2013-01-22 17:48:37 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-22 17:48
.
Pre-Run: 320,364,122,112 bytes free
Post-Run: 324,278,124,544 bytes free
.
- - End Of File - - F9DEDF8860064C943C9B1180796BCB9D




17:50:17.0976 5000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:50:18.0071 5000 ============================================================
17:50:18.0071 5000 Current date / time: 2013/01/22 17:50:18.0071
17:50:18.0071 5000 SystemInfo:
17:50:18.0071 5000
17:50:18.0071 5000 OS Version: 6.1.7601 ServicePack: 1.0
17:50:18.0071 5000 Product type: Workstation
17:50:18.0071 5000 ComputerName: BEN-PC
17:50:18.0072 5000 UserName: Ben
17:50:18.0072 5000 Windows directory: C:\Windows
17:50:18.0072 5000 System windows directory: C:\Windows
17:50:18.0072 5000 Running under WOW64
17:50:18.0072 5000 Processor architecture: Intel x64
17:50:18.0072 5000 Number of processors: 6
17:50:18.0072 5000 Page size: 0x1000
17:50:18.0072 5000 Boot type: Normal boot
17:50:18.0072 5000 ============================================================
17:50:20.0065 5000 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:50:20.0070 5000 ============================================================
17:50:20.0070 5000 \Device\Harddisk0\DR0:
17:50:20.0070 5000 MBR partitions:
17:50:20.0070 5000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:50:20.0070 5000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
17:50:20.0070 5000 ============================================================
17:50:20.0113 5000 C: <-> \Device\Harddisk0\DR0\Partition2
17:50:20.0113 5000 ============================================================
17:50:20.0113 5000 Initialize success
17:50:20.0113 5000 ============================================================
17:50:31.0030 4300 ============================================================
17:50:31.0031 4300 Scan started
17:50:31.0031 4300 Mode: Manual;
17:50:31.0031 4300 ============================================================
17:50:31.0883 4300 ================ Scan system memory ========================
17:50:31.0884 4300 System memory - ok
17:50:31.0884 4300 ================ Scan services =============================
17:50:32.0366 4300 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:50:32.0375 4300 1394ohci - ok
17:50:32.0408 4300 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:50:32.0415 4300 ACPI - ok
17:50:32.0434 4300 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:50:32.0436 4300 AcpiPmi - ok
17:50:32.0569 4300 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:50:32.0570 4300 AdobeARMservice - ok
17:50:32.0612 4300 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:50:32.0622 4300 adp94xx - ok
17:50:32.0665 4300 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:50:32.0682 4300 adpahci - ok
17:50:32.0699 4300 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:50:32.0705 4300 adpu320 - ok
17:50:32.0730 4300 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:50:32.0733 4300 AeLookupSvc - ok
17:50:32.0771 4300 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:50:32.0788 4300 AFD - ok
17:50:32.0807 4300 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:50:32.0810 4300 agp440 - ok
17:50:32.0824 4300 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:50:32.0827 4300 ALG - ok
17:50:32.0842 4300 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:50:32.0844 4300 aliide - ok
17:50:32.0907 4300 [ B3E801135E0C81733542C14D9AA8120A ] Alpham1 C:\Windows\system32\DRIVERS\Alpham164.sys
17:50:32.0912 4300 Alpham1 - ok
17:50:32.0966 4300 [ 6493983FEDBC49D9112703ECE9B251FE ] Alpham2 C:\Windows\system32\DRIVERS\Alpham264.sys
17:50:32.0968 4300 Alpham2 - ok
17:50:33.0004 4300 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:50:33.0009 4300 AMD External Events Utility - ok
17:50:33.0060 4300 AMD FUEL Service - ok
17:50:33.0081 4300 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:50:33.0083 4300 amdide - ok
17:50:33.0126 4300 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
17:50:33.0136 4300 amdiox64 - ok
17:50:33.0164 4300 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:50:33.0167 4300 AmdK8 - ok
17:50:33.0633 4300 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:50:33.0818 4300 amdkmdag - ok
17:50:33.0862 4300 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:50:33.0864 4300 amdkmdap - ok
17:50:33.0874 4300 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:50:33.0875 4300 AmdPPM - ok
17:50:33.0899 4300 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:50:33.0902 4300 amdsata - ok
17:50:33.0923 4300 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:50:33.0926 4300 amdsbs - ok
17:50:33.0939 4300 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:50:33.0939 4300 amdxata - ok
17:50:33.0949 4300 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:50:33.0949 4300 AODDriver4.2 - ok
17:50:33.0975 4300 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:50:33.0977 4300 AppID - ok
17:50:33.0994 4300 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:50:33.0996 4300 AppIDSvc - ok
17:50:34.0005 4300 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:50:34.0007 4300 Appinfo - ok
17:50:34.0042 4300 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:50:34.0043 4300 Apple Mobile Device - ok
17:50:34.0082 4300 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:50:34.0087 4300 AppMgmt - ok
17:50:34.0102 4300 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:50:34.0105 4300 arc - ok
17:50:34.0117 4300 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:50:34.0120 4300 arcsas - ok
17:50:34.0225 4300 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:50:34.0228 4300 aspnet_state - ok
17:50:34.0247 4300 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:50:34.0247 4300 AsyncMac - ok
17:50:34.0260 4300 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:50:34.0260 4300 atapi - ok
17:50:34.0316 4300 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:50:34.0317 4300 AtiHDAudioService - ok
17:50:34.0355 4300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:50:34.0372 4300 AudioEndpointBuilder - ok
17:50:34.0395 4300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:50:34.0401 4300 AudioSrv - ok
17:50:34.0445 4300 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:50:34.0449 4300 AxInstSV - ok
17:50:34.0474 4300 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:50:34.0491 4300 b06bdrv - ok
17:50:34.0503 4300 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:50:34.0509 4300 b57nd60a - ok
17:50:34.0530 4300 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:50:34.0535 4300 BDESVC - ok
17:50:34.0548 4300 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:50:34.0550 4300 Beep - ok
17:50:34.0578 4300 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:50:34.0595 4300 BFE - ok
17:50:34.0624 4300 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:50:34.0631 4300 BITS - ok
17:50:34.0643 4300 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:50:34.0645 4300 blbdrive - ok
17:50:34.0674 4300 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:50:34.0680 4300 Bonjour Service - ok
17:50:34.0697 4300 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:50:34.0700 4300 bowser - ok
17:50:34.0704 4300 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:50:34.0705 4300 BrFiltLo - ok
17:50:34.0716 4300 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:50:34.0718 4300 BrFiltUp - ok
17:50:34.0751 4300 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:50:34.0754 4300 BridgeMP - ok
17:50:34.0805 4300 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:50:34.0808 4300 Browser - ok
17:50:34.0828 4300 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:50:34.0845 4300 Brserid - ok
17:50:34.0863 4300 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:50:34.0895 4300 BrSerWdm - ok
17:50:34.0914 4300 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:50:34.0919 4300 BrUsbMdm - ok
17:50:34.0925 4300 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:50:34.0927 4300 BrUsbSer - ok
17:50:34.0947 4300 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:50:34.0950 4300 BTHMODEM - ok
17:50:34.0978 4300 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:50:34.0981 4300 bthserv - ok
17:50:34.0986 4300 catchme - ok
17:50:35.0010 4300 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:50:35.0012 4300 cdfs - ok
17:50:35.0027 4300 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:50:35.0030 4300 cdrom - ok
17:50:35.0050 4300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:50:35.0052 4300 CertPropSvc - ok
17:50:35.0062 4300 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:50:35.0064 4300 circlass - ok
17:50:35.0085 4300 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:50:35.0091 4300 CLFS - ok
17:50:35.0143 4300 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:50:35.0153 4300 clr_optimization_v2.0.50727_32 - ok
17:50:35.0177 4300 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:50:35.0180 4300 clr_optimization_v2.0.50727_64 - ok
17:50:35.0277 4300 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:50:35.0279 4300 clr_optimization_v4.0.30319_32 - ok
17:50:35.0304 4300 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:50:35.0306 4300 clr_optimization_v4.0.30319_64 - ok
17:50:35.0330 4300 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:50:35.0331 4300 CmBatt - ok
17:50:35.0346 4300 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:50:35.0347 4300 cmdide - ok
17:50:35.0393 4300 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:50:35.0405 4300 CNG - ok
17:50:35.0425 4300 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:50:35.0427 4300 Compbatt - ok
17:50:35.0445 4300 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:50:35.0447 4300 CompositeBus - ok
17:50:35.0454 4300 COMSysApp - ok
17:50:35.0504 4300 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
17:50:35.0505 4300 cpuz135 - ok
17:50:35.0512 4300 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:50:35.0514 4300 crcdisk - ok
17:50:35.0555 4300 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:50:35.0558 4300 CryptSvc - ok
17:50:35.0588 4300 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:50:35.0605 4300 CSC - ok
17:50:35.0638 4300 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:50:35.0656 4300 CscService - ok
17:50:35.0693 4300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:50:35.0702 4300 DcomLaunch - ok
17:50:35.0717 4300 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:50:35.0724 4300 defragsvc - ok
17:50:35.0739 4300 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:50:35.0742 4300 DfsC - ok
17:50:35.0763 4300 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:50:35.0780 4300 Dhcp - ok
17:50:35.0793 4300 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:50:35.0794 4300 discache - ok
17:50:35.0815 4300 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:50:35.0817 4300 Disk - ok
17:50:35.0844 4300 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:50:35.0847 4300 dmvsc - ok
17:50:35.0877 4300 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:50:35.0882 4300 Dnscache - ok
17:50:35.0896 4300 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:50:35.0903 4300 dot3svc - ok
17:50:35.0919 4300 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:50:35.0922 4300 DPS - ok
17:50:35.0955 4300 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:50:35.0957 4300 drmkaud - ok
17:50:36.0020 4300 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:50:36.0023 4300 dtsoftbus01 - ok
17:50:36.0050 4300 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:50:36.0057 4300 DXGKrnl - ok
17:50:36.0072 4300 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:50:36.0076 4300 EapHost - ok
17:50:36.0152 4300 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:50:36.0279 4300 ebdrv - ok
17:50:36.0308 4300 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:50:36.0310 4300 EFS - ok
17:50:36.0346 4300 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:50:36.0372 4300 ehRecvr - ok
17:50:36.0389 4300 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:50:36.0393 4300 ehSched - ok
17:50:36.0420 4300 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:50:36.0437 4300 elxstor - ok
17:50:36.0453 4300 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:50:36.0455 4300 ErrDev - ok
17:50:36.0488 4300 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:50:36.0494 4300 EventSystem - ok
17:50:36.0526 4300 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:50:36.0533 4300 exfat - ok
17:50:36.0541 4300 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:50:36.0545 4300 fastfat - ok
17:50:36.0570 4300 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:50:36.0587 4300 Fax - ok
17:50:36.0605 4300 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:50:36.0607 4300 fdc - ok
17:50:36.0612 4300 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:50:36.0614 4300 fdPHost - ok
17:50:36.0632 4300 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:50:36.0634 4300 FDResPub - ok
17:50:36.0649 4300 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:50:36.0651 4300 FileInfo - ok
17:50:36.0665 4300 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:50:36.0667 4300 Filetrace - ok
17:50:36.0672 4300 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:50:36.0673 4300 flpydisk - ok
17:50:36.0688 4300 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:50:36.0693 4300 FltMgr - ok
17:50:36.0795 4300 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:50:36.0826 4300 FontCache - ok
17:50:36.0870 4300 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:50:36.0879 4300 FontCache3.0.0.0 - ok
17:50:36.0891 4300 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:50:36.0893 4300 FsDepends - ok
17:50:36.0943 4300 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:50:36.0944 4300 Fs_Rec - ok
17:50:36.0967 4300 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:50:36.0971 4300 fvevol - ok
17:50:36.0986 4300 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:50:36.0989 4300 gagp30kx - ok
17:50:37.0007 4300 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:50:37.0008 4300 GEARAspiWDM - ok
17:50:37.0030 4300 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:50:37.0047 4300 gpsvc - ok
17:50:37.0053 4300 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:50:37.0054 4300 hcw85cir - ok
17:50:37.0092 4300 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:50:37.0099 4300 HdAudAddService - ok
17:50:37.0114 4300 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:50:37.0117 4300 HDAudBus - ok
17:50:37.0135 4300 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:50:37.0137 4300 HidBatt - ok
17:50:37.0153 4300 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:50:37.0155 4300 HidBth - ok
17:50:37.0161 4300 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:50:37.0163 4300 HidIr - ok
17:50:37.0179 4300 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:50:37.0182 4300 hidserv - ok
17:50:37.0193 4300 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:50:37.0195 4300 HidUsb - ok
17:50:37.0214 4300 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:50:37.0218 4300 hkmsvc - ok
17:50:37.0235 4300 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:50:37.0241 4300 HomeGroupListener - ok
17:50:37.0264 4300 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:50:37.0270 4300 HomeGroupProvider - ok
17:50:37.0286 4300 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:50:37.0289 4300 HpSAMD - ok
17:50:37.0317 4300 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:50:37.0343 4300 HTTP - ok
17:50:37.0355 4300 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:50:37.0355 4300 hwpolicy - ok
17:50:37.0381 4300 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:50:37.0384 4300 i8042prt - ok
17:50:37.0412 4300 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:50:37.0429 4300 iaStorV - ok
17:50:37.0491 4300 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:50:37.0517 4300 idsvc - ok
17:50:37.0535 4300 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:50:37.0538 4300 iirsp - ok
17:50:37.0671 4300 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:50:37.0705 4300 IKEEXT - ok
17:50:37.0715 4300 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:50:37.0717 4300 intelide - ok
17:50:37.0743 4300 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
17:50:37.0746 4300 intelppm - ok
17:50:37.0771 4300 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:50:37.0775 4300 IPBusEnum - ok
17:50:37.0789 4300 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:50:37.0792 4300 IpFilterDriver - ok
17:50:37.0856 4300 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:50:37.0873 4300 iphlpsvc - ok
17:50:37.0889 4300 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:50:37.0892 4300 IPMIDRV - ok
17:50:37.0909 4300 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:50:37.0913 4300 IPNAT - ok
17:50:37.0964 4300 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:50:37.0990 4300 iPod Service - ok
17:50:38.0016 4300 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:50:38.0019 4300 IRENUM - ok
17:50:38.0037 4300 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:50:38.0039 4300 isapnp - ok
17:50:38.0061 4300 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:50:38.0067 4300 iScsiPrt - ok
17:50:38.0084 4300 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:50:38.0085 4300 kbdclass - ok
17:50:38.0102 4300 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:50:38.0103 4300 kbdhid - ok
17:50:38.0116 4300 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:50:38.0118 4300 KeyIso - ok
17:50:38.0166 4300 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:50:38.0185 4300 KSecDD - ok
17:50:38.0217 4300 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:50:38.0220 4300 KSecPkg - ok
17:50:38.0230 4300 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:50:38.0232 4300 ksthunk - ok
17:50:38.0254 4300 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:50:38.0272 4300 KtmRm - ok
17:50:38.0311 4300 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:50:38.0317 4300 LanmanServer - ok
17:50:38.0328 4300 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:50:38.0334 4300 LanmanWorkstation - ok
17:50:38.0350 4300 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:50:38.0352 4300 lltdio - ok
17:50:38.0371 4300 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:50:38.0378 4300 lltdsvc - ok
17:50:38.0400 4300 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:50:38.0403 4300 lmhosts - ok
17:50:38.0428 4300 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:50:38.0431 4300 LSI_FC - ok
17:50:38.0447 4300 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:50:38.0450 4300 LSI_SAS - ok
17:50:38.0462 4300 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:50:38.0464 4300 LSI_SAS2 - ok
17:50:38.0473 4300 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:50:38.0475 4300 LSI_SCSI - ok
17:50:38.0494 4300 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:50:38.0496 4300 luafv - ok
17:50:38.0538 4300 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:50:38.0539 4300 MBAMProtector - ok
17:50:38.0663 4300 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:50:38.0692 4300 MBAMScheduler - ok
17:50:38.0752 4300 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:50:38.0775 4300 MBAMService - ok
17:50:38.0793 4300 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:50:38.0797 4300 Mcx2Svc - ok
17:50:38.0809 4300 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:50:38.0811 4300 megasas - ok
17:50:38.0827 4300 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:50:38.0834 4300 MegaSR - ok
17:50:38.0847 4300 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:50:38.0851 4300 MMCSS - ok
17:50:38.0870 4300 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:50:38.0903 4300 Modem - ok
17:50:38.0928 4300 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:50:38.0928 4300 monitor - ok
17:50:38.0940 4300 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:50:38.0941 4300 mouclass - ok
17:50:38.0956 4300 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:50:38.0958 4300 mouhid - ok
17:50:38.0969 4300 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:50:38.0972 4300 mountmgr - ok
17:50:38.0979 4300 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:50:38.0982 4300 mpio - ok
17:50:38.0992 4300 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:50:38.0995 4300 mpsdrv - ok
17:50:39.0016 4300 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:50:39.0042 4300 MpsSvc - ok
17:50:39.0061 4300 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:50:39.0064 4300 MRxDAV - ok
17:50:39.0094 4300 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:50:39.0098 4300 mrxsmb - ok
17:50:39.0118 4300 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:50:39.0123 4300 mrxsmb10 - ok
17:50:39.0138 4300 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:50:39.0142 4300 mrxsmb20 - ok
17:50:39.0161 4300 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:50:39.0163 4300 msahci - ok
17:50:39.0170 4300 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:50:39.0173 4300 msdsm - ok
17:50:39.0191 4300 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:50:39.0196 4300 MSDTC - ok
17:50:39.0223 4300 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:50:39.0225 4300 Msfs - ok
17:50:39.0239 4300 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:50:39.0249 4300 mshidkmdf - ok
17:50:39.0266 4300 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:50:39.0266 4300 msisadrv - ok
17:50:39.0285 4300 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:50:39.0290 4300 MSiSCSI - ok
17:50:39.0295 4300 msiserver - ok
17:50:39.0315 4300 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:50:39.0317 4300 MSKSSRV - ok
17:50:39.0332 4300 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:50:39.0333 4300 MSPCLOCK - ok
17:50:39.0338 4300 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:50:39.0339 4300 MSPQM - ok
17:50:39.0358 4300 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:50:39.0364 4300 MsRPC - ok
17:50:39.0395 4300 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:50:39.0395 4300 mssmbios - ok
17:50:39.0401 4300 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:50:39.0402 4300 MSTEE - ok
17:50:39.0418 4300 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:50:39.0420 4300 MTConfig - ok
17:50:39.0430 4300 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:50:39.0431 4300 Mup - ok
17:50:39.0447 4300 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:50:39.0473 4300 napagent - ok
17:50:39.0500 4300 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:50:39.0506 4300 NativeWifiP - ok
17:50:39.0780 4300 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:50:39.0792 4300 NDIS - ok
17:50:39.0812 4300 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:50:39.0862 4300 NdisCap - ok
17:50:39.0896 4300 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:50:39.0930 4300 NdisTapi - ok
17:50:39.0963 4300 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:50:39.0966 4300 Ndisuio - ok
17:50:39.0984 4300 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:50:39.0989 4300 NdisWan - ok
17:50:40.0000 4300 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:50:40.0003 4300 NDProxy - ok
17:50:40.0055 4300 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
17:50:40.0061 4300 Netaapl - ok
17:50:40.0077 4300 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:50:40.0079 4300 NetBIOS - ok
17:50:40.0098 4300 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:50:40.0103 4300 NetBT - ok
17:50:40.0115 4300 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:50:40.0117 4300 Netlogon - ok
17:50:40.0140 4300 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:50:40.0147 4300 Netman - ok
17:50:40.0206 4300 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:50:40.0210 4300 NetMsmqActivator - ok
17:50:40.0217 4300 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:50:40.0219 4300 NetPipeActivator - ok
17:50:40.0245 4300 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:50:40.0262 4300 netprofm - ok
17:50:40.0270 4300 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:50:40.0272 4300 NetTcpActivator - ok
17:50:40.0279 4300 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:50:40.0281 4300 NetTcpPortSharing - ok
17:50:40.0304 4300 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:50:40.0306 4300 nfrd960 - ok
17:50:40.0334 4300 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:50:40.0343 4300 NlaSvc - ok
17:50:40.0356 4300 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:50:40.0359 4300 Npfs - ok
17:50:40.0368 4300 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:50:40.0372 4300 nsi - ok
17:50:40.0379 4300 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:50:40.0380 4300 nsiproxy - ok
17:50:40.0530 4300 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:50:40.0545 4300 Ntfs - ok
17:50:40.0570 4300 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:50:40.0571 4300 Null - ok
17:50:40.0603 4300 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
17:50:40.0610 4300 NVENETFD - ok
17:50:40.0629 4300 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:50:40.0633 4300 nvraid - ok
17:50:40.0653 4300 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:50:40.0655 4300 nvstor - ok
17:50:40.0670 4300 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:50:40.0673 4300 nv_agp - ok
17:50:40.0690 4300 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:50:40.0693 4300 ohci1394 - ok
17:50:40.0835 4300 [ 23E03977052162A348ADD43621C2CAB4 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
17:50:40.0847 4300 OverwolfUpdaterService - ok
17:50:40.0875 4300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:50:40.0903 4300 p2pimsvc - ok
17:50:40.0955 4300 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:50:40.0972 4300 p2psvc - ok
17:50:41.0018 4300 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:50:41.0023 4300 Parport - ok
17:50:41.0040 4300 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:50:41.0044 4300 partmgr - ok
17:50:41.0086 4300 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:50:41.0089 4300 PcaSvc - ok
17:50:41.0103 4300 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:50:41.0105 4300 pci - ok
17:50:41.0114 4300 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:50:41.0115 4300 pciide - ok
17:50:41.0134 4300 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:50:41.0137 4300 pcmcia - ok
17:50:41.0150 4300 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:50:41.0150 4300 pcw - ok
17:50:41.0168 4300 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:50:41.0199 4300 PEAUTH - ok
17:50:41.0239 4300 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:50:41.0273 4300 PeerDistSvc - ok
17:50:41.0330 4300 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:50:41.0333 4300 PerfHost - ok
17:50:41.0374 4300 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:50:41.0409 4300 pla - ok
17:50:41.0436 4300 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:50:41.0445 4300 PlugPlay - ok
17:50:41.0453 4300 PnkBstrA - ok
17:50:41.0464 4300 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:50:41.0467 4300 PNRPAutoReg - ok
17:50:41.0486 4300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:50:41.0491 4300 PNRPsvc - ok
17:50:41.0518 4300 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:50:41.0527 4300 PolicyAgent - ok
17:50:41.0552 4300 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:50:41.0558 4300 Power - ok
17:50:41.0579 4300 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:50:41.0581 4300 PptpMiniport - ok
17:50:41.0597 4300 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:50:41.0599 4300 Processor - ok
17:50:41.0637 4300 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:50:41.0663 4300 ProfSvc - ok
17:50:41.0680 4300 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:50:41.0682 4300 ProtectedStorage - ok
17:50:41.0696 4300 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:50:41.0699 4300 Psched - ok
17:50:41.0737 4300 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:50:41.0780 4300 ql2300 - ok
17:50:41.0788 4300 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:50:41.0791 4300 ql40xx - ok
17:50:41.0810 4300 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:50:41.0815 4300 QWAVE - ok
17:50:41.0822 4300 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:50:41.0823 4300 QWAVEdrv - ok
17:50:41.0834 4300 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:50:41.0836 4300 RasAcd - ok
17:50:41.0862 4300 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:50:41.0864 4300 RasAgileVpn - ok
17:50:41.0878 4300 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:50:41.0882 4300 RasAuto - ok
17:50:41.0899 4300 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:50:41.0903 4300 Rasl2tp - ok
17:50:41.0918 4300 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:50:41.0925 4300 RasMan - ok
17:50:41.0939 4300 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:50:41.0941 4300 RasPppoe - ok
17:50:41.0949 4300 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:50:41.0951 4300 RasSstp - ok
17:50:41.0966 4300 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:50:41.0970 4300 rdbss - ok
17:50:41.0979 4300 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:50:41.0980 4300 rdpbus - ok
17:50:41.0986 4300 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:50:41.0987 4300 RDPCDD - ok
17:50:42.0009 4300 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:50:42.0012 4300 RDPDR - ok
17:50:42.0024 4300 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:50:42.0024 4300 RDPENCDD - ok
17:50:42.0028 4300 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:50:42.0029 4300 RDPREFMP - ok
17:50:42.0062 4300 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:50:42.0064 4300 RdpVideoMiniport - ok
17:50:42.0081 4300 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:50:42.0084 4300 RDPWD - ok
17:50:42.0092 4300 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:50:42.0095 4300 rdyboost - ok
17:50:42.0099 4300 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:50:42.0101 4300 RemoteAccess - ok
17:50:42.0106 4300 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:50:42.0107 4300 RemoteRegistry - ok
17:50:42.0139 4300 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:50:42.0142 4300 RpcEptMapper - ok
17:50:42.0161 4300 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:50:42.0165 4300 RpcLocator - ok
17:50:42.0187 4300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
17:50:42.0192 4300 RpcSs - ok
17:50:42.0200 4300 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:50:42.0202 4300 rspndr - ok
17:50:42.0235 4300 [ A2DD7CBB1F86F4540DDDE7352CA36666 ] rzdaendpt C:\Windows\system32\DRIVERS\rzdaendpt.sys
17:50:42.0237 4300 rzdaendpt - ok
17:50:42.0269 4300 [ EB37B46FDCAF4128038FCE58CB63C22D ] rzendpt C:\Windows\system32\DRIVERS\rzendpt.sys
17:50:42.0272 4300 rzendpt - ok
17:50:42.0317 4300 [ C5E1A5C17FA2CC83C2BB2167B0895100 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
17:50:42.0321 4300 rzudd - ok
17:50:42.0336 4300 [ D3EEBB51A9E16B27CA79D06F6BC678D5 ] rzvkeyboard C:\Windows\system32\DRIVERS\rzvkeyboard.sys
17:50:42.0339 4300 rzvkeyboard - ok
17:50:42.0353 4300 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:50:42.0355 4300 s3cap - ok
17:50:42.0372 4300 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:50:42.0373 4300 SamSs - ok
17:50:42.0393 4300 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:50:42.0396 4300 sbp2port - ok
17:50:42.0417 4300 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:50:42.0423 4300 SCardSvr - ok
17:50:42.0460 4300 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:50:42.0461 4300 SCDEmu - ok
17:50:42.0475 4300 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:50:42.0486 4300 scfilter - ok
17:50:42.0518 4300 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:50:42.0530 4300 Schedule - ok
17:50:42.0580 4300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:50:42.0581 4300 SCPolicySvc - ok
17:50:42.0638 4300 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:50:42.0651 4300 SDRSVC - ok
17:50:42.0663 4300 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:50:42.0664 4300 secdrv - ok
17:50:42.0676 4300 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:50:42.0680 4300 seclogon - ok
17:50:42.0690 4300 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:50:42.0693 4300 SENS - ok
17:50:42.0698 4300 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:50:42.0700 4300 SensrSvc - ok
17:50:42.0713 4300 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:50:42.0714 4300 Serenum - ok
17:50:42.0730 4300 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:50:42.0732 4300 Serial - ok
17:50:42.0747 4300 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:50:42.0749 4300 sermouse - ok
17:50:42.0765 4300 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:50:42.0769 4300 SessionEnv - ok
17:50:42.0781 4300 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:50:42.0783 4300 sffdisk - ok
17:50:42.0787 4300 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:50:42.0788 4300 sffp_mmc - ok
17:50:42.0796 4300 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:50:42.0797 4300 sffp_sd - ok
17:50:42.0812 4300 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:50:42.0813 4300 sfloppy - ok
17:50:42.0841 4300 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:50:42.0847 4300 SharedAccess - ok
17:50:42.0867 4300 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:50:42.0871 4300 ShellHWDetection - ok
17:50:42.0896 4300 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:50:42.0899 4300 SiSRaid2 - ok
17:50:42.0913 4300 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:50:42.0916 4300 SiSRaid4 - ok
17:50:42.0971 4300 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:50:42.0975 4300 SkypeUpdate - ok
17:50:42.0991 4300 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:50:42.0993 4300 Smb - ok
17:50:43.0008 4300 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:50:43.0011 4300 SNMPTRAP - ok
17:50:43.0022 4300 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:50:43.0022 4300 spldr - ok
17:50:43.0131 4300 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:50:43.0141 4300 Spooler - ok
17:50:43.0268 4300 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:50:43.0329 4300 sppsvc - ok
17:50:43.0339 4300 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:50:43.0342 4300 sppuinotify - ok
17:50:43.0411 4300 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
17:50:43.0427 4300 sptd - ok
17:50:43.0455 4300 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:50:43.0481 4300 srv - ok
17:50:43.0507 4300 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:50:43.0515 4300 srv2 - ok
17:50:43.0536 4300 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:50:43.0541 4300 srvnet - ok
17:50:43.0568 4300 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:50:43.0574 4300 SSDPSRV - ok
17:50:43.0592 4300 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:50:43.0597 4300 SstpSvc - ok
17:50:43.0644 4300 Steam Client Service - ok
17:50:43.0661 4300 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:50:43.0664 4300 stexstor - ok
17:50:43.0694 4300 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:50:43.0720 4300 stisvc - ok
17:50:43.0741 4300 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:50:43.0742 4300 storflt - ok
17:50:43.0762 4300 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:50:43.0765 4300 storvsc - ok
17:50:43.0782 4300 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:50:43.0783 4300 swenum - ok
17:50:43.0988 4300 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:50:43.0995 4300 SwitchBoard - ok
17:50:44.0093 4300 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:50:44.0119 4300 swprv - ok
17:50:44.0148 4300 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
17:50:44.0151 4300 Synth3dVsc - ok
17:50:44.0201 4300 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:50:44.0245 4300 SysMain - ok
17:50:44.0263 4300 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:50:44.0268 4300 TabletInputService - ok
17:50:44.0326 4300 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
17:50:44.0328 4300 tap0901t - ok
17:50:44.0346 4300 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:50:44.0353 4300 TapiSrv - ok
17:50:44.0367 4300 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:50:44.0371 4300 TBS - ok
17:50:44.0500 4300 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:50:44.0521 4300 Tcpip - ok
17:50:44.0567 4300 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:50:44.0576 4300 TCPIP6 - ok
17:50:44.0620 4300 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:50:44.0622 4300 tcpipreg - ok
17:50:44.0637 4300 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:50:44.0639 4300 TDPIPE - ok
17:50:44.0657 4300 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:50:44.0659 4300 TDTCP - ok
17:50:44.0678 4300 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:50:44.0680 4300 tdx - ok
17:50:44.0688 4300 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:50:44.0689 4300 TermDD - ok
17:50:44.0710 4300 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
17:50:44.0727 4300 terminpt - ok
17:50:44.0758 4300 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:50:44.0769 4300 TermService - ok
17:50:44.0785 4300 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:50:44.0793 4300 Themes - ok
17:50:44.0802 4300 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:50:44.0804 4300 THREADORDER - ok
17:50:44.0812 4300 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:50:44.0815 4300 TrkWks - ok
17:50:44.0863 4300 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:50:44.0865 4300 TrustedInstaller - ok
17:50:44.0882 4300 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:50:44.0883 4300 tssecsrv - ok
17:50:44.0914 4300 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:50:44.0917 4300 TsUsbFlt - ok
17:50:44.0934 4300 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:50:44.0937 4300 TsUsbGD - ok
17:50:44.0955 4300 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
17:50:44.0958 4300 tsusbhub - ok
17:50:44.0980 4300 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:50:44.0983 4300 tunnel - ok
17:50:45.0077 4300 [ 2FD0FE0A0C721C8E47C5A3AE16E519B1 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
17:50:45.0095 4300 TunngleService - ok
17:50:45.0122 4300 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:50:45.0125 4300 uagp35 - ok
17:50:45.0142 4300 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:50:45.0149 4300 udfs - ok
17:50:45.0164 4300 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:50:45.0168 4300 UI0Detect - ok
17:50:45.0184 4300 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:50:45.0186 4300 uliagpkx - ok
17:50:45.0212 4300 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:50:45.0214 4300 umbus - ok
17:50:45.0238 4300 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:50:45.0240 4300 UmPass - ok
17:50:45.0265 4300 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:50:45.0282 4300 UmRdpService - ok
17:50:45.0303 4300 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:50:45.0320 4300 upnphost - ok
17:50:45.0359 4300 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:50:45.0361 4300 USBAAPL64 - ok
17:50:45.0435 4300 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:50:45.0446 4300 usbaudio - ok
17:50:45.0470 4300 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:50:45.0473 4300 usbccgp - ok
17:50:45.0493 4300 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:50:45.0496 4300 usbcir - ok
17:50:45.0512 4300 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:50:45.0514 4300 usbehci - ok
17:50:45.0534 4300 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:50:45.0541 4300 usbhub - ok
17:50:45.0612 4300 [ F9B3054339A71F16430F6585EBC8BE96 ] USBMULCD C:\Windows\system32\drivers\CM10664.sys
17:50:45.0647 4300 USBMULCD - ok
17:50:45.0671 4300 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:50:45.0672 4300 usbohci - ok
17:50:45.0688 4300 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:50:45.0690 4300 usbprint - ok
17:50:45.0704 4300 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:50:45.0707 4300 USBSTOR - ok
17:50:45.0722 4300 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:50:45.0724 4300 usbuhci - ok
17:50:45.0749 4300 UserAccess7 - ok
17:50:45.0765 4300 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:50:45.0771 4300 UxSms - ok
17:50:45.0786 4300 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:50:45.0789 4300 VaultSvc - ok
17:50:45.0801 4300 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:50:45.0803 4300 vdrvroot - ok
17:50:45.0823 4300 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:50:45.0843 4300 vds - ok
17:50:45.0858 4300 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:45.0860 4300 vga - ok
17:50:45.0868 4300 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:50:45.0869 4300 VgaSave - ok
17:50:45.0873 4300 VGPU - ok
17:50:45.0880 4300 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:50:45.0884 4300 vhdmp - ok
17:50:45.0896 4300 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:50:45.0898 4300 viaide - ok
17:50:45.0919 4300 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:50:45.0923 4300 vmbus - ok
17:50:45.0949 4300 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:50:45.0950 4300 VMBusHID - ok
17:50:45.0962 4300 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:50:45.0965 4300 volmgr - ok
17:50:45.0988 4300 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:50:45.0994 4300 volmgrx - ok
17:50:46.0005 4300 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:50:46.0009 4300 volsnap - ok
17:50:46.0035 4300 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:50:46.0038 4300 vsmraid - ok
17:50:46.0082 4300 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:50:46.0117 4300 VSS - ok
17:50:46.0131 4300 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:50:46.0133 4300 vwifibus - ok
17:50:46.0147 4300 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:50:46.0154 4300 W32Time - ok
17:50:46.0172 4300 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:50:46.0174 4300 WacomPen - ok
17:50:46.0195 4300 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:50:46.0197 4300 WANARP - ok
17:50:46.0201 4300 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:50:46.0202 4300 Wanarpv6 - ok
17:50:46.0253 4300 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:50:46.0279 4300 WatAdminSvc - ok
17:50:46.0317 4300 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:50:46.0352 4300 wbengine - ok
17:50:46.0371 4300 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:50:46.0395 4300 WbioSrvc - ok
17:50:46.0415 4300 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:50:46.0422 4300 wcncsvc - ok
17:50:46.0431 4300 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:50:46.0434 4300 WcsPlugInService - ok
17:50:46.0450 4300 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:50:46.0452 4300 Wd - ok
17:50:46.0505 4300 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:50:46.0523 4300 Wdf01000 - ok
17:50:46.0539 4300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:50:46.0544 4300 WdiServiceHost - ok
17:50:46.0548 4300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:50:46.0551 4300 WdiSystemHost - ok
17:50:46.0564 4300 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:50:46.0571 4300 WebClient - ok
17:50:46.0582 4300 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:50:46.0588 4300 Wecsvc - ok
17:50:46.0600 4300 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:50:46.0604 4300 wercplsupport - ok
17:50:46.0622 4300 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:50:46.0627 4300 WerSvc - ok
17:50:46.0633 4300 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:50:46.0634 4300 WfpLwf - ok
17:50:46.0646 4300 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:50:46.0648 4300 WIMMount - ok
17:50:46.0651 4300 WinDefend - ok
17:50:46.0659 4300 WinHttpAutoProxySvc - ok
17:50:46.0706 4300 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:50:46.0711 4300 Winmgmt - ok
17:50:46.0756 4300 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:50:46.0799 4300 WinRM - ok
17:50:46.0825 4300 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:50:46.0827 4300 WinUsb - ok
17:50:46.0849 4300 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:50:46.0875 4300 Wlansvc - ok
17:50:47.0102 4300 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:50:47.0155 4300 wlidsvc - ok
17:50:47.0174 4300 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:50:47.0175 4300 WmiAcpi - ok
17:50:47.0196 4300 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:50:47.0199 4300 wmiApSrv - ok
17:50:47.0210 4300 WMPNetworkSvc - ok
17:50:47.0217 4300 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:50:47.0220 4300 WPCSvc - ok
17:50:47.0233 4300 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:50:47.0237 4300 WPDBusEnum - ok
17:50:47.0244 4300 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:50:47.0246 4300 ws2ifsl - ok
17:50:47.0252 4300 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:50:47.0256 4300 wscsvc - ok
17:50:47.0258 4300 WSearch - ok
17:50:47.0341 4300 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:50:47.0381 4300 wuauserv - ok
17:50:47.0436 4300 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:50:47.0449 4300 WudfPf - ok
17:50:47.0469 4300 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:47.0475 4300 WUDFRd - ok
17:50:47.0503 4300 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:50:47.0508 4300 wudfsvc - ok
17:50:47.0537 4300 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:50:47.0554 4300 WwanSvc - ok
17:50:47.0612 4300 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
17:50:47.0637 4300 xnacc - ok
17:50:47.0666 4300 ================ Scan global ===============================
17:50:47.0680 4300 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:50:47.0720 4300 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:50:47.0753 4300 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:50:47.0768 4300 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:50:47.0788 4300 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:50:47.0794 4300 [Global] - ok
17:50:47.0796 4300 ================ Scan MBR ==================================
17:50:47.0808 4300 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:50:48.0960 4300 \Device\Harddisk0\DR0 - ok
17:50:48.0961 4300 ================ Scan VBR ==================================
17:50:48.0963 4300 [ 03A8FB0CFAC06DE4282841822A029FD0 ] \Device\Harddisk0\DR0\Partition1
17:50:48.0966 4300 \Device\Harddisk0\DR0\Partition1 - ok
17:50:48.0992 4300 [ 626C77A0A0117D885F24162A87A11429 ] \Device\Harddisk0\DR0\Partition2
17:50:48.0996 4300 \Device\Harddisk0\DR0\Partition2 - ok
17:50:48.0996 4300 ============================================================
17:50:48.0996 4300 Scan finished
17:50:48.0996 4300 ============================================================
17:50:49.0003 2672 Detected object count: 0
17:50:49.0003 2672 Actual detected object count: 0
17:51:19.0464 4436 ============================================================
17:51:19.0464 4436 Scan started
17:51:19.0464 4436 Mode: Manual; SigCheck; TDLFS;
17:51:19.0464 4436 ============================================================
17:51:19.0800 4436 ================ Scan system memory ========================
17:51:19.0800 4436 System memory - ok
17:51:19.0801 4436 ================ Scan services =============================
17:51:19.0999 4436 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:51:20.0116 4436 1394ohci - ok
17:51:20.0129 4436 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:51:20.0143 4436 ACPI - ok
17:51:20.0157 4436 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:51:20.0241 4436 AcpiPmi - ok
17:51:20.0368 4436 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:51:20.0387 4436 AdobeARMservice - ok
17:51:20.0420 4436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:51:20.0444 4436 adp94xx - ok
17:51:20.0457 4436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:51:20.0470 4436 adpahci - ok
17:51:20.0497 4436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:51:20.0508 4436 adpu320 - ok
17:51:20.0545 4436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:51:20.0611 4436 AeLookupSvc - ok
17:51:20.0675 4436 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:51:20.0711 4436 AFD - ok
17:51:20.0722 4436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:51:20.0731 4436 agp440 - ok
17:51:20.0747 4436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:51:20.0783 4436 ALG - ok
17:51:20.0798 4436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:51:20.0807 4436 aliide - ok
17:51:20.0856 4436 [ B3E801135E0C81733542C14D9AA8120A ] Alpham1 C:\Windows\system32\DRIVERS\Alpham164.sys
17:51:20.0927 4436 Alpham1 - ok
17:51:20.0973 4436 [ 6493983FEDBC49D9112703ECE9B251FE ] Alpham2 C:\Windows\system32\DRIVERS\Alpham264.sys
17:51:21.0014 4436 Alpham2 - ok
17:51:21.0061 4436 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:51:21.0140 4436 AMD External Events Utility - ok
17:51:21.0180 4436 AMD FUEL Service - ok
17:51:21.0196 4436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:51:21.0215 4436 amdide - ok
17:51:21.0250 4436 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
17:51:21.0275 4436 amdiox64 - ok
17:51:21.0296 4436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:51:21.0308 4436 AmdK8 - ok
17:51:21.0508 4436 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:51:21.0613 4436 amdkmdag - ok
17:51:21.0662 4436 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:51:21.0697 4436 amdkmdap - ok
17:51:21.0706 4436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:51:21.0748 4436 AmdPPM - ok
17:51:21.0780 4436 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:51:21.0797 4436 amdsata - ok
17:51:21.0813 4436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:51:21.0824 4436 amdsbs - ok
17:51:21.0838 4436 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:51:21.0847 4436 amdxata - ok
17:51:21.0870 4436 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:51:21.0879 4436 AODDriver4.2 - ok
17:51:21.0890 4436 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:51:21.0970 4436 AppID - ok
17:51:21.0985 4436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:51:22.0011 4436 AppIDSvc - ok
17:51:22.0020 4436 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:51:22.0046 4436 Appinfo - ok
17:51:22.0115 4436 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:51:22.0135 4436 Apple Mobile Device - ok
17:51:22.0163 4436 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:51:22.0182 4436 AppMgmt - ok
17:51:22.0200 4436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:51:22.0208 4436 arc - ok
17:51:22.0224 4436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:51:22.0232 4436 arcsas - ok
17:51:22.0381 4436 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:51:22.0390 4436 aspnet_state - ok
17:51:22.0403 4436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:51:22.0435 4436 AsyncMac - ok
17:51:22.0450 4436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:51:22.0457 4436 atapi - ok
17:51:22.0523 4436 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:51:22.0542 4436 AtiHDAudioService - ok
17:51:22.0593 4436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:51:22.0645 4436 AudioEndpointBuilder - ok
17:51:22.0711 4436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:51:22.0752 4436 AudioSrv - ok
17:51:22.0767 4436 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:51:22.0825 4436 AxInstSV - ok
17:51:22.0853 4436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:51:22.0908 4436 b06bdrv - ok
17:51:22.0932 4436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:51:22.0962 4436 b57nd60a - ok
17:51:22.0970 4436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:51:23.0013 4436 BDESVC - ok
17:51:23.0029 4436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:51:23.0095 4436 Beep - ok
17:51:23.0163 4436 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:51:23.0195 4436 BFE - ok
17:51:23.0229 4436 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:51:23.0263 4436 BITS - ok
17:51:23.0275 4436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:51:23.0283 4436 blbdrive - ok
17:51:23.0354 4436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:51:23.0366 4436 Bonjour Service - ok
17:51:23.0387 4436 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:51:23.0441 4436 bowser - ok
17:51:23.0458 4436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:51:23.0484 4436 BrFiltLo - ok
17:51:23.0498 4436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:51:23.0509 4436 BrFiltUp - ok
17:51:23.0532 4436 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:51:23.0560 4436 BridgeMP - ok
17:51:23.0617 4436 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:51:23.0640 4436 Browser - ok
17:51:23.0691 4436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:51:23.0747 4436 Brserid - ok
17:51:23.0768 4436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:51:23.0799 4436 BrSerWdm - ok
17:51:23.0820 4436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:51:23.0847 4436 BrUsbMdm - ok
17:51:23.0850 4436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:51:23.0858 4436 BrUsbSer - ok
17:51:23.0878 4436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:51:23.0888 4436 BTHMODEM - ok
17:51:23.0901 4436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:51:23.0947 4436 bthserv - ok
17:51:23.0949 4436 catchme - ok
17:51:23.0966 4436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:51:23.0997 4436 cdfs - ok
17:51:24.0008 4436 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:51:24.0047 4436 cdrom - ok
17:51:24.0073 4436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:51:24.0135 4436 CertPropSvc - ok
17:51:24.0151 4436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:51:24.0169 4436 circlass - ok
17:51:24.0207 4436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:51:24.0219 4436 CLFS - ok
17:51:24.0266 4436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:51:24.0279 4436 clr_optimization_v2.0.50727_32 - ok
17:51:24.0342 4436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:51:24.0361 4436 clr_optimization_v2.0.50727_64 - ok
17:51:24.0551 4436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:51:24.0571 4436 clr_optimization_v4.0.30319_32 - ok
17:51:24.0584 4436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:51:24.0596 4436 clr_optimization_v4.0.30319_64 - ok
17:51:24.0611 4436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:51:24.0633 4436 CmBatt - ok
17:51:24.0652 4436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:51:24.0671 4436 cmdide - ok
17:51:24.0717 4436 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:51:24.0757 4436 CNG - ok
17:51:24.0781 4436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:51:24.0789 4436 Compbatt - ok
17:51:24.0809 4436 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:51:24.0821 4436 CompositeBus - ok
17:51:24.0824 4436 COMSysApp - ok
17:51:24.0860 4436 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
17:51:24.0868 4436 cpuz135 - ok
17:51:24.0877 4436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:51:24.0885 4436 crcdisk - ok
17:51:24.0927 4436 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:51:24.0936 4436 CryptSvc - ok
17:51:24.0991 4436 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:51:25.0040 4436 CSC - ok
17:51:25.0090 4436 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:51:25.0127 4436 CscService - ok
17:51:25.0227 4436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:51:25.0275 4436 DcomLaunch - ok
17:51:25.0333 4436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:51:25.0377 4436 defragsvc - ok
17:51:25.0386 4436 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:51:25.0452 4436 DfsC - ok
17:51:25.0539 4436 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:51:25.0614 4436 Dhcp - ok
17:51:25.0632 4436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:51:25.0717 4436 discache - ok
17:51:25.0745 4436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:51:25.0754 4436 Disk - ok
17:51:25.0783 4436 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:51:25.0802 4436 dmvsc - ok
17:51:25.0815 4436 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:51:25.0872 4436 Dnscache - ok
17:51:25.0905 4436 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:51:25.0980 4436 dot3svc - ok
17:51:25.0999 4436 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:51:26.0047 4436 DPS - ok
17:51:26.0077 4436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:51:26.0129 4436 drmkaud - ok
17:51:26.0182 4436 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:51:26.0203 4436 dtsoftbus01 - ok
17:51:26.0276 4436 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:51:26.0317 4436 DXGKrnl - ok
17:51:26.0361 4436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:51:26.0408 4436 EapHost - ok
17:51:26.0603 4436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:51:26.0648 4436 ebdrv - ok
17:51:26.0680 4436 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:51:26.0689 4436 EFS - ok
17:51:26.0771 4436 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:51:26.0862 4436 ehRecvr - ok
17:51:26.0878 4436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:51:26.0892 4436 ehSched - ok
17:51:26.0914 4436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:51:26.0928 4436 elxstor - ok
17:51:26.0941 4436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:51:26.0972 4436 ErrDev - ok
17:51:27.0024 4436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:51:27.0054 4436 EventSystem - ok
17:51:27.0089 4436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:51:27.0116 4436 exfat - ok
17:51:27.0132 4436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:51:27.0203 4436 fastfat - ok
17:51:27.0231 4436 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:51:27.0297 4436 Fax - ok
17:51:27.0310 4436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:51:27.0343 4436 fdc - ok
17:51:27.0365 4436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:51:27.0405 4436 fdPHost - ok
17:51:27.0420 4436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:51:27.0446 4436 FDResPub - ok
17:51:27.0454 4436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:51:27.0461 4436 FileInfo - ok
17:51:27.0470 4436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:51:27.0563 4436 Filetrace - ok
17:51:27.0568 4436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:51:27.0577 4436 flpydisk - ok
17:51:27.0600 4436 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:51:27.0610 4436 FltMgr - ok
17:51:27.0709 4436 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:51:27.0770 4436 FontCache - ok
17:51:27.0800 4436 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:51:27.0810 4436 FontCache3.0.0.0 - ok
17:51:27.0837 4436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:51:27.0849 4436 FsDepends - ok
17:51:27.0907 4436 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:51:27.0927 4436 Fs_Rec - ok
17:51:27.0969 4436 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:51:27.0997 4436 fvevol - ok
17:51:28.0016 4436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:51:28.0028 4436 gagp30kx - ok
17:51:28.0045 4436 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:51:28.0054 4436 GEARAspiWDM - ok
17:51:28.0122 4436 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:51:28.0165 4436 gpsvc - ok
17:51:28.0179 4436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:51:28.0232 4436 hcw85cir - ok
17:51:28.0256 4436 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:51:28.0294 4436 HdAudAddService - ok
17:51:28.0319 4436 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:51:28.0368 4436 HDAudBus - ok
17:51:28.0390 4436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:51:28.0402 4436 HidBatt - ok
17:51:28.0416 4436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:51:28.0459 4436 HidBth - ok
17:51:28.0484 4436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:51:28.0496 4436 HidIr - ok
17:51:28.0509 4436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:51:28.0578 4436 hidserv - ok
17:51:28.0598 4436 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:51:28.0606 4436 HidUsb - ok
17:51:28.0644 4436 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:51:28.0722 4436 hkmsvc - ok
17:51:28.0739 4436 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:51:28.0758 4436 HomeGroupListener - ok
17:51:28.0769 4436 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:51:28.0799 4436 HomeGroupProvider - ok
17:51:28.0816 4436 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:51:28.0824 4436 HpSAMD - ok
17:51:28.0853 4436 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:51:28.0909 4436 HTTP - ok
17:51:28.0926 4436 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:51:28.0934 4436 hwpolicy - ok
17:51:28.0952 4436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:51:28.0961 4436 i8042prt - ok
17:51:29.0044 4436 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:51:29.0057 4436 iaStorV - ok
17:51:29.0157 4436 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:51:29.0173 4436 idsvc - ok
17:51:29.0190 4436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:51:29.0197 4436 iirsp - ok
17:51:29.0276 4436 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:51:29.0354 4436 IKEEXT - ok
17:51:29.0369 4436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:51:29.0380 4436 intelide - ok
17:51:29.0398 4436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
17:51:29.0428 4436 intelppm - ok
17:51:29.0450 4436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:51:29.0513 4436 IPBusEnum - ok
17:51:29.0535 4436 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:51:29.0561 4436 IpFilterDriver - ok
17:51:29.0600 4436 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:51:29.0656 4436 iphlpsvc - ok
17:51:29.0685 4436 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:51:29.0727 4436 IPMIDRV - ok
17:51:29.0747 4436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:51:29.0807 4436 IPNAT - ok
17:51:29.0870 4436 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:51:29.0900 4436 iPod Service - ok
17:51:29.0913 4436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:51:29.0924 4436 IRENUM - ok
17:51:29.0942 4436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:51:29.0949 4436 isapnp - ok
17:51:29.0998 4436 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:51:30.0022 4436 iScsiPrt - ok
17:51:30.0038 4436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:51:30.0047 4436 kbdclass - ok
17:51:30.0064 4436 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:51:30.0075 4436 kbdhid - ok
17:51:30.0087 4436 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:51:30.0097 4436 KeyIso - ok
17:51:30.0145 4436 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:51:30.0163 4436 KSecDD - ok
17:51:30.0190 4436 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:51:30.0212 4436 KSecPkg - ok
17:51:30.0251 4436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:51:30.0337 4436 ksthunk - ok
17:51:30.0442 4436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:51:30.0527 4436 KtmRm - ok
17:51:30.0571 4436 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:51:30.0645 4436 LanmanServer - ok
17:51:30.0674 4436 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:51:30.0754 4436 LanmanWorkstation - ok
17:51:30.0762 4436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:51:30.0812 4436 lltdio - ok
17:51:30.0841 4436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:51:30.0871 4436 lltdsvc - ok
17:51:30.0875 4436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:51:30.0902 4436 lmhosts - ok
17:51:30.0923 4436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:51:30.0932 4436 LSI_FC - ok
17:51:30.0951 4436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:51:30.0959 4436 LSI_SAS - ok
17:51:30.0991 4436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:51:30.0999 4436 LSI_SAS2 - ok
17:51:31.0036 4436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:51:31.0044 4436 LSI_SCSI - ok
17:51:31.0090 4436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:51:31.0178 4436 luafv - ok
17:51:31.0234 4436 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:51:31.0251 4436 MBAMProtector - ok
17:51:31.0364 4436 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:51:31.0386 4436 MBAMScheduler - ok
17:51:31.0439 4436 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:51:31.0472 4436 MBAMService - ok
17:51:31.0506 4436 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:51:31.0530 4436 Mcx2Svc - ok
17:51:31.0580 4436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:51:31.0598 4436 megasas - ok
17:51:31.0633 4436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:51:31.0652 4436 MegaSR - ok
17:51:31.0676 4436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:51:31.0743 4436 MMCSS - ok
17:51:31.0757 4436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:51:31.0796 4436 Modem - ok
17:51:31.0815 4436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:51:31.0866 4436 monitor - ok
17:51:31.0886 4436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:51:31.0895 4436 mouclass - ok
17:51:31.0902 4436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:51:31.0935 4436 mouhid - ok
17:51:31.0956 4436 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:51:31.0966 4436 mountmgr - ok
17:51:31.0971 4436 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:51:31.0982 4436 mpio - ok
17:51:31.0988 4436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:51:32.0014 4436 mpsdrv - ok
17:51:32.0124 4436 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:51:32.0181 4436 MpsSvc - ok
17:51:32.0197 4436 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:51:32.0227 4436 MRxDAV - ok
17:51:32.0248 4436 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:51:32.0268 4436 mrxsmb - ok
17:51:32.0279 4436 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:51:32.0289 4436 mrxsmb10 - ok
17:51:32.0309 4436 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:51:32.0317 4436 mrxsmb20 - ok
17:51:32.0332 4436 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:51:32.0339 4436 msahci - ok
17:51:32.0343 4436 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:51:32.0352 4436 msdsm - ok
17:51:32.0370 4436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:51:32.0380 4436 MSDTC - ok
17:51:32.0410 4436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:51:32.0436 4436 Msfs - ok
17:51:32.0468 4436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:51:32.0495 4436 mshidkmdf - ok
17:51:32.0503 4436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:51:32.0511 4436 msisadrv - ok
17:51:32.0536 4436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:51:32.0621 4436 MSiSCSI - ok
17:51:32.0625 4436 msiserver - ok
17:51:32.0653 4436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:51:32.0681 4436 MSKSSRV - ok
17:51:32.0686 4436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:51:32.0739 4436 MSPCLOCK - ok
17:51:32.0755 4436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:51:32.0796 4436 MSPQM - ok
17:51:32.0829 4436 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:51:32.0841 4436 MsRPC - ok
17:51:32.0857 4436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:51:32.0864 4436 mssmbios - ok
17:51:32.0868 4436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:51:32.0915 4436 MSTEE - ok
17:51:32.0946 4436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:51:32.0954 4436 MTConfig - ok
17:51:32.0967 4436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:51:32.0975 4436 Mup - ok
17:51:33.0002 4436 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:51:33.0061 4436 napagent - ok
17:51:33.0113 4436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:51:33.0172 4436 NativeWifiP - ok
17:51:33.0295 4436 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:51:33.0336 4436 NDIS - ok
17:51:33.0349 4436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:51:33.0381 4436 NdisCap - ok
17:51:33.0385 4436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:51:33.0412 4436 NdisTapi - ok
17:51:33.0425 4436 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:51:33.0467 4436 Ndisuio - ok
17:51:33.0491 4436 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:51:33.0540 4436 NdisWan - ok
17:51:33.0562 4436 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:51:33.0587 4436 NDProxy - ok
17:51:33.0617 4436 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
17:51:33.0678 4436 Netaapl - ok
17:51:33.0689 4436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:51:33.0753 4436 NetBIOS - ok
17:51:33.0775 4436 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:51:33.0802 4436 NetBT - ok
17:51:33.0810 4436 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:51:33.0818 4436 Netlogon - ok
17:51:33.0877 4436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:51:33.0925 4436 Netman - ok
17:51:33.0993 4436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:51:34.0013 4436 NetMsmqActivator - ok
17:51:34.0042 4436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:51:34.0052 4436 NetPipeActivator - ok
17:51:34.0119 4436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:51:34.0190 4436 netprofm - ok
17:51:34.0208 4436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:51:34.0216 4436 NetTcpActivator - ok
17:51:34.0226 4436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:51:34.0233 4436 NetTcpPortSharing - ok
17:51:34.0249 4436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:51:34.0256 4436 nfrd960 - ok
17:51:34.0280 4436 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:51:34.0291 4436 NlaSvc - ok
17:51:34.0310 4436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:51:34.0336 4436 Npfs - ok
17:51:34.0347 4436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:51:34.0373 4436 nsi - ok
17:51:34.0381 4436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:51:34.0453 4436 nsiproxy - ok
17:51:34.0590 4436 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:51:34.0633 4436 Ntfs - ok
17:51:34.0657 4436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:51:34.0685 4436 Null - ok
17:51:34.0732 4436 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
17:51:34.0786 4436 NVENETFD - ok
17:51:34.0815 4436 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:51:34.0824 4436 nvraid - ok
17:51:34.0847 4436 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:51:34.0856 4436 nvstor - ok
17:51:34.0873 4436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:51:34.0882 4436 nv_agp - ok
17:51:34.0894 4436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:51:34.0902 4436 ohci1394 - ok
17:51:35.0013 4436 [ 23E03977052162A348ADD43621C2CAB4 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
17:51:35.0020 4436 OverwolfUpdaterService - ok
17:51:35.0048 4436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:51:35.0104 4436 p2pimsvc - ok
17:51:35.0123 4436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:51:35.0135 4436 p2psvc - ok
17:51:35.0146 4436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:51:35.0155 4436 Parport - ok
17:51:35.0176 4436 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:51:35.0184 4436 partmgr - ok
17:51:35.0203 4436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:51:35.0251 4436 PcaSvc - ok
17:51:35.0283 4436 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:51:35.0308 4436 pci - ok
17:51:35.0325 4436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:51:35.0334 4436 pciide - ok
17:51:35.0375 4436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:51:35.0400 4436 pcmcia - ok
17:51:35.0420 4436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:51:35.0428 4436 pcw - ok
17:51:35.0499 4436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:51:35.0570 4436 PEAUTH - ok
17:51:35.0676 4436 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:51:35.0746 4436 PeerDistSvc - ok
17:51:35.0858 4436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:51:35.0911 4436 PerfHost - ok
17:51:35.0967 4436 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:51:36.0016 4436 pla - ok
17:51:36.0038 4436 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:51:36.0082 4436 PlugPlay - ok
17:51:36.0085 4436 PnkBstrA - ok
17:51:36.0092 4436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:51:36.0133 4436 PNRPAutoReg - ok
17:51:36.0173 4436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:51:36.0188 4436 PNRPsvc - ok
17:51:36.0226 4436 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:51:36.0317 4436 PolicyAgent - ok
17:51:36.0347 4436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:51:36.0398 4436 Power - ok
17:51:36.0440 4436 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:51:36.0499 4436 PptpMiniport - ok
17:51:36.0542 4436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:51:36.0583 4436 Processor - ok
17:51:36.0616 4436 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:51:36.0682 4436 ProfSvc - ok
17:51:36.0700 4436 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:51:36.0721 4436 ProtectedStorage - ok
17:51:36.0732 4436 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:51:36.0784 4436 Psched - ok
17:51:36.0912 4436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:51:36.0944 4436 ql2300 - ok
17:51:36.0962 4436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:51:36.0971 4436 ql40xx - ok
17:51:36.0988 4436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:51:37.0003 4436 QWAVE - ok
17:51:37.0009 4436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:51:37.0021 4436 QWAVEdrv - ok
17:51:37.0029 4436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:51:37.0055 4436 RasAcd - ok
17:51:37.0073 4436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:51:37.0100 4436 RasAgileVpn - ok
17:51:37.0114 4436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:51:37.0142 4436 RasAuto - ok
17:51:37.0151 4436 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:51:37.0190 4436 Rasl2tp - ok
17:51:37.0212 4436 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:51:37.0242 4436 RasMan - ok
17:51:37.0250 4436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:51:37.0277 4436 RasPppoe - ok
17:51:37.0285 4436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:51:37.0312 4436 RasSstp - ok
17:51:37.0326 4436 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:51:37.0373 4436 rdbss - ok
17:51:37.0390 4436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:51:37.0400 4436 rdpbus - ok
17:51:37.0406 4436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:51:37.0433 4436 RDPCDD - ok
17:51:37.0453 4436 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:51:37.0473 4436 RDPDR - ok
17:51:37.0485 4436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:51:37.0511 4436 RDPENCDD - ok
17:51:37.0523 4436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:51:37.0574 4436 RDPREFMP - ok
17:51:37.0624 4436 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:51:37.0691 4436 RdpVideoMiniport - ok
17:51:37.0710 4436 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:51:37.0735 4436 RDPWD - ok
17:51:37.0753 4436 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:51:37.0765 4436 rdyboost - ok
17:51:37.0779 4436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:51:37.0826 4436 RemoteAccess - ok
17:51:37.0850 4436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:51:37.0878 4436 RemoteRegistry - ok
17:51:37.0892 4436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:51:37.0919 4436 RpcEptMapper - ok
17:51:37.0938 4436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:51:37.0947 4436 RpcLocator - ok
17:51:37.0963 4436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
17:51:37.0994 4436 RpcSs - ok
17:51:38.0003 4436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:51:38.0029 4436 rspndr - ok
17:51:38.0054 4436 [ A2DD7CBB1F86F4540DDDE7352CA36666 ] rzdaendpt C:\Windows\system32\DRIVERS\rzdaendpt.sys
17:51:38.0067 4436 rzdaendpt - ok
17:51:38.0080 4436 [ EB37B46FDCAF4128038FCE58CB63C22D ] rzendpt C:\Windows\system32\DRIVERS\rzendpt.sys
17:51:38.0088 4436 rzendpt - ok
17:51:38.0136 4436 [ C5E1A5C17FA2CC83C2BB2167B0895100 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
17:51:38.0164 4436 rzudd - ok
17:51:38.0171 4436 [ D3EEBB51A9E16B27CA79D06F6BC678D5 ] rzvkeyboard C:\Windows\system32\DRIVERS\rzvkeyboard.sys
17:51:38.0203 4436 rzvkeyboard - ok
17:51:38.0222 4436 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:51:38.0249 4436 s3cap - ok
17:51:38.0266 4436 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:51:38.0275 4436 SamSs - ok
17:51:38.0295 4436 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:51:38.0305 4436 sbp2port - ok
17:51:38.0319 4436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:51:38.0351 4436 SCardSvr - ok
17:51:38.0387 4436 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:51:38.0395 4436 SCDEmu - ok
17:51:38.0403 4436 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:51:38.0447 4436 scfilter - ok
17:51:38.0483 4436 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:51:38.0518 4436 Schedule - ok
17:51:38.0540 4436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:51:38.0565 4436 SCPolicySvc - ok
17:51:38.0578 4436 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:51:38.0596 4436 SDRSVC - ok
17:51:38.0607 4436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:51:38.0647 4436 secdrv - ok
17:51:38.0670 4436 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:51:38.0696 4436 seclogon - ok
17:51:38.0717 4436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:51:38.0784 4436 SENS - ok
17:51:38.0789 4436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:51:38.0819 4436 SensrSvc - ok
17:51:38.0822 4436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:51:38.0830 4436 Serenum - ok
17:51:38.0840 4436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:51:38.0872 4436 Serial - ok
17:51:38.0891 4436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:51:38.0918 4436 sermouse - ok
17:51:38.0942 4436 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:51:39.0011 4436 SessionEnv - ok
17:51:39.0034 4436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:51:39.0044 4436 sffdisk - ok
17:51:39.0048 4436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:51:39.0072 4436 sffp_mmc - ok
17:51:39.0090 4436 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:51:39.0115 4436 sffp_sd - ok
17:51:39.0131 4436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:51:39.0139 4436 sfloppy - ok
17:51:39.0159 4436 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:51:39.0190 4436 SharedAccess - ok
17:51:39.0208 4436 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:51:39.0237 4436 ShellHWDetection - ok
17:51:39.0249 4436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:51:39.0256 4436 SiSRaid2 - ok
17:51:39.0265 4436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:51:39.0273 4436 SiSRaid4 - ok
17:51:39.0297 4436 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:51:39.0305 4436 SkypeUpdate - ok
17:51:39.0320 4436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:51:39.0347 4436 Smb - ok
17:51:39.0361 4436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:51:39.0407 4436 SNMPTRAP - ok
17:51:39.0414 4436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:51:39.0426 4436 spldr - ok
17:51:39.0463 4436 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:51:39.0479 4436 Spooler - ok
17:51:39.0533 4436 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:51:39.0592 4436 sppsvc - ok
17:51:39.0599 4436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:51:39.0627 4436 sppuinotify - ok
17:51:39.0679 4436 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
17:51:39.0714 4436 sptd - ok
17:51:39.0739 4436 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:51:39.0765 4436 srv - ok
17:51:39.0782 4436 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:51:39.0812 4436 srv2 - ok
17:51:39.0837 4436 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:51:39.0848 4436 srvnet - ok
17:51:39.0861 4436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:51:39.0891 4436 SSDPSRV - ok
17:51:39.0936 4436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:51:39.0999 4436 SstpSvc - ok
17:51:40.0030 4436 Steam Client Service - ok
17:51:40.0055 4436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:51:40.0076 4436 stexstor - ok
17:51:40.0138 4436 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:51:40.0205 4436 stisvc - ok
17:51:40.0235 4436 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:51:40.0250 4436 storflt - ok
17:51:40.0272 4436 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:51:40.0281 4436 storvsc - ok
17:51:40.0301 4436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:51:40.0309 4436 swenum - ok
17:51:40.0491 4436 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:51:40.0550 4436 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:51:40.0550 4436 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:51:40.0587 4436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:51:40.0674 4436 swprv - ok
17:51:40.0699 4436 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
17:51:40.0708 4436 Synth3dVsc - ok
17:51:40.0803 4436 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:51:40.0857 4436 SysMain - ok
17:51:40.0881 4436 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:51:40.0895 4436 TabletInputService - ok
17:51:40.0928 4436 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
17:51:40.0979 4436 tap0901t ( UnsignedFile.Multi.Generic ) - warning
17:51:40.0979 4436 tap0901t - detected UnsignedFile.Multi.Generic (1)
17:51:40.0999 4436 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:51:41.0039 4436 TapiSrv - ok
17:51:41.0052 4436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:51:41.0083 4436 TBS - ok
17:51:41.0224 4436 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:51:41.0273 4436 Tcpip - ok
17:51:41.0424 4436 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:51:41.0463 4436 TCPIP6 - ok
17:51:41.0480 4436 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:51:41.0487 4436 tcpipreg - ok
17:51:41.0506 4436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:51:41.0577 4436 TDPIPE - ok
17:51:41.0601 4436 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:51:41.0642 4436 TDTCP - ok
17:51:41.0664 4436 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:51:41.0713 4436 tdx - ok
17:51:41.0723 4436 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:51:41.0732 4436 TermDD - ok
17:51:41.0753 4436 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
17:51:41.0796 4436 terminpt - ok
17:51:41.0816 4436 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:51:41.0855 4436 TermService - ok
17:51:41.0869 4436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:51:41.0882 4436 Themes - ok
17:51:41.0896 4436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:51:41.0923 4436 THREADORDER - ok
17:51:41.0947 4436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:51:42.0031 4436 TrkWks - ok
17:51:42.0086 4436 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:51:42.0125 4436 TrustedInstaller - ok
17:51:42.0134 4436 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:51:42.0182 4436 tssecsrv - ok
17:51:42.0198 4436 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:51:42.0214 4436 TsUsbFlt - ok
17:51:42.0227 4436 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:51:42.0235 4436 TsUsbGD - ok
17:51:42.0247 4436 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
17:51:42.0255 4436 tsusbhub - ok
17:51:42.0264 4436 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:51:42.0312 4436 tunnel - ok
17:51:42.0442 4436 [ 2FD0FE0A0C721C8E47C5A3AE16E519B1 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
17:51:42.0479 4436 TunngleService - ok
17:51:42.0490 4436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:51:42.0499 4436 uagp35 - ok
17:51:42.0527 4436 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:51:42.0581 4436 udfs - ok
17:51:42.0615 4436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:51:42.0650 4436 UI0Detect - ok
17:51:42.0669 4436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:51:42.0677 4436 uliagpkx - ok
17:51:42.0688 4436 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:51:42.0736 4436 umbus - ok
17:51:42.0756 4436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:51:42.0788 4436 UmPass - ok
17:51:42.0834 4436 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:51:42.0881 4436 UmRdpService - ok
17:51:42.0913 4436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:51:42.0984 4436 upnphost - ok
17:51:43.0010 4436 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:51:43.0057 4436 USBAAPL64 - ok
17:51:43.0095 4436 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:51:43.0123 4436 usbaudio - ok
17:51:43.0163 4436 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:51:43.0195 4436 usbccgp - ok
17:51:43.0210 4436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:51:43.0226 4436 usbcir - ok
17:51:43.0314 4436 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:51:43.0330 4436 usbehci - ok
17:51:43.0351 4436 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:51:43.0361 4436 usbhub - ok
17:51:43.0479 4436 [ F9B3054339A71F16430F6585EBC8BE96 ] USBMULCD C:\Windows\system32\drivers\CM10664.sys
17:51:43.0526 4436 USBMULCD - ok
17:51:43.0539 4436 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:51:43.0574 4436 usbohci - ok
17:51:43.0598 4436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:51:43.0641 4436 usbprint - ok
17:51:43.0664 4436 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:51:43.0718 4436 USBSTOR - ok
17:51:43.0731 4436 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:51:43.0765 4436 usbuhci - ok
17:51:43.0769 4436 UserAccess7 - ok
17:51:43.0792 4436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:51:43.0859 4436 UxSms - ok
17:51:43.0888 4436 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:51:43.0896 4436 VaultSvc - ok
17:51:43.0969 4436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:51:43.0977 4436 vdrvroot - ok
17:51:44.0120 4436 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:51:44.0171 4436 vds - ok
17:51:44.0192 4436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:51:44.0202 4436 vga - ok
17:51:44.0216 4436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:51:44.0269 4436 VgaSave - ok
17:51:44.0271 4436 VGPU - ok
17:51:44.0296 4436 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:51:44.0305 4436 vhdmp - ok
17:51:44.0322 4436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:51:44.0330 4436 viaide - ok
17:51:44.0378 4436 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:51:44.0401 4436 vmbus - ok
17:51:44.0491 4436 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:51:44.0543 4436 VMBusHID - ok
17:51:44.0563 4436 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:51:44.0575 4436 volmgr - ok
17:51:44.0587 4436 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:51:44.0598 4436 volmgrx - ok
17:51:44.0614 4436 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:51:44.0624 4436 volsnap - ok
17:51:44.0653 4436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:51:44.0662 4436 vsmraid - ok
17:51:44.0851 4436 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:51:44.0962 4436 VSS - ok
17:51:44.0998 4436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:51:45.0023 4436 vwifibus - ok
17:51:45.0194 4436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:51:45.0244 4436 W32Time - ok
17:51:45.0273 4436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:51:45.0304 4436 WacomPen - ok
17:51:45.0329 4436 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:51:45.0403 4436 WANARP - ok
17:51:45.0415 4436 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:51:45.0440 4436 Wanarpv6 - ok
17:51:45.0770 4436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:51:45.0801 4436 WatAdminSvc - ok
17:51:45.0872 4436 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:51:45.0935 4436 wbengine - ok
17:51:45.0945 4436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:51:45.0960 4436 WbioSrvc - ok
17:51:45.0974 4436 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:51:46.0010 4436 wcncsvc - ok
17:51:46.0031 4436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:51:46.0049 4436 WcsPlugInService - ok
17:51:46.0059 4436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:51:46.0066 4436 Wd - ok
17:51:46.0140 4436 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:51:46.0158 4436 Wdf01000 - ok
17:51:46.0181 4436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:51:46.0240 4436 WdiServiceHost - ok
17:51:46.0243 4436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:51:46.0257 4436 WdiSystemHost - ok
17:51:46.0273 4436 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:51:46.0306 4436 WebClient - ok
17:51:46.0331 4436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:51:46.0361 4436 Wecsvc - ok
17:51:46.0375 4436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:51:46.0403 4436 wercplsupport - ok
17:51:46.0414 4436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:51:46.0442 4436 WerSvc - ok
17:51:46.0458 4436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:51:46.0484 4436 WfpLwf - ok
17:51:46.0513 4436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:51:46.0520 4436 WIMMount - ok
17:51:46.0532 4436 WinDefend - ok
17:51:46.0537 4436 WinHttpAutoProxySvc - ok
17:51:46.0595 4436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:51:46.0642 4436 Winmgmt - ok
17:51:46.0748 4436 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:51:46.0811 4436 WinRM - ok
17:51:46.0833 4436 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:51:46.0843 4436 WinUsb - ok
17:51:46.0899 4436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:51:46.0976 4436 Wlansvc - ok
17:51:47.0288 4436 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:51:47.0329 4436 wlidsvc - ok
17:51:47.0349 4436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:51:47.0391 4436 WmiAcpi - ok
17:51:47.0421 4436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:51:47.0456 4436 wmiApSrv - ok
17:51:47.0477 4436 WMPNetworkSvc - ok
17:51:47.0492 4436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:51:47.0516 4436 WPCSvc - ok
17:51:47.0525 4436 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:51:47.0542 4436 WPDBusEnum - ok
17:51:47.0553 4436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:51:47.0579 4436 ws2ifsl - ok
17:51:47.0586 4436 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:51:47.0627 4436 wscsvc - ok
17:51:47.0630 4436 WSearch - ok
17:51:47.0706 4436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:51:47.0756 4436 wuauserv - ok
17:51:47.0811 4436 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:51:47.0845 4436 WudfPf - ok
17:51:47.0870 4436 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:51:47.0908 4436 WUDFRd - ok
17:51:47.0969 4436 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:51:48.0012 4436 wudfsvc - ok
17:51:48.0029 4436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:51:48.0088 4436 WwanSvc - ok
17:51:48.0178 4436 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
17:51:48.0198 4436 xnacc - ok
17:51:48.0204 4436 ================ Scan global ===============================
17:51:48.0230 4436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:51:48.0277 4436 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:51:48.0285 4436 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:51:48.0293 4436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:51:48.0304 4436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:51:48.0308 4436 [Global] - ok
17:51:48.0308 4436 ================ Scan MBR ==================================
17:51:48.0316 4436 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:51:50.0017 4436 \Device\Harddisk0\DR0 - ok
17:51:50.0018 4436 ================ Scan VBR ==================================
17:51:50.0031 4436 [ 03A8FB0CFAC06DE4282841822A029FD0 ] \Device\Harddisk0\DR0\Partition1
17:51:50.0059 4436 \Device\Harddisk0\DR0\Partition1 - ok
17:51:50.0075 4436 [ 626C77A0A0117D885F24162A87A11429 ] \Device\Harddisk0\DR0\Partition2
17:51:50.0099 4436 \Device\Harddisk0\DR0\Partition2 - ok
17:51:50.0100 4436 ============================================================
17:51:50.0100 4436 Scan finished
17:51:50.0100 4436 ============================================================
17:51:50.0116 4408 Detected object count: 2
17:51:50.0116 4408 Actual detected object count: 2
17:52:19.0533 4408 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:19.0533 4408 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:19.0534 4408 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
17:52:19.0534 4408 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:52:36.0099 4956 Deinitialize success


Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.22.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ben :: BEN-PC [administrator]

Protection: Disabled

22/01/2013 17:57:25
mbam-log-2013-01-22 (17-57-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232542
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/01/2013 18:17:12

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/01/2013 18:16:41
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 22/01/2013 18:15:21
Type: Error Category: 0
Event: 4103 Source: Microsoft-Windows-Winlogon
Windows license activation failed. Error 0x80070005.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/01/2013 18:15:21
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Could you run Combofix one more time and post the log? There were two user.dll files that looked suspicious. I'm hoping that sfc was able to fix them for us but I want to make sure.

Also let's do



Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#9
btaylor89

btaylor89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
first

ComboFix 13-01-23.01 - Ben 23/01/2013 14:38:06.2.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8190.5838 [GMT 0:00]
Running from: c:\users\Ben\Desktop\Virus removal\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ben\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 15:00 . 2013-01-23 15:00 -------- d-----w- c:\users\Mcx1-BEN-PC\AppData\Local\temp
2013-01-23 15:00 . 2013-01-23 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 11:28 . 2013-01-22 11:28 -------- d-----w- c:\users\Ben\AppData\Local\Systweak
2013-01-22 11:28 . 2013-01-22 11:28 -------- d-----w- c:\users\Ben\AppData\Roaming\Systweak
2013-01-22 11:26 . 2013-01-22 11:26 -------- d-----w- c:\programdata\Systweak
2013-01-22 11:23 . 2013-01-22 11:23 -------- d-----w- C:\_OTL
2013-01-22 11:19 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{948BD58C-36AB-437D-A785-D3937C2EAEAE}\mpengine.dll
2013-01-21 11:50 . 2012-12-10 10:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2013-01-21 11:50 . 2012-12-10 10:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2013-01-21 11:50 . 2009-07-23 17:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll
2013-01-21 11:50 . 2009-07-23 17:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2013-01-19 17:54 . 2013-01-19 17:54 -------- d-----w- c:\users\Ben\AppData\Local\Programs
2013-01-19 17:53 . 2013-01-19 17:53 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2013-01-19 17:53 . 2013-01-19 17:53 -------- d-----w- c:\programdata\Malwarebytes
2013-01-19 15:15 . 2013-01-21 19:48 -------- d-----w- c:\users\Ben\AppData\Roaming\.Torrent Stream
2013-01-19 15:15 . 2013-01-19 15:16 -------- d-----w- c:\users\Ben\AppData\Roaming\TorrentStream
2013-01-13 18:58 . 2013-01-23 00:12 -------- d-----w- c:\users\Ben\AppData\Local\Purplizer
2013-01-09 08:47 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-07 19:05 . 2013-01-07 19:05 -------- d-----w- c:\program files (x86)\Common Files\Overwolf
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:56 . 2012-12-08 11:52 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 00:18 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 00:18 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:18 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 08:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-11 23:53 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-11 23:53 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-11 23:53 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-11 23:53 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-11 23:53 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-11 23:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-11 23:53 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-11 23:53 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-11 23:53 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-11 23:53 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-11 23:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-11 23:53 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-11 23:53 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-11 23:53 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-11 23:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-11 23:53 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-11 23:53 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-11 23:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-11 23:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-11 23:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-11 23:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-11 23:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-11 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-11 22:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-11 22:16 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-11 22:16 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-28 15:56 . 2012-10-28 15:56 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-28 15:56 . 2012-10-28 15:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-28 15:56 . 2012-10-28 15:56 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{504B410B-2B08-98AE-E2D8-55FEFDF8D59D}]
2012-11-11 20:55 129024 ----a-w- c:\programdata\Vaudix\50a010bf072b3.ocx
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2013-01-02 35256]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-07-07 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-08-09 316840]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-12-31 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2013-01-02 18360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 rzdaendpt;%rzdaendpt.SvcDesc%;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-07-31 26112]
R3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-07-31 21504]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-07-31 105984]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-07-31 22528]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-01 1307648]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-21 1255736]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-22 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3881410413-1527467530-2302416625-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 14:29]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3881410413-1527467530-2302416625-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 14:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-09 8151040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-RegClean Pro_is1 - c:\program files (x86)\RegClean Pro\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\UAService7.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-01-23 15:06:53 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-23 15:06
.
Pre-Run: 322,997,100,544 bytes free
Post-Run: 323,019,636,736 bytes free
.
- - End Of File - - 6C1E5BE8D9BD378943CA0348DF38D417

second

OTL logfile created on: 22/01/2013 20:40:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ben\Desktop\Virus removal
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.86 Gb Available Physical Memory | 73.32% Memory free
16.00 Gb Paging File | 13.10 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 301.84 Gb Free Space | 32.41% Space Free | Partition Type: NTFS
Drive E: | 3.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/21 11:59:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\Virus removal\OTL.exe
PRC - [2013/01/02 12:31:00 | 000,142,776 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Purplizer.exe
PRC - [2013/01/02 12:30:54 | 000,035,256 | ---- | M] (Overwolf) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/20 17:52:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/19 14:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\VaudiX\VaudiX.exe
PRC - [2012/08/09 22:43:02 | 000,316,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/07/17 10:36:10 | 000,143,360 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWOW64\UAService7.exe
PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/04/04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/22 09:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/22 17:44:10 | 000,112,318 | ---- | M] () -- C:\Users\Ben\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
MOD - [2013/01/10 12:07:08 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2024a7339aa5ad2712d239d454d3c355\System.Management.ni.dll
MOD - [2013/01/10 12:05:24 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/10 12:05:24 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll
MOD - [2013/01/10 12:05:23 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 12:05:22 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\84068bac0b3859c94652214e0b90dfc6\System.Xml.Linq.ni.dll
MOD - [2013/01/10 12:04:59 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/01/10 12:03:59 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\1149dca3c109f46c30cf25cb34873dd4\System.AddIn.ni.dll
MOD - [2013/01/10 12:03:59 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\4e9a3b9427dae6b94cb5ae1d134282ac\System.AddIn.Contract.ni.dll
MOD - [2013/01/10 12:03:34 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/09 23:48:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 23:48:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/09 23:47:55 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/09 23:47:50 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 23:47:50 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/09 23:47:50 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.Wrapper.dll
MOD - [2013/01/09 23:47:49 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll
MOD - [2013/01/09 23:47:42 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/09 23:47:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 23:47:25 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 23:47:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/01/09 23:47:22 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/09 23:47:14 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 23:47:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 23:47:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 23:47:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 23:47:01 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 09:01:49 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll
MOD - [2013/01/09 09:01:38 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll
MOD - [2013/01/09 09:01:36 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\08fca556cf3fe582233fa080cdbec8f1\System.Windows.Forms.ni.dll
MOD - [2013/01/09 09:01:33 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll
MOD - [2013/01/09 09:01:30 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/09 09:01:30 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll
MOD - [2013/01/09 09:01:28 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/09 09:01:28 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll
MOD - [2013/01/09 09:01:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7d6b122bee0977d953ee2409d74c3c25\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 09:01:27 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/09 09:01:22 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2013/01/08 00:06:22 | 000,460,392 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/08 00:06:21 | 012,459,624 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/08 00:06:19 | 004,012,648 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/08 00:05:29 | 000,598,120 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/08 00:05:28 | 000,124,520 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/08 00:05:25 | 001,553,000 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2013/01/02 12:31:10 | 000,633,784 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWServer.dll
MOD - [2013/01/02 12:31:10 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Overwolf\BrowserWindow.dll
MOD - [2013/01/02 12:31:10 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll
MOD - [2013/01/02 12:31:08 | 000,323,844 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libjabber.dll
MOD - [2013/01/02 12:31:08 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libfontconfig-1.dll
MOD - [2013/01/02 12:31:08 | 000,190,138 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libymsg.dll
MOD - [2013/01/02 12:31:08 | 000,118,712 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWService.dll
MOD - [2013/01/02 12:31:08 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libpangocairo-1.0-0.dll
MOD - [2013/01/02 12:31:08 | 000,083,896 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
MOD - [2013/01/02 12:31:08 | 000,037,304 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWInjector.dll
MOD - [2013/01/02 12:31:06 | 016,246,200 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
MOD - [2013/01/02 12:31:04 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libxml2-2.dll
MOD - [2013/01/02 12:31:04 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libpng14-14.dll
MOD - [2013/01/02 12:31:04 | 000,077,240 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorer-10615.dll
MOD - [2013/01/02 12:31:04 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Overwolf\SteamAPI.dll
MOD - [2013/01/02 12:31:02 | 000,402,360 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWAgent.dll
MOD - [2013/01/02 12:31:02 | 000,301,681 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\libmsn.dll
MOD - [2013/01/02 12:31:02 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Overwolf\CoreAudioApi.dll
MOD - [2013/01/02 12:31:00 | 000,142,776 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Purplizer.exe
MOD - [2013/01/02 12:31:00 | 000,018,706 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\ssl-nss.dll
MOD - [2013/01/02 12:30:56 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libexpat-1.dll
MOD - [2013/01/02 12:30:56 | 000,006,526 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\ssl.dll
MOD - [2013/01/02 12:30:54 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libcairo-2.dll
MOD - [2013/01/02 12:30:54 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\freetype6.dll
MOD - [2013/01/02 12:30:54 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\sqlite3.dll
MOD - [2013/01/02 12:30:54 | 000,037,304 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWLog.dll
MOD - [2013/01/02 12:30:54 | 000,016,330 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\libyahoo.dll
MOD - [2013/01/02 12:30:50 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\libgio-2.0-0.dll
MOD - [2013/01/02 12:30:50 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\zlib1.dll
MOD - [2013/01/02 12:30:50 | 000,016,371 | ---- | M] () -- C:\Program Files (x86)\Overwolf\Purplizer\Plugins\libxmpp.dll
MOD - [2012/01/04 02:50:53 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
MOD - [2011/02/16 12:38:44 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
MOD - [2010/11/21 03:24:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
MOD - [2010/11/21 03:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/21 03:24:07 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/07/14 01:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/10 21:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/02 12:30:50 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/11/15 14:55:34 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/20 17:52:00 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/17 10:36:10 | 000,143,360 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\Windows\SysWOW64\UAService7.exe -- (UserAccess7)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/23 11:28:32 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/09/22 18:55:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/31 08:22:06 | 000,026,112 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2012/07/31 08:22:04 | 000,022,528 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2012/07/31 08:22:00 | 000,105,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/07/31 08:21:58 | 000,021,504 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2012/05/14 06:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/03/26 13:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/09 09:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 03:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 03:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/12 08:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/01 10:04:54 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/07/23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 76 63 B6 80 50 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=1.0.6: C:\Users\Ben\AppData\Roaming\TorrentStream\player\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Ben\AppData\Roaming\TorrentStream\extensions\firefox\[email protected] [2013/01/19 16:03:38 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\
CHR - Extension: Vaudix = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgiboeohbaiebcfikafjkakabkahepg\1.3_0\

O1 HOSTS File: ([2013/01/22 17:44:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Vaudix Class) - {504B410B-2B08-98AE-E2D8-55FEFDF8D59D} - C:\ProgramData\Vaudix\50a010bf072b3.ocx ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BAAE1D2-A7BC-4A4C-BEE1-C13CBD6B8F41}: DhcpNameServer = 88.82.13.60 88.82.13.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA4DE073-7857-4CEE-8438-B3B5E3DB2E3B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/20 07:26:12 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk - - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 18:22:01 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Virus removal
[2013/01/22 17:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 17:56:58 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/22 17:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/22 17:48:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/22 17:44:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/01/22 17:35:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/22 17:35:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/22 17:35:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/22 17:35:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/22 17:34:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/22 11:28:55 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Systweak
[2013/01/22 11:28:41 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Systweak
[2013/01/22 11:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/01/22 11:23:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/21 11:50:45 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/01/21 11:50:45 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/01/21 11:50:45 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/01/21 11:50:45 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/01/19 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Programs
[2013/01/19 17:53:30 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Malwarebytes
[2013/01/19 17:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/19 15:15:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\.Torrent Stream
[2013/01/19 15:15:25 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Stream
[2013/01/19 15:15:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\TorrentStream
[2013/01/13 22:19:58 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\New folder
[2013/01/13 18:58:05 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Purplizer
[2013/01/09 08:48:50 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 08:48:50 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 08:48:34 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 08:48:28 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 08:48:20 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 08:48:20 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 08:48:20 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 08:48:20 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 08:48:20 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 08:48:20 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 08:48:20 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 08:48:20 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 08:48:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 08:48:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 08:48:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 08:48:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 08:48:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 08:48:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 08:48:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 08:48:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 08:48:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 08:48:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 08:48:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 08:48:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 08:48:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 08:48:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 08:48:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 08:48:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 08:48:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 08:48:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 08:48:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 08:48:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 08:48:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 08:48:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 08:48:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 08:48:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 08:47:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 08:47:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 08:47:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 08:47:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 08:47:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 08:47:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 08:47:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 08:47:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 08:47:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 08:47:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 08:47:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 08:47:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 08:47:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 08:47:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 08:47:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 08:47:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 08:47:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 08:47:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 08:47:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 08:47:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 08:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 08:47:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 08:47:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 08:47:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 08:47:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 08:47:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 08:47:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 08:47:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 08:47:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 08:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 08:47:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 08:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 08:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 08:47:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 08:47:13 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/07 19:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf
[2012/12/31 13:16:53 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\My Curse
[2012/12/31 13:16:43 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/22 19:47:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3881410413-1527467530-2302416625-1000UA.job
[2013/01/22 18:14:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/22 18:14:48 | 2146,275,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/22 17:44:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/20 16:49:18 | 000,231,981 | ---- | M] () -- C:\Users\Ben\Desktop\Rw.ini
[2013/01/19 02:01:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3881410413-1527467530-2302416625-1000Core.job
[2013/01/18 01:12:18 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 01:12:18 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 21:49:51 | 000,002,356 | ---- | M] () -- C:\Users\Ben\Desktop\Google Chrome.lnk
[2013/01/09 23:46:17 | 004,916,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 09:02:34 | 000,777,586 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 09:02:34 | 000,660,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 09:02:34 | 000,124,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 09:02:23 | 000,777,586 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/31 13:16:52 | 000,000,000 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/22 17:35:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/22 17:35:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/22 17:35:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/22 17:35:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/22 17:35:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/31 13:16:52 | 000,000,000 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/10/28 15:58:39 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/20 13:52:14 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2012/09/20 13:52:11 | 000,000,336 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2012/09/20 13:51:59 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2012/09/20 13:51:59 | 000,001,337 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012/08/15 15:56:45 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/07/17 19:15:49 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/17 09:28:05 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/07/05 20:16:09 | 000,000,043 | ---- | C] () -- C:\Users\Ben\jagex_cl_runescape_LIVE1.dat
[2012/07/05 19:24:22 | 000,000,024 | ---- | C] () -- C:\Users\Ben\jagexappletviewer.preferences
[2012/07/03 14:02:00 | 000,000,091 | ---- | C] () -- C:\Users\Ben\AppData\Local\fusioncache.dat
[2012/07/03 14:00:51 | 000,777,586 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 18:09:09 | 000,000,047 | ---- | C] () -- C:\Users\Ben\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/28 18:09:09 | 000,000,024 | ---- | C] () -- C:\Users\Ben\random.dat
[2012/06/24 19:04:34 | 000,000,042 | ---- | C] () -- C:\Users\Ben\jagex_cl_runescape_LIVE.dat
[2012/06/23 00:34:07 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/23 00:34:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/22 13:05:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/06/21 19:33:54 | 000,007,602 | ---- | C] () -- C:\Users\Ben\AppData\Local\resmon.resmoncfg
[2012/06/16 00:17:24 | 000,042,432 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/06 01:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/06 01:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST310003 33AS SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 105906176
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/07/05 13:18:37 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.techniclauncher
[2013/01/21 19:48:54 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.Torrent Stream
[2012/11/21 09:15:51 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Adobe
[2012/06/23 01:28:26 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Apple Computer
[2012/06/22 13:05:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ATI
[2012/07/01 14:28:13 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Bioshock
[2012/10/25 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\CasinoOnNet
[2012/08/30 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\CorsixTH
[2012/09/22 18:56:51 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\DAEMON Tools Lite
[2012/10/26 22:08:08 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\dvdcss
[2012/12/23 19:29:54 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\fltk.org
[2012/09/25 12:02:07 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Hackety Hack
[2012/07/31 12:04:09 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Ideazon
[2012/06/21 19:10:12 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Identities
[2013/01/18 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ImgBurn
[2012/07/01 13:55:17 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\InstallShield
[2012/07/17 09:34:21 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Leadertech
[2012/06/30 23:26:41 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\LolClient
[2012/06/22 17:26:20 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\LolClient2
[2012/06/22 14:30:11 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Macromedia
[2013/01/19 17:53:30 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Malwarebytes
[2010/11/21 07:16:46 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Media Center Programs
[2012/10/28 15:54:15 | 000,000,000 | --SD | M] -- C:\Users\Ben\AppData\Roaming\Microsoft
[2012/07/03 14:15:25 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Mozilla
[2012/07/17 10:36:11 | 000,000,000 | RH-D | M] -- C:\Users\Ben\AppData\Roaming\SecuROM
[2012/07/04 23:47:32 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Skype
[2012/10/04 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\SPORE
[2012/10/28 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\StreamTorrent
[2012/12/03 13:40:58 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\SystemRequirementsLab
[2013/01/22 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Systweak
[2013/01/19 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\TorrentStream
[2012/08/14 18:43:09 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\TS3Client
[2012/07/22 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ts3overlay
[2012/11/27 20:54:46 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Tunngle
[2013/01/19 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\uTorrent
[2013/01/19 15:21:52 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\vlc
[2012/10/19 16:15:37 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Wanted - Weapons of Fate
[2012/06/22 19:12:14 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\WinRAR
[2012/09/17 23:53:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\X-Chat 2
[2012/12/30 18:45:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\XBMC
[2012/06/26 23:03:33 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Xfire

< MD5 for: ATAPI.SYS >
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 01:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/14 01:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 03:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 03:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/21 03:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
[2010/11/21 03:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/21 03:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/21 03:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
[2010/11/21 03:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/21 03:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 01:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/14 01:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/14 01:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/14 01:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2012/01/13 07:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 07:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/21 03:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 16:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/21 03:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 17:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 17:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2012/10/03 17:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 01:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/14 01:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/14 01:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/14 01:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 01:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/14 01:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/21 03:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 03:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 03:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 03:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 01:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/14 01:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/14 01:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/14 01:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 01:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 01:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 01:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/14 01:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/24 18:56:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/24 18:56:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/24 18:56:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\BEN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/06/24 18:56:59 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/06/24 18:56:59 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/06/24 18:56:59 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/21 03:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/14 01:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2010/11/21 07:06:24 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/14 01:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 21:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 21:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 21:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 21:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 21:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 21:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 21:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2010/11/21 07:06:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< End of report >


Thanks again for your help, looks like no nuke needed
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
I don't see any more malware but I am concerned about these alarms:


Log: 'Application' Date/Time: 22/01/2013 18:15:21
Type: Error Category: 0
Event: 4103 Source: Microsoft-Windows-Winlogon
Windows license activation failed. Error 0x80070005.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/01/2013 18:15:21
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.


Find the Windows Sticker on your PC and write down the license key. Then follow the instructions here:

http://windows.micro...n-this-computer

That should fix it. If not don't go any further. If it accepts your key then we can clean up:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then you should install No-Script (Firefox) or Script-No add-ons (Chrome) and only use Firefox or Chrome to visit the site. You will need to tell No-Script/Script-No that the site is allowed to run Java.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP