Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU at 100% unless task manager is open


  • This topic is locked This topic is locked
60 replies to this topic

#1 chrisd2020

chrisd2020

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 December 2012 - 06:11 PM

Hi, I have a problem with my laptop as stated in the title, this problem has been solved for someone else in this thread: http://www.bleepingcomputer.com/forums/topic476969.html, but the solution did not work for me, any help is much appreciated, thanks
Chris

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 16 December 2012 - 06:20 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 December 2012 - 06:23 PM

Thanks for the reply, it might take a minute to boot back into windows 7 to run the tools and then back into windows 8 to post the logs here (I have disabled internet in windows 7 because of the infection)

Chris

#4 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 December 2012 - 06:59 PM

I have run unhide and rebooted, but security check gives the error:

AutoIt Error

Line -1:

Error: variable must be of type "Object".

Should I run the other tools, or is there a way to fix this

Chris

#5 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 December 2012 - 07:26 PM

Here is the log from checkup.txt, which failed with the error in the last post:

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 6
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


And here is the log from OTL.txt, which ran without errors,

OTL logfile created on: 17/12/2012 00:05:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users (Windows 8)\Chris\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.90 Gb Total Physical Memory | 6.38 Gb Available Physical Memory | 80.74% Memory free
8.87 Gb Paging File | 7.32 Gb Available in Paging File | 82.44% Paging File free
Paging file location(s): d:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.38 Gb Total Space | 15.74 Gb Free Space | 26.07% Space Free | Partition Type: NTFS
Drive D: | 552.40 Gb Total Space | 39.46 Gb Free Space | 7.14% Space Free | Partition Type: NTFS
Drive E: | 50.64 Gb Total Space | 16.79 Gb Free Space | 33.16% Space Free | Partition Type: NTFS

Computer Name: CHRIS-LAPTOP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Users (Windows 8)\Chris\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
PRC - D:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\PHotkey\PHotkey.exe ()
PRC - C:\Program Files (x86)\PHotkey\GPMTray.exe ()
PRC - C:\Program Files (x86)\PHotkey\POsd.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\IUSB3MON.EXE (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PHotkey\MsgTranAgt.exe ()
PRC - C:\Program Files (x86)\PHotkey\AsLdrSrv.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (SharedReg) -- C:\Windows\SysNative\SharedReg.dll (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (vmware-view-usbd) -- C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe (VMware, Inc.)
SRV:64bit: - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- D:\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- D:\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.EXE (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe ()
SRV - (PinnacleUpdateSvc) -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ASLDRService) -- C:\Program Files (x86)\PHotkey\AsLdrSrv.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmkbd2) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RTSUSTOR.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys (Trusteer Ltd.)
DRV - (RapportCerberus_44365) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys ()
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4278298912-65852868-2904132004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-4278298912-65852868-2904132004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 C4 61 78 72 CE CD 01 [binary data]
IE - HKU\S-1-5-21-4278298912-65852868-2904132004-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4278298912-65852868-2904132004-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4278298912-65852868-2904132004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Chris\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Chris\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Program Files\CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/08/23 17:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Program Files\Firefox\components [2012/11/29 19:45:23 | 000,000,000 | ---D | M]

[2012/08/23 00:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/12/02 16:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\izxrbdet.default\extensions
[2012/11/10 23:05:09 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\izxrbdet.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/12/02 16:08:03 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\izxrbdet.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U6 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Square Enix Secure Launcher (Enabled) = C:\Users\Chris\AppData\LocalLow\Square Enix\nprun3d.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Chris\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

O1 HOSTS File: ([2012/12/13 18:38:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-4278298912-65852868-2904132004-1000..\Run: [DAEMON Tools Pro Agent] D:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4278298912-65852868-2904132004-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4278298912-65852868-2904132004-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E21459F-D80D-464B-8759-CA429C6726CC}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (wsauth) - C:\Windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/16 23:32:54 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Chris\Desktop\unhide.exe
[2012/12/16 00:52:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\mbar
[2012/12/15 01:34:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2012/12/15 01:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/15 01:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/15 01:33:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/15 01:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/15 01:17:47 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2012/12/15 01:16:30 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/15 01:16:11 | 000,752,213 | ---- | C] (Farbar) -- C:\Users\Chris\Desktop\MiniToolBox.exe
[2012/12/15 01:16:01 | 000,697,869 | ---- | C] (Farbar) -- C:\Users\Chris\Desktop\FSS.exe
[2012/12/14 10:19:46 | 001,493,872 | ---- | C] (Sysinternals - www.sysinternals.com) -- D:\Users\Chris\Documents\procexp64.exe
[2012/12/14 10:19:15 | 002,712,200 | ---- | C] (Sysinternals - www.sysinternals.com) -- D:\Users\Chris\Documents\procexp.exe
[2012/12/13 18:38:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/13 17:56:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/13 17:56:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/13 17:56:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/13 17:56:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/13 17:56:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/13 17:53:28 | 005,010,970 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/12/13 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine
[2012/12/12 20:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/12/12 20:25:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\realtemp
[2012/12/12 19:55:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 19:55:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 19:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 19:55:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 19:55:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 19:55:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 19:55:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 19:55:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 19:55:14 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 19:55:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 19:55:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 19:55:13 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 19:55:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 19:55:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 19:55:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 18:30:27 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbs_wminet_utils.dat
[2012/12/12 14:15:26 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/12 14:15:26 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/12 14:15:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/12 14:15:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/12 14:15:17 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 14:15:17 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 14:15:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 14:15:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 14:15:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 14:15:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 14:15:16 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 14:15:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 14:15:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 14:15:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 14:15:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 14:15:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 14:15:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 14:15:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 14:15:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 14:15:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 14:15:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 14:15:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 14:15:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 14:15:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 14:15:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 14:15:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 14:15:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 14:15:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 14:15:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 14:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 14:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 14:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 14:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 14:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 14:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 14:15:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 14:14:59 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 14:14:59 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 13:09:40 | 000,000,000 | ---D | C] -- D:\Users\Chris\Documents\Assassin's Creed III
[2012/12/12 11:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/12/12 11:50:58 | 094,447,448 | ---- | C] (Oracle Corporation) -- D:\Users\Chris\Documents\VirtualBox-4.2.4-81684-Win.exe
[2012/12/11 00:02:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Theta
[2012/12/10 17:50:08 | 000,000,000 | R--D | C] -- C:\Kernels
[2012/12/10 17:45:25 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbs_mscorrc.dat
[2012/12/10 17:45:25 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SharedReg.dll
[2012/12/10 17:45:25 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbs_mscorsec.dat
[2012/12/09 09:44:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\ac3 skidrow
[2012/12/09 09:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R.G. Mechanics
[2012/12/04 08:39:51 | 000,000,000 | ---D | C] -- D:\Users\Chris\Documents\Portal Co-op
[2012/12/02 14:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler
[2012/12/02 09:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2012/12/01 11:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2012/11/29 19:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/29 19:49:49 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/11/29 19:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/29 19:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/29 19:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/29 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/26 11:44:56 | 000,000,000 | ---D | C] -- C:\found.000
[2012/11/25 12:18:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\mindterm
[2012/11/24 17:59:48 | 030,489,368 | ---- | C] (Any-DVD-Converter.com ) -- D:\Users\Chris\Documents\any-dvd-converter.exe
[2012/11/24 16:16:36 | 000,000,000 | ---D | C] -- D:\Users\Chris\Documents\HD
[2012/11/22 19:07:28 | 000,000,000 | ---D | C] -- C:\boot-sav
[2012/11/22 17:34:28 | 000,000,000 | ---D | C] -- C:\NST
[2012/11/18 10:36:11 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/11/18 10:36:11 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/11/18 10:36:11 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/11/18 10:36:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/11/18 10:36:10 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/11/18 10:36:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/11/18 10:36:09 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/11/18 10:36:09 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/11/18 10:36:08 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/11/18 10:36:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/11/18 10:36:07 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/11/18 10:36:07 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/11/18 10:36:06 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/11/18 10:36:06 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/11/18 10:36:05 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/11/18 10:36:05 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/11/18 10:36:03 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/11/18 10:36:03 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/11/18 10:36:03 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/11/18 10:36:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/11/18 10:36:02 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/11/18 10:36:02 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/11/18 10:36:02 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/11/18 10:36:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/11/18 10:36:00 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012/11/18 10:36:00 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/11/18 10:36:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/11/18 10:36:00 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012/11/18 10:35:58 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012/11/18 10:35:58 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012/11/18 10:35:56 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012/11/18 10:35:56 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/11/18 10:35:55 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012/11/18 10:35:55 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/11/18 10:35:54 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/11/18 10:35:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/11/18 10:35:53 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012/11/18 10:35:53 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/11/18 10:35:52 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012/11/18 10:35:52 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012/11/18 10:35:52 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012/11/18 10:35:52 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012/11/18 10:35:50 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/11/18 10:35:50 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/11/18 10:35:49 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012/11/18 10:35:49 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/11/18 10:35:48 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012/11/18 10:35:48 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/11/18 10:35:48 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012/11/18 10:35:48 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012/11/18 10:35:47 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012/11/18 10:35:47 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/11/18 10:35:45 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012/11/18 10:35:45 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/11/18 10:35:45 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012/11/18 10:35:45 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/11/18 10:35:43 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012/11/18 10:35:43 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/11/18 10:35:42 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/11/18 10:35:42 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/11/18 10:35:42 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/11/18 10:35:42 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/11/18 10:35:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/11/18 10:35:41 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/11/18 10:35:40 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/11/18 10:35:40 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/11/18 10:35:39 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/11/18 10:35:39 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/11/18 10:35:39 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/11/18 10:35:39 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/11/18 10:35:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/11/18 10:35:38 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/11/18 10:35:37 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/11/18 10:35:37 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/11/18 10:35:35 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/11/18 10:35:34 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012/11/18 10:35:34 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012/11/18 10:35:34 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012/11/18 10:35:34 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012/11/18 10:35:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012/11/18 10:35:33 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012/11/18 10:35:33 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012/11/18 10:35:33 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012/11/18 10:35:31 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012/11/18 10:35:31 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012/11/18 10:35:31 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012/11/18 10:35:31 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012/11/18 10:35:30 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012/11/18 10:35:30 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012/11/18 10:35:29 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012/11/18 10:35:29 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012/11/18 10:35:28 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012/11/18 10:35:28 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012/11/18 10:35:27 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012/11/18 10:35:27 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012/11/18 10:35:26 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012/11/18 10:35:26 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012/11/18 10:35:26 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012/11/18 10:35:26 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012/11/18 10:35:24 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012/11/18 10:35:24 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012/11/18 10:35:23 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012/11/18 10:35:23 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012/11/18 10:35:21 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012/11/18 10:35:21 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012/11/18 10:35:21 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012/11/18 10:35:21 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012/11/18 10:35:19 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012/11/18 10:35:19 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012/11/18 10:35:18 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012/11/18 10:35:18 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012/11/18 10:35:16 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012/11/18 10:35:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012/11/18 10:35:16 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012/11/18 10:35:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012/11/18 10:35:14 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012/11/18 10:35:14 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012/11/18 10:35:13 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012/11/18 10:35:13 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012/11/18 10:35:13 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012/11/18 10:35:13 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012/11/18 10:35:12 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012/11/18 10:35:12 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012/11/18 10:35:12 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012/11/18 10:35:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012/11/18 10:35:10 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012/11/18 10:35:10 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012/11/18 10:35:09 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012/11/18 10:35:09 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/11/18 10:35:08 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012/11/18 10:35:08 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012/11/18 10:35:06 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012/11/18 10:35:06 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012/11/18 10:35:06 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012/11/18 10:35:06 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012/11/18 10:35:05 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012/11/18 10:35:05 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012/11/18 10:35:04 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012/11/18 10:35:04 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012/11/18 10:35:02 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012/11/18 10:35:02 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012/11/18 10:35:02 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012/11/18 10:35:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012/11/18 10:35:00 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/11/18 10:35:00 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/11/18 10:34:59 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012/11/18 10:34:59 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012/11/18 10:34:59 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012/11/18 10:34:59 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012/11/18 10:34:57 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/11/18 10:34:57 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012/11/18 10:34:56 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012/11/18 10:34:56 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012/11/18 10:34:55 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012/11/18 10:34:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/11/18 10:34:54 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012/11/18 10:34:54 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012/11/18 10:34:53 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012/11/18 10:34:53 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/11/18 10:34:52 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012/11/18 10:34:52 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012/11/18 10:34:43 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012/11/18 10:34:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012/11/18 10:34:41 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012/11/18 10:34:41 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012/11/18 10:34:41 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012/11/18 10:34:41 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012/11/18 10:34:40 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/11/18 10:34:40 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012/11/18 10:34:38 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012/11/18 10:34:38 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012/11/18 10:34:36 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012/11/18 10:34:36 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/11/18 10:34:35 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012/11/18 10:34:35 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012/11/18 10:34:33 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012/11/18 10:34:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012/11/18 10:34:32 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012/11/18 10:34:32 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012/11/18 10:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F1 Race Stars
[2012/11/18 10:27:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Programs
[2012/11/17 22:46:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\poclbm
[2012/11/17 11:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012/11/17 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/17 00:01:28 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 00:01:28 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 23:58:17 | 000,783,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/16 23:58:17 | 000,669,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/16 23:58:17 | 000,128,066 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/16 23:50:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/16 23:30:28 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Chris\Desktop\unhide.exe
[2012/12/16 23:21:55 | 000,856,731 | ---- | M] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2012/12/16 22:40:56 | 000,007,604 | ---- | M] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2012/12/16 10:58:47 | 000,004,184 | ---- | M] () -- C:\bootsqm.dat
[2012/12/16 00:37:56 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2012/12/16 00:33:27 | 013,485,902 | ---- | M] () -- C:\Users\Chris\Desktop\mbar-1.01.0.1011.zip
[2012/12/15 01:33:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/15 01:17:15 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2012/12/15 01:16:44 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/15 01:16:18 | 000,752,213 | ---- | M] (Farbar) -- C:\Users\Chris\Desktop\MiniToolBox.exe
[2012/12/15 01:16:06 | 000,697,869 | ---- | M] (Farbar) -- C:\Users\Chris\Desktop\FSS.exe
[2012/12/14 10:19:46 | 001,493,872 | ---- | M] (Sysinternals - www.sysinternals.com) -- D:\Users\Chris\Documents\procexp64.exe
[2012/12/13 18:38:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/13 17:53:27 | 005,010,970 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
[2012/12/13 17:44:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/13 17:40:14 | 000,545,819 | ---- | M] () -- D:\Users\Chris\Documents\adwcleaner.exe
[2012/12/13 17:27:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/13 17:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/13 17:25:28 | 000,001,249 | ---- | M] () -- C:\Users\Chris\Desktop\taskmgr.exe.lnk
[2012/12/13 17:23:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4278298912-65852868-2904132004-1000UA.job
[2012/12/13 13:09:59 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4278298912-65852868-2904132004-1000UA.job
[2012/12/13 11:23:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4278298912-65852868-2904132004-1000Core.job
[2012/12/12 20:32:15 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/12/12 20:24:52 | 000,330,853 | ---- | M] () -- D:\Users\Chris\Documents\RealTemp_370.zip
[2012/12/12 20:03:20 | 004,903,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/12 19:13:10 | 004,964,440 | ---- | M] ( ) -- D:\Users\Chris\Documents\cpu-z_1.62-setup-en.exe
[2012/12/12 11:52:23 | 000,001,104 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2012/12/12 11:52:23 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012/12/12 11:48:48 | 094,447,448 | ---- | M] (Oracle Corporation) -- D:\Users\Chris\Documents\VirtualBox-4.2.4-81684-Win.exe
[2012/12/12 11:42:00 | 000,071,127 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]pcwiz.s.vmware.leopard.image.torrent
[2012/12/12 09:06:48 | 000,000,913 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/12 00:22:03 | 000,017,632 | -HS- | M] () -- D:\Users\Chris\Documents\Folder.jpg
[2012/12/12 00:22:03 | 000,017,632 | -HS- | M] () -- D:\Users\Chris\Documents\AlbumArt_{3D592BFB-20DE-4FBF-ABE2-C09442094AF6}_Large.jpg
[2012/12/12 00:22:03 | 000,003,171 | -HS- | M] () -- D:\Users\Chris\Documents\AlbumArtSmall.jpg
[2012/12/12 00:22:03 | 000,003,171 | -HS- | M] () -- D:\Users\Chris\Documents\AlbumArt_{3D592BFB-20DE-4FBF-ABE2-C09442094AF6}_Small.jpg
[2012/12/12 00:20:16 | 000,008,916 | -HS- | M] () -- D:\Users\Chris\Documents\AlbumArt_{A695D8BF-B4CB-44F1-89E4-FF026C712A42}_Large.jpg
[2012/12/12 00:20:16 | 000,002,559 | -HS- | M] () -- D:\Users\Chris\Documents\AlbumArt_{A695D8BF-B4CB-44F1-89E4-FF026C712A42}_Small.jpg
[2012/12/10 18:17:50 | 012,083,158 | ---- | M] () -- D:\Users\Chris\Documents\51000011100000.rar
[2012/12/10 17:57:02 | 000,410,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sbs_mscorrc.dat
[2012/12/10 17:57:02 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SharedReg.dll
[2012/12/10 17:57:02 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sbs_wminet_utils.dat
[2012/12/10 17:57:02 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sbs_mscorsec.dat
[2012/12/10 17:45:25 | 000,000,008 | ---- | M] () -- C:\Windows\SysNative\sbs_diasymreader.dat
[2012/12/09 23:23:05 | 000,569,549 | ---- | M] () -- D:\Users\Chris\Documents\ffAnX.jpg
[2012/12/09 23:11:53 | 000,002,785 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]call.of.duty.black.ops.2.crack.skidrow.version.7z.torrent
[2012/12/09 23:09:57 | 000,013,798 | ---- | M] () -- D:\Users\Chris\Documents\[isoHunt] 5164756.torrent
[2012/12/09 23:08:55 | 000,013,438 | ---- | M] () -- D:\Users\Chris\Documents\[isoHunt] 2985009.torrent
[2012/12/09 23:08:07 | 000,018,502 | ---- | M] () -- D:\Users\Chris\Documents\[isoHunt] Call.of.Duty.Black.Ops.II.CRACK.ONLY-SKIDROW.torrent
[2012/12/09 09:10:15 | 000,015,641 | ---- | M] () -- D:\Users\Chris\Documents\Separable-SSS-DX10-v1.0.exe.torrent
[2012/12/08 17:29:49 | 000,040,489 | ---- | M] () -- D:\Users\Chris\Documents\[isoHunt] 2966232.torrent
[2012/12/08 17:29:18 | 000,089,237 | ---- | M] () -- D:\Users\Chris\Documents\[isoHunt] Call Of Duty Black Ops 2 Deluxe Edition-FULL UNLOCKED.torrent
[2012/12/08 17:28:32 | 000,086,768 | ---- | M] () -- D:\Users\Chris\Documents\[isoHunt] Call.Of.Duty.MegaPack-KaOs.torrent
[2012/12/08 17:26:42 | 000,617,199 | ---- | M] () -- D:\Users\Chris\Documents\[isoHunt] E46CDE8F32F147194CA736A3A7597D217D9E4A5A.torrent
[2012/12/08 17:22:13 | 000,617,329 | ---- | M] () -- D:\Users\Chris\Documents\Call.of.Duty.Black.Ops.II-SKIDROW.torrent
[2012/12/08 17:15:23 | 000,016,069 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.iii.3.repack.rip.by.rg.mechanics.updated.23.11.2012 (1).torrent
[2012/12/08 17:13:32 | 000,016,069 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.iii.3.repack.rip.by.rg.mechanics.updated.23.11.2012.torrent
[2012/12/08 17:01:33 | 000,078,860 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.p2p.torrent
[2012/12/06 21:08:07 | 000,000,634 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/12/06 21:08:07 | 000,000,634 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/12/06 21:00:34 | 004,029,720 | ---- | M] () -- D:\Users\Chris\Documents\gtacrk_SMART4U[www.smart4u.org].apk
[2012/12/06 20:49:37 | 004,041,942 | ---- | M] () -- D:\Users\Chris\Documents\GTA-VC-APK-Andropalace.net.apk
[2012/12/05 14:35:53 | 068,022,245 | ---- | M] () -- D:\Users\Chris\Documents\NVIDIA-Linux-x86_64-310.19.run
[2012/12/04 21:55:17 | 000,267,936 | ---- | M] () -- C:\ANG1
[2012/12/02 15:11:11 | 000,834,220 | ---- | M] () -- D:\Users\Chris\Documents\x360ce.App-2.0.2.163.zip
[2012/12/02 14:37:21 | 000,075,728 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]spider.man.2.ps2.pal.multi2.torrent
[2012/12/02 14:17:20 | 000,025,424 | ---- | M] () -- D:\Users\Chris\Documents\Spiderman 2.pin
[2012/12/02 10:44:56 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/02 10:44:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/02 09:17:13 | 000,070,529 | ---- | M] () -- D:\Users\Chris\Documents\reload.ZIP
[2012/12/02 08:59:09 | 011,910,711 | ---- | M] () -- D:\Users\Chris\Documents\AC3-CR-Fully-Working.zip
[2012/12/02 01:09:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4278298912-65852868-2904132004-1000Core.job
[2012/12/01 22:38:13 | 023,164,100 | ---- | M] () -- D:\Users\Chris\Documents\MSIAfterburnerSetup230.zip
[2012/12/01 21:06:59 | 000,015,562 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.update.eng.rus.repack.torrent
[2012/12/01 18:43:38 | 000,015,879 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.full.rip.joekkerr.torrent
[2012/12/01 18:27:25 | 000,001,441 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]assassin.s.creed.3.assassins.creed.iii.crack.without.uplay.works.with.all.versions.phtx.torrent
[2012/12/01 18:04:28 | 000,000,830 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.v1.01.crackonly.theta (1).torrent
[2012/12/01 17:59:58 | 000,040,001 | ---- | M] () -- D:\Users\Chris\Documents\Assassins Creed III-SKIDROW.torrent
[2012/12/01 17:54:16 | 001,919,372 | ---- | M] () -- D:\Users\Chris\Documents\AC3_uplay_crack.7z
[2012/12/01 17:23:35 | 000,020,954 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]assassin.s.creed.3.assassins.creed.iii.skidrow.crack.only.torrent
[2012/12/01 15:03:52 | 000,000,830 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.v1.01.crackonly.theta.torrent
[2012/12/01 14:31:39 | 000,017,502 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]spiderman.2.pc.torrent
[2012/11/29 18:25:47 | 000,258,827 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]star.wars.episode.iii.revenge.of.the.sith.2005.blu.ray.full.avc.dts.hd.6.1.torrent
[2012/11/28 21:01:58 | 042,601,820 | ---- | M] () -- D:\Users\Chris\Documents\Mariah Carey - 02 - All i want for christmas is you.wav
[2012/11/28 21:01:58 | 030,312,453 | ---- | M] () -- D:\Users\Chris\Documents\Mariah Carey - 02 - All i want for christmas is you.flac
[2012/11/26 21:02:45 | 000,032,780 | ---- | M] () -- D:\Users\Chris\Documents\motion.zip
[2012/11/26 12:34:45 | 000,194,937 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]quantum.of.solace.2008.1080p.bluray.x264.framestor.torrent
[2012/11/26 12:33:45 | 000,261,324 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]blu.ray.1080.multi.lang.multi.sub.007.quantum.of.solace.spg.uf.torrent
[2012/11/25 23:56:13 | 000,063,133 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]quantum.of.solace.2008.bluray.1080p.dts.x264.dxva.mkv.torrent
[2012/11/25 13:08:37 | 000,002,533 | ---- | M] () -- D:\Users\Chris\Documents\Card.java
[2012/11/24 21:53:30 | 003,444,736 | ---- | M] () -- D:\Users\Chris\Documents\HackBoot2.iso
[2012/11/24 21:53:27 | 003,444,736 | ---- | M] () -- D:\Users\Chris\Documents\HackBoot1.iso
[2012/11/24 21:17:12 | 035,192,135 | ---- | M] () -- D:\Users\Chris\Documents\pussinboots-tlr1_h1080p.mp4
[2012/11/24 18:00:30 | 030,489,368 | ---- | M] (Any-DVD-Converter.com ) -- D:\Users\Chris\Documents\any-dvd-converter.exe
[2012/11/24 01:10:42 | 259,833,488 | ---- | M] () -- D:\Users\Chris\Documents\ChromeOS-Lime-2237.0.2012_07_08_1610-rccf8f959.zip
[2012/11/24 01:06:17 | 005,658,366 | ---- | M] () -- D:\Users\Chris\Documents\win32diskimager-binary-0.6.zip
[2012/11/24 00:39:31 | 004,049,054 | ---- | M] () -- D:\Users\Chris\Documents\amiflash.zip
[2012/11/24 00:36:57 | 000,131,584 | ---- | M] () -- D:\Users\Chris\Documents\mbid14.exe
[2012/11/23 10:24:08 | 000,014,103 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]labrinth.ft.emeli.sande.beneath.your.beautiful.singles.2012.torrent
[2012/11/23 10:16:31 | 008,429,914 | ---- | M] () -- D:\Users\Chris\Documents\Stooshe - Waterfalls.mp3
[2012/11/23 10:10:46 | 053,194,355 | ---- | M] () -- D:\Users\Chris\Documents\Stooshe__Waterfalls_Remixes_2012_iTunes_Plus_AAC_M4A_EP.rar
[2012/11/23 10:02:13 | 000,013,315 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]robbie.williams.take.the.crown.2012.flac.vtwin88cube.torrent
[2012/11/22 17:46:36 | 000,271,568 | ---- | M] () -- C:\ANG0
[2012/11/22 14:41:35 | 800,063,488 | ---- | M] () -- D:\Users\Chris\Documents\ubuntu-12.10-desktop-amd64.iso
[2012/11/21 00:38:59 | 205,043,036 | ---- | M] () -- D:\Users\Chris\Documents\muse_summer_stadiums_2010_ep.zip
[2012/11/20 00:47:59 | 000,002,212 | ---- | M] () -- D:\Users\Chris\Documents\Default.rdp
[2012/11/18 17:27:13 | 006,700,577 | ---- | M] () -- D:\Users\Chris\Documents\Logo_Quiz_full_v1.5.apk
[2012/11/18 17:07:49 | 031,432,873 | ---- | M] () -- D:\Users\Chris\Documents\com.disney.WMW_v1.0.5.0.bar
[2012/11/18 17:03:23 | 009,188,474 | ---- | M] () -- D:\Users\Chris\Documents\com.gameloft.android.GAND.GloftA7HP_v1.0.100.0.bar
[2012/11/18 17:03:19 | 008,886,954 | ---- | M] () -- D:\Users\Chris\Documents\com.polarbit.RecklessRacing2_v1.0.102.0.bar
[2012/11/18 10:36:14 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/11/18 10:36:14 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/11/18 00:53:21 | 556,614,333 | ---- | M] () -- D:\Users\Chris\Documents\_2010__Immersion__FLAC_.rar
[2012/11/18 00:34:04 | 000,011,110 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]f1.race.stars.flt.2012.pc.eng.multi9.torrent
[2012/11/18 00:30:51 | 000,030,174 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]f1.race.stars.flt (1).torrent
[2012/11/18 00:28:52 | 000,030,174 | ---- | M] () -- D:\Users\Chris\Documents\[kat.ph]f1.race.stars.flt.torrent
[2012/11/17 23:56:03 | 007,156,994 | ---- | M] () -- D:\Users\Chris\Documents\rihanna-rudeboy-cln.mp3.mp3
[2012/11/17 23:51:09 | 011,034,596 | ---- | M] () -- D:\Users\Chris\Documents\01 Umbrella.mp3
[2012/11/17 23:13:20 | 007,804,014 | ---- | M] () -- D:\Users\Chris\Documents\Carly Rae Jepsen - Call Me Maybe (Instrumental Version).mp3
[2012/11/17 17:33:16 | 010,951,238 | ---- | M] () -- D:\Users\Chris\Documents\guiminer.zip
[2012/11/17 17:14:59 | 026,484,045 | ---- | M] () -- D:\Users\Chris\Documents\3DS Emulator 1.1.2.rar
[2012/11/17 17:06:35 | 000,000,470 | ---- | M] () -- D:\Users\Chris\Documents\13091-Save Converter.rar
[2012/11/17 16:43:21 | 001,226,036 | ---- | M] () -- D:\Users\Chris\Documents\31061-Wood_R4_v1.54.7z
[2012/11/17 11:36:54 | 000,004,302 | ---- | M] () -- D:\Users\Chris\Documents\EssexUni-OpenVPN.zip
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/16 10:58:47 | 000,004,184 | ---- | C] () -- C:\bootsqm.dat
[2012/12/16 00:33:19 | 013,485,902 | ---- | C] () -- C:\Users\Chris\Desktop\mbar-1.01.0.1011.zip
[2012/12/15 01:33:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/15 01:15:50 | 000,856,731 | ---- | C] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2012/12/14 10:19:15 | 000,072,154 | ---- | C] () -- D:\Users\Chris\Documents\procexp.chm
[2012/12/13 17:56:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/13 17:56:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/13 17:56:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/13 17:56:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/13 17:56:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/13 17:40:04 | 000,545,819 | ---- | C] () -- D:\Users\Chris\Documents\adwcleaner.exe
[2012/12/13 17:24:36 | 000,001,249 | ---- | C] () -- C:\Users\Chris\Desktop\taskmgr.exe.lnk
[2012/12/12 20:24:44 | 000,330,853 | ---- | C] () -- D:\Users\Chris\Documents\RealTemp_370.zip
[2012/12/12 19:12:58 | 004,964,440 | ---- | C] ( ) -- D:\Users\Chris\Documents\cpu-z_1.62-setup-en.exe
[2012/12/12 11:52:23 | 000,001,104 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2012/12/12 11:52:23 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012/12/12 11:41:59 | 000,071,127 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]pcwiz.s.vmware.leopard.image.torrent
[2012/12/12 09:06:48 | 000,000,913 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/12/12 00:22:04 | 000,017,632 | -HS- | C] () -- D:\Users\Chris\Documents\AlbumArt_{3D592BFB-20DE-4FBF-ABE2-C09442094AF6}_Large.jpg
[2012/12/12 00:22:04 | 000,003,171 | -HS- | C] () -- D:\Users\Chris\Documents\AlbumArt_{3D592BFB-20DE-4FBF-ABE2-C09442094AF6}_Small.jpg
[2012/12/12 00:20:16 | 000,008,916 | -HS- | C] () -- D:\Users\Chris\Documents\AlbumArt_{A695D8BF-B4CB-44F1-89E4-FF026C712A42}_Large.jpg
[2012/12/12 00:20:16 | 000,002,559 | -HS- | C] () -- D:\Users\Chris\Documents\AlbumArt_{A695D8BF-B4CB-44F1-89E4-FF026C712A42}_Small.jpg
[2012/12/11 11:57:57 | 000,017,632 | -HS- | C] () -- D:\Users\Chris\Documents\Folder.jpg
[2012/12/11 11:57:57 | 000,003,171 | -HS- | C] () -- D:\Users\Chris\Documents\AlbumArtSmall.jpg
[2012/12/10 18:08:37 | 012,083,158 | ---- | C] () -- D:\Users\Chris\Documents\51000011100000.rar
[2012/12/10 17:45:25 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\sbs_diasymreader.dat
[2012/12/09 23:22:59 | 000,569,549 | ---- | C] () -- D:\Users\Chris\Documents\ffAnX.jpg
[2012/12/09 23:11:53 | 000,002,785 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]call.of.duty.black.ops.2.crack.skidrow.version.7z.torrent
[2012/12/09 23:09:56 | 000,013,798 | ---- | C] () -- D:\Users\Chris\Documents\[isoHunt] 5164756.torrent
[2012/12/09 23:08:55 | 000,013,438 | ---- | C] () -- D:\Users\Chris\Documents\[isoHunt] 2985009.torrent
[2012/12/09 23:08:07 | 000,018,502 | ---- | C] () -- D:\Users\Chris\Documents\[isoHunt] Call.of.Duty.Black.Ops.II.CRACK.ONLY-SKIDROW.torrent
[2012/12/09 09:10:15 | 000,015,641 | ---- | C] () -- D:\Users\Chris\Documents\Separable-SSS-DX10-v1.0.exe.torrent
[2012/12/08 17:29:48 | 000,040,489 | ---- | C] () -- D:\Users\Chris\Documents\[isoHunt] 2966232.torrent
[2012/12/08 17:29:18 | 000,089,237 | ---- | C] () -- D:\Users\Chris\Documents\[isoHunt] Call Of Duty Black Ops 2 Deluxe Edition-FULL UNLOCKED.torrent
[2012/12/08 17:28:31 | 000,086,768 | ---- | C] () -- D:\Users\Chris\Documents\[isoHunt] Call.Of.Duty.MegaPack-KaOs.torrent
[2012/12/08 17:24:47 | 000,617,199 | ---- | C] () -- D:\Users\Chris\Documents\[isoHunt] E46CDE8F32F147194CA736A3A7597D217D9E4A5A.torrent
[2012/12/08 17:22:13 | 000,617,329 | ---- | C] () -- D:\Users\Chris\Documents\Call.of.Duty.Black.Ops.II-SKIDROW.torrent
[2012/12/08 17:15:23 | 000,016,069 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.iii.3.repack.rip.by.rg.mechanics.updated.23.11.2012 (1).torrent
[2012/12/08 17:13:32 | 000,016,069 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.iii.3.repack.rip.by.rg.mechanics.updated.23.11.2012.torrent
[2012/12/08 17:01:32 | 000,078,860 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.p2p.torrent
[2012/12/06 21:08:07 | 000,000,634 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/12/06 21:08:07 | 000,000,634 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/12/06 21:00:29 | 004,029,720 | ---- | C] () -- D:\Users\Chris\Documents\gtacrk_SMART4U[www.smart4u.org].apk
[2012/12/06 20:49:24 | 004,041,942 | ---- | C] () -- D:\Users\Chris\Documents\GTA-VC-APK-Andropalace.net.apk
[2012/12/05 14:34:07 | 068,022,245 | ---- | C] () -- D:\Users\Chris\Documents\NVIDIA-Linux-x86_64-310.19.run
[2012/12/04 21:55:17 | 000,267,936 | ---- | C] () -- C:\ANG1
[2012/12/02 15:11:04 | 000,834,220 | ---- | C] () -- D:\Users\Chris\Documents\x360ce.App-2.0.2.163.zip
[2012/12/02 14:37:21 | 000,075,728 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]spider.man.2.ps2.pal.multi2.torrent
[2012/12/02 14:17:20 | 000,025,424 | ---- | C] () -- D:\Users\Chris\Documents\Spiderman 2.pin
[2012/12/02 09:17:12 | 000,070,529 | ---- | C] () -- D:\Users\Chris\Documents\reload.ZIP
[2012/12/02 08:58:44 | 011,910,711 | ---- | C] () -- D:\Users\Chris\Documents\AC3-CR-Fully-Working.zip
[2012/12/01 22:35:57 | 023,164,100 | ---- | C] () -- D:\Users\Chris\Documents\MSIAfterburnerSetup230.zip
[2012/12/01 21:06:59 | 000,015,562 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.update.eng.rus.repack.torrent
[2012/12/01 18:43:37 | 000,015,879 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.full.rip.joekkerr.torrent
[2012/12/01 18:27:25 | 000,001,441 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]assassin.s.creed.3.assassins.creed.iii.crack.without.uplay.works.with.all.versions.phtx.torrent
[2012/12/01 18:04:28 | 000,000,830 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.v1.01.crackonly.theta (1).torrent
[2012/12/01 17:59:58 | 000,040,001 | ---- | C] () -- D:\Users\Chris\Documents\Assassins Creed III-SKIDROW.torrent
[2012/12/01 17:54:15 | 001,919,372 | ---- | C] () -- D:\Users\Chris\Documents\AC3_uplay_crack.7z
[2012/12/01 17:23:34 | 000,020,954 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]assassin.s.creed.3.assassins.creed.iii.skidrow.crack.only.torrent
[2012/12/01 15:03:52 | 000,000,830 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]assassins.creed.3.v1.01.crackonly.theta.torrent
[2012/12/01 14:31:39 | 000,017,502 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]spiderman.2.pc.torrent
[2012/11/29 18:25:46 | 000,258,827 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]star.wars.episode.iii.revenge.of.the.sith.2005.blu.ray.full.avc.dts.hd.6.1.torrent
[2012/11/28 21:18:22 | 042,601,820 | ---- | C] () -- D:\Users\Chris\Documents\Mariah Carey - 02 - All i want for christmas is you.wav
[2012/11/28 21:13:01 | 030,312,453 | ---- | C] () -- D:\Users\Chris\Documents\Mariah Carey - 02 - All i want for christmas is you.flac
[2012/11/26 21:02:38 | 000,032,780 | ---- | C] () -- D:\Users\Chris\Documents\motion.zip
[2012/11/26 12:34:45 | 000,194,937 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]quantum.of.solace.2008.1080p.bluray.x264.framestor.torrent
[2012/11/26 12:33:44 | 000,261,324 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]blu.ray.1080.multi.lang.multi.sub.007.quantum.of.solace.spg.uf.torrent
[2012/11/25 23:56:07 | 000,063,133 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]quantum.of.solace.2008.bluray.1080p.dts.x264.dxva.mkv.torrent
[2012/11/25 13:08:37 | 000,002,533 | ---- | C] () -- D:\Users\Chris\Documents\Card.java
[2012/11/24 21:53:27 | 003,444,736 | ---- | C] () -- D:\Users\Chris\Documents\HackBoot2.iso
[2012/11/24 21:53:23 | 003,444,736 | ---- | C] () -- D:\Users\Chris\Documents\HackBoot1.iso
[2012/11/24 21:16:21 | 035,192,135 | ---- | C] () -- D:\Users\Chris\Documents\pussinboots-tlr1_h1080p.mp4
[2012/11/24 01:05:54 | 005,658,366 | ---- | C] () -- D:\Users\Chris\Documents\win32diskimager-binary-0.6.zip
[2012/11/24 01:04:45 | 259,833,488 | ---- | C] () -- D:\Users\Chris\Documents\ChromeOS-Lime-2237.0.2012_07_08_1610-rccf8f959.zip
[2012/11/24 00:39:22 | 004,049,054 | ---- | C] () -- D:\Users\Chris\Documents\amiflash.zip
[2012/11/24 00:36:57 | 000,131,584 | ---- | C] () -- D:\Users\Chris\Documents\mbid14.exe
[2012/11/23 10:24:07 | 000,014,103 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]labrinth.ft.emeli.sande.beneath.your.beautiful.singles.2012.torrent
[2012/11/23 10:20:12 | 064,722,144 | ---- | C] () -- D:\Users\Chris\Documents\2-03 Stockholm Syndrome (Live From Stade De France, Paris).mp4
[2012/11/23 10:20:03 | 037,969,769 | ---- | C] () -- D:\Users\Chris\Documents\2-02 Starlight (Live From San Siro, Milan).mp4
[2012/11/23 10:20:00 | 061,917,747 | ---- | C] () -- D:\Users\Chris\Documents\2-01 Uprising (Live From The LCCC, Manchester).mp4
[2012/11/23 10:19:46 | 018,798,280 | ---- | C] () -- D:\Users\Chris\Documents\1-03 Stockholm Syndrome (Live From Stade De France, Paris).mp3
[2012/11/23 10:19:46 | 011,397,364 | ---- | C] () -- D:\Users\Chris\Documents\1-02 Starlight (Live From San Siro, Milan).mp3
[2012/11/23 10:19:45 | 017,290,744 | ---- | C] () -- D:\Users\Chris\Documents\1-01 Uprising (Live From The LCCC, Manchester).mp3
[2012/11/23 10:16:21 | 008,429,914 | ---- | C] () -- D:\Users\Chris\Documents\Stooshe - Waterfalls.mp3
[2012/11/23 10:09:32 | 053,194,355 | ---- | C] () -- D:\Users\Chris\Documents\Stooshe__Waterfalls_Remixes_2012_iTunes_Plus_AAC_M4A_EP.rar
[2012/11/23 10:02:12 | 000,013,315 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]robbie.williams.take.the.crown.2012.flac.vtwin88cube.torrent
[2012/11/22 17:34:29 | 000,271,568 | ---- | C] () -- C:\ANG0
[2012/11/22 14:24:07 | 800,063,488 | ---- | C] () -- D:\Users\Chris\Documents\ubuntu-12.10-desktop-amd64.iso
[2012/11/22 14:03:39 | 556,614,333 | ---- | C] () -- D:\Users\Chris\Documents\_2010__Immersion__FLAC_.rar
[2012/11/22 13:57:43 | 732,213,248 | ---- | C] () -- D:\Users\Chris\Documents\ubuntu-12.04-desktop-amd64.iso
[2012/11/22 13:33:52 | 606,147,593 | ---- | C] () -- D:\Users\Chris\Documents\OS_X_Mountain_Lion_Pre-Installed_VMware_WinPC.part10.rar
[2012/11/22 13:14:44 | 524,382,208 | ---- | C] () -- D:\Users\Chris\Documents\Hiren's.BootCD.15.1.iso
[2012/11/22 13:14:04 | 705,083,180 | ---- | C] () -- D:\Users\Chris\Documents\Grandad Train_1.m2v
[2012/11/22 13:07:32 | 1585,792,287 | ---- | C] () -- D:\Users\Chris\Documents\Connie &Evie.rar
[2012/11/21 18:43:21 | 013,735,768 | ---- | C] () -- D:\Users\Chris\Documents\Download_Links_mahmood1_v9.pdf
[2012/11/21 00:34:15 | 205,043,036 | ---- | C] () -- D:\Users\Chris\Documents\muse_summer_stadiums_2010_ep.zip
[2012/11/18 17:25:03 | 006,700,577 | ---- | C] () -- D:\Users\Chris\Documents\Logo_Quiz_full_v1.5.apk
[2012/11/18 17:01:37 | 008,886,954 | ---- | C] () -- D:\Users\Chris\Documents\com.polarbit.RecklessRacing2_v1.0.102.0.bar
[2012/11/18 17:01:26 | 031,432,873 | ---- | C] () -- D:\Users\Chris\Documents\com.disney.WMW_v1.0.5.0.bar
[2012/11/18 17:01:22 | 009,188,474 | ---- | C] () -- D:\Users\Chris\Documents\com.gameloft.android.GAND.GloftA7HP_v1.0.100.0.bar
[2012/11/18 00:34:04 | 000,011,110 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]f1.race.stars.flt.2012.pc.eng.multi9.torrent
[2012/11/18 00:30:51 | 000,030,174 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]f1.race.stars.flt (1).torrent
[2012/11/18 00:28:52 | 000,030,174 | ---- | C] () -- D:\Users\Chris\Documents\[kat.ph]f1.race.stars.flt.torrent
[2012/11/17 23:55:29 | 007,156,994 | ---- | C] () -- D:\Users\Chris\Documents\rihanna-rudeboy-cln.mp3.mp3
[2012/11/17 23:50:48 | 011,034,596 | ---- | C] () -- D:\Users\Chris\Documents\01 Umbrella.mp3
[2012/11/17 23:13:10 | 007,804,014 | ---- | C] () -- D:\Users\Chris\Documents\Carly Rae Jepsen - Call Me Maybe (Instrumental Version).mp3
[2012/11/17 17:31:22 | 010,951,238 | ---- | C] () -- D:\Users\Chris\Documents\guiminer.zip
[2012/11/17 17:14:11 | 026,484,045 | ---- | C] () -- D:\Users\Chris\Documents\3DS Emulator 1.1.2.rar
[2012/11/17 17:06:35 | 000,000,470 | ---- | C] () -- D:\Users\Chris\Documents\13091-Save Converter.rar
[2012/11/17 16:43:18 | 001,226,036 | ---- | C] () -- D:\Users\Chris\Documents\31061-Wood_R4_v1.54.7z
[2012/11/17 11:36:54 | 000,004,302 | ---- | C] () -- D:\Users\Chris\Documents\EssexUni-OpenVPN.zip
[2012/11/07 21:55:39 | 000,000,138 | ---- | C] () -- C:\Users\Chris\.deployData
[2012/11/01 22:38:53 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2012/10/30 15:18:21 | 000,582,661 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\technic-launcher.jar
[2012/10/15 20:17:37 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/12 21:22:51 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/10/10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/09/28 15:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/10 20:47:21 | 000,007,604 | ---- | C] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2012/08/27 20:19:12 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/08/27 20:19:12 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/08/27 20:19:12 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/08/27 20:19:12 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/08/27 20:19:12 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/08/23 21:26:53 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/08/23 21:26:53 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/08/23 21:26:53 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/08/23 16:40:11 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/23 16:40:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/22 07:17:18 | 000,770,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/21 09:41:59 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/08/21 09:41:59 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/02/02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >


Chris

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 16 December 2012 - 08:28 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 December 2012 - 08:39 PM

Thanks, I'll reboot into windows 7 and try those

Chris

#8 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 December 2012 - 08:59 PM

Hi, here's the log for Adw Cleaner:

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 01:44:57
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Chris - CHRIS-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\izxrbdet.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3720 octets] - [13/12/2012 17:41:14]
AdwCleaner[S2].txt - [899 octets] - [17/12/2012 01:44:57]

########## EOF - C:\AdwCleaner[S2].txt - [958 octets] ##########


And here's the log for Rogue Killer:

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Remove -- Date : 12/17/2012 01:53:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Chris\NTUSER.DAT
-> E:\Users\chris_000\NTUSER.DAT
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\UpdatusUser\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST750LX003-1AC154 +++++
--- User ---
[MBR] 9376a1c637cae6b3d5ad0b41393ce8eb
[BSP] 045d63d759801ffa377d9c16e2a78d93 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 565655 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 1158463215 | Size: 61828 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1285087545 | Size: 51850 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1391278078 | Size: 36069 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_12172012_02d0153.txt >>
RKreport[1]_S_12132012_02d1751.txt ; RKreport[2]_D_12132012_02d1751.txt ; RKreport[3]_S_12172012_02d0153.txt ; RKreport[4]_D_12172012_02d0153.txt



Thanks,

Chris

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 16 December 2012 - 09:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 December 2012 - 09:45 PM

Hi, the log from combofix is:

ComboFix 12-12-17.01 - Chris 17/12/2012 2:25.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8088.6565 [GMT 0:00]
Running from: c:\users\Chris\Desktop\ComboFix1.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 02:32 . 2012-12-17 02:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-17 02:32 . 2012-12-17 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-15 01:34 . 2012-12-15 01:34 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2012-12-15 01:33 . 2012-12-15 01:33 -------- d-----w- c:\programdata\Malwarebytes
2012-12-15 01:33 . 2012-12-15 01:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-15 01:33 . 2012-09-29 19:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 18:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{700B8F78-425C-4FDF-8C33-75CF3E356DDC}\mpengine.dll
2012-12-12 18:30 . 2012-12-10 17:57 270848 ----a-w- c:\windows\SysWow64\sbs_wminet_utils.dat
2012-12-12 14:14 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 14:14 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 14:05 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 11:52 . 2012-10-26 19:01 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-12-12 11:52 . 2012-10-26 18:59 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-12-12 11:39 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-11 00:02 . 2012-12-11 00:02 -------- d-----w- c:\users\Chris\AppData\Roaming\Theta
2012-12-10 17:50 . 2012-12-10 17:50 -------- d-----r- C:\Kernels
2012-12-10 17:45 . 2012-12-10 17:57 410112 ----a-w- c:\windows\system32\sbs_mscorrc.dat
2012-12-10 17:45 . 2012-12-10 17:57 309760 ----a-w- c:\windows\system32\SharedReg.dll
2012-12-10 17:45 . 2012-12-10 17:57 270848 ----a-w- c:\windows\system32\sbs_mscorsec.dat
2012-12-09 09:31 . 2012-12-10 23:49 -------- d-----w- c:\program files (x86)\R.G. Mechanics
2012-12-02 14:22 . 2003-09-03 02:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-12-02 09:17 . 2012-12-11 11:28 -------- d-----w- c:\programdata\Orbit
2012-11-29 19:49 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-29 19:49 . 2012-11-29 19:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-29 19:49 . 2012-11-29 19:49 -------- d-----w- c:\program files\iTunes
2012-11-29 19:49 . 2012-11-29 19:49 -------- d-----w- c:\program files\iPod
2012-11-29 19:45 . 2012-11-29 19:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-29 19:45 . 2012-11-29 19:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-29 19:45 . 2012-11-29 19:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-29 19:45 . 2012-11-29 19:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-29 19:45 . 2012-11-29 19:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-29 19:45 . 2012-11-29 19:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-29 19:45 . 2012-11-29 19:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-28 14:16 . 2012-11-28 14:16 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36ADCAE9-5389-4E88-8CF8-7E4EB37DE518}\gapaengine.dll
2012-11-26 11:44 . 2012-11-26 11:44 -------- d-----w- C:\found.000
2012-11-25 12:18 . 2012-11-25 12:19 -------- d-----w- c:\users\Chris\mindterm
2012-11-22 19:07 . 2012-11-22 19:07 -------- d---a-w- C:\boot-sav
2012-11-22 17:34 . 2012-12-04 21:55 -------- d-----w- C:\NST
2012-11-20 08:11 . 2012-11-20 08:11 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2012-11-18 10:35 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-11-18 10:34 . 2007-03-05 12:42 15128 ----a-w- c:\windows\SysWow64\x3daudio1_1.dll
2012-11-18 10:27 . 2012-11-18 10:27 -------- d-----w- c:\users\Chris\AppData\Local\Programs
2012-11-17 22:46 . 2012-11-17 22:46 -------- d-----w- c:\users\Chris\AppData\Roaming\poclbm
2012-11-17 11:36 . 2012-11-17 11:36 -------- d-----w- c:\program files (x86)\OpenVPN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-17 01:43 . 2012-08-23 21:26 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2012-12-12 19:56 . 2012-08-26 11:03 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 10:44 . 2012-09-03 11:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-02 10:44 . 2012-09-03 11:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-18 10:36 . 2012-08-21 22:42 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-18 10:36 . 2012-08-21 22:42 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-11-16 12:05 . 2012-09-01 10:21 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-16 12:05 . 2012-09-01 10:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-16 12:05 . 2012-08-21 22:36 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-16 01:08 . 2012-11-16 01:08 71680 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2012-11-06 11:20 . 2012-02-23 02:20 1048376 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-06 11:19 . 2012-08-21 09:56 539960 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-11-06 11:19 . 2012-11-08 20:06 461624 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-11-06 11:19 . 2012-11-08 20:06 229176 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-11-06 11:19 . 2012-11-08 20:06 113976 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-11-06 11:19 . 2012-11-08 20:06 177976 ----a-w- c:\windows\system32\SynTPCo14.dll
2012-11-06 11:19 . 2012-11-08 20:06 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-10-26 19:00 . 2012-10-26 19:00 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-26 18:59 . 2012-10-26 18:59 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-10-26 18:59 . 2012-10-26 18:59 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-24 10:12 . 2012-08-21 22:36 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-24 10:12 . 2012-08-21 22:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-19 18:34 . 2012-10-19 18:34 413696 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{4229F016-3A60-439E-B626-DE4BD457469F}\ARPPRODUCTICON.exe
2012-10-17 13:26 . 2012-09-10 12:17 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-10-16 08:38 . 2012-11-28 08:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 08:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 08:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 02:22 . 2012-10-10 02:22 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 21818368 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-10 02:22 . 2012-10-10 02:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-10 02:22 . 2012-10-10 02:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 02:22 . 2012-10-10 02:22 27438080 ----a-w- c:\windows\system32\igdfcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-10 02:22 . 2012-10-10 02:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-10 02:22 . 2012-10-10 02:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-10 02:22 . 2012-10-10 02:22 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
2012-10-10 02:22 . 2012-08-21 09:42 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-10-10 02:22 . 2012-08-21 09:41 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
2012-10-10 02:22 . 2012-10-10 02:22 598780 ----a-w- c:\windows\system32\igvpkrng700.bin
2012-10-10 02:22 . 2012-10-10 02:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-10 02:22 . 2012-10-10 02:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-10 02:22 . 2012-10-10 02:22 56832 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
2012-10-10 02:22 . 2012-10-10 02:22 441888 ----a-w- c:\windows\system32\igfxpers.exe
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3582976 ----a-w- c:\windows\system32\igdbcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-10 02:22 . 2012-08-21 09:41 56832 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 02:22 . 2012-10-10 02:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 441856 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-10 02:22 . 2012-10-10 02:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-10 02:22 . 2012-10-10 02:22 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-10-10 02:22 . 2012-10-10 02:22 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-10-10 02:22 . 2012-10-10 02:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-10 02:22 . 2012-10-10 02:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 02:22 . 2012-08-21 09:42 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-10-10 02:22 . 2012-08-21 09:42 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-10 02:22 . 2012-10-10 02:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-10 02:22 . 2012-10-10 02:22 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-10 02:22 . 2012-10-10 02:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-10 02:22 . 2012-10-10 02:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-10 02:22 . 2012-10-10 02:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-10 02:22 . 2012-10-10 02:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 56320 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2012-10-10 02:22 . 2012-10-10 02:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-10 02:22 . 2012-10-10 02:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-10 02:22 . 2012-10-10 02:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-10 02:22 . 2012-08-21 09:42 56320 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 8579584 ----a-w- c:\windows\SysWow64\ig7icd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 386048 ----a-w- c:\windows\system32\igfxpph.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="d:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"vmware-tray.exe"="d:\vmware\VMware Workstation\vmware-tray.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
R2 VMwareHostd;VMware Workstation Server;d:\vmware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]
R3 ALSysIO;ALSysIO;c:\users\Chris\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-05-30 149544]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-22 1255736]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-18 394712]
R4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-22 283200]
S1 RapportCerberus_44365;RapportCerberus_44365;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys [2012-11-05 508024]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-11-14 224024]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-11-14 376600]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 237400]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 119640]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-01-19 106144]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2011-10-13 156672]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-11-14 1115992]
S2 SharedReg;Shared Registry;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-05-30 16168]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
S2 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-05-02 2370560]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2012-05-02 472176]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-01-19 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-01-19 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-01-19 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-01-19 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-01-19 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-01-19 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-01-19 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-01-19 550560]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [2012-11-05 175352]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 10:44]
.
2012-12-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4278298912-65852868-2904132004-1000Core.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-22 00:04]
.
2012-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4278298912-65852868-2904132004-1000UA.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-22 00:04]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 18:10]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 18:10]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278298912-65852868-2904132004-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 10:08]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278298912-65852868-2904132004-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 10:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-21 12452456]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-01-19 1016992]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-01-19 800416]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SharedReg
SharedReg
SharedReg
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\izxrbdet.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4278298912-65852868-2904132004-1000\Software\SecuROM\License information*]
"datasecu"=hex:6d,cd,38,7b,0f,c5,ef,80,2d,74,24,50,a9,b9,fe,a8,47,ee,5e,9c,87,
af,88,36,6b,f0,18,10,52,2a,62,f2,ac,76,27,51,67,e5,3e,07,b2,99,65,2b,ca,a0,\
"rkeysecu"=hex:f0,0a,6d,20,a6,a6,a2,a7,d9,f3,46,53,49,80,42,bb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\PHotkey\ASLDRSrv.exe
c:\program files (x86)\PHotkey\PHotkey.exe
c:\program files (x86)\PHotkey\MsgTranAgt.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\mscorsvw.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\PHotkey\POSD.exe
c:\program files (x86)\PHotkey\GPMTray.exe
.
**************************************************************************
.
Completion time: 2012-12-17 02:41:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-17 02:41
ComboFix2.txt 2012-12-13 18:42
ComboFix3.txt 2012-12-13 18:11
.
Pre-Run: 16,880,021,504 bytes free
Post-Run: 16,785,887,232 bytes free
.
- - End Of File - - DB7CABD8D3E691717FE438532B788C0D


Unfortunately, the computer still has the same symptoms

Chris

#11 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 December 2012 - 09:47 PM

I won't reply to your next post until the morning, as I'm going to bed now :)

Thanks for your help so far
Chris

#12 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 19 December 2012 - 09:30 AM

48 hour bump :) The log from combofix is in my last post, the problem still occurs, are there any other tools you would recommend,
Thanks,
Chris

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 20 December 2012 - 12:46 PM

Greetings chrisd2020

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 December 2012 - 01:38 PM

I have disabled internet in windows 7, the infected os, but I cannot enable it again, I cannot start the WLAN AutoConfig service,

would it work if I downloaded the updates by running the aswMBR exe in windows 8 and clicked download, but not scan, then running the same file in windows 7 and scanning, hopefully with the updated definitions. Or does it only download them to a temporary place, I will boot into windows 7 now (takes a while as cpu is 100%
until I can start task manager) and watch the thread on my phone.

Thanks,
Chris

#15 chrisd2020

chrisd2020
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 December 2012 - 02:23 PM

Here's the log from TDSS Killer in three parts, it said the whole post was too long:

PART 1

18:52:02.0411 3456 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:52:02.0411 3456 ============================================================
18:52:02.0411 3456 Current date / time: 2012/12/20 18:52:02.0411
18:52:02.0411 3456 SystemInfo:
18:52:02.0411 3456
18:52:02.0411 3456 OS Version: 6.1.7601 ServicePack: 1.0
18:52:02.0411 3456 Product type: Workstation
18:52:02.0411 3456 ComputerName: CHRIS-LAPTOP
18:52:02.0411 3456 UserName: Chris
18:52:02.0411 3456 Windows directory: C:\Windows
18:52:02.0411 3456 System windows directory: C:\Windows
18:52:02.0411 3456 Running under WOW64
18:52:02.0411 3456 Processor architecture: Intel x64
18:52:02.0411 3456 Number of processors: 8
18:52:02.0411 3456 Page size: 0x1000
18:52:02.0411 3456 Boot type: Normal boot
18:52:02.0411 3456 ============================================================
18:52:02.0458 3456 BG loaded
18:52:03.0113 3456 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:03.0113 3456 ============================================================
18:52:03.0113 3456 \Device\Harddisk0\DR0:
18:52:03.0113 3456 MBR partitions:
18:52:03.0113 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x450CBEB0
18:52:03.0113 3456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x450CBEEF, BlocksNum 0x78C224A
18:52:03.0113 3456 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4C98E139, BlocksNum 0x6545352
18:52:03.0316 3456 ============================================================
18:52:03.0347 3456 D: <-> \Device\Harddisk0\DR0\Partition1
18:52:03.0425 3456 C: <-> \Device\Harddisk0\DR0\Partition2
18:52:03.0441 3456 E: <-> \Device\Harddisk0\DR0\Partition3
18:52:03.0441 3456 ============================================================
18:52:03.0441 3456 Initialize success
18:52:03.0441 3456 ============================================================
18:54:47.0033 4752 ============================================================
18:54:47.0033 4752 Scan started
18:54:47.0033 4752 Mode: Manual; SigCheck; TDLFS;
18:54:47.0033 4752 ============================================================
18:54:53.0211 4752 ================ Scan system memory ========================
18:54:53.0211 4752 System memory - ok
18:54:53.0211 4752 ================ Scan services =============================
18:54:53.0367 4752 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:54:53.0460 4752 1394ohci - ok
18:54:53.0476 4752 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:54:53.0507 4752 ACPI - ok
18:54:53.0523 4752 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:54:53.0570 4752 AcpiPmi - ok
18:54:53.0648 4752 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:54:53.0663 4752 AdobeARMservice - ok
18:54:53.0772 4752 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:54:53.0788 4752 AdobeFlashPlayerUpdateSvc - ok
18:54:53.0804 4752 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:54:53.0819 4752 adp94xx - ok
18:54:53.0835 4752 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:54:53.0866 4752 adpahci - ok
18:54:53.0882 4752 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:54:53.0897 4752 adpu320 - ok
18:54:53.0944 4752 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:54:54.0038 4752 AeLookupSvc - ok
18:54:54.0084 4752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:54:54.0116 4752 AFD - ok
18:54:54.0131 4752 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:54:54.0147 4752 agp440 - ok
18:54:54.0178 4752 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:54:54.0209 4752 ALG - ok
18:54:54.0209 4752 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:54:54.0225 4752 aliide - ok
18:54:54.0350 4752 ALSysIO - ok
18:54:54.0350 4752 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:54:54.0365 4752 amdide - ok
18:54:54.0381 4752 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:54:54.0396 4752 AmdK8 - ok
18:54:54.0412 4752 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:54:54.0459 4752 AmdPPM - ok
18:54:54.0474 4752 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:54:54.0490 4752 amdsata - ok
18:54:54.0506 4752 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:54:54.0537 4752 amdsbs - ok
18:54:54.0552 4752 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:54:54.0568 4752 amdxata - ok
18:54:54.0584 4752 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:54:54.0724 4752 AppID - ok
18:54:54.0755 4752 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:54:54.0818 4752 AppIDSvc - ok
18:54:54.0833 4752 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:54:54.0896 4752 Appinfo - ok
18:54:54.0958 4752 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:54:54.0974 4752 Apple Mobile Device - ok
18:54:55.0020 4752 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:54:55.0036 4752 AppMgmt - ok
18:54:55.0052 4752 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:54:55.0067 4752 arc - ok
18:54:55.0067 4752 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:54:55.0083 4752 arcsas - ok
18:54:55.0130 4752 [ EFD89582B55DD32DC79C1A4EB54612A1 ] ASLDRService C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
18:54:55.0161 4752 ASLDRService - ok
18:54:55.0254 4752 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:54:55.0270 4752 aspnet_state - ok
18:54:55.0286 4752 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:54:55.0348 4752 AsyncMac - ok
18:54:55.0364 4752 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:54:55.0379 4752 atapi - ok
18:54:55.0426 4752 [ D0B119D6F52BDCA8D204F79D27690209 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
18:54:55.0442 4752 AthBTPort - ok
18:54:55.0488 4752 [ 86F8A0A8D59D0AE2B1096F3103F0E0AD ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
18:54:55.0504 4752 AtherosSvc - ok
18:54:55.0566 4752 [ 881AF14AD2F1207672873B65ACA6C92F ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:54:55.0629 4752 athr - ok
18:54:55.0676 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:54:55.0722 4752 AudioEndpointBuilder - ok
18:54:55.0738 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:54:55.0785 4752 AudioSrv - ok
18:54:55.0816 4752 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:54:55.0878 4752 AxInstSV - ok
18:54:55.0925 4752 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:54:55.0956 4752 b06bdrv - ok
18:54:55.0972 4752 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:54:56.0019 4752 b57nd60a - ok
18:54:56.0034 4752 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:54:56.0066 4752 BDESVC - ok
18:54:56.0081 4752 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:54:56.0144 4752 Beep - ok
18:54:56.0175 4752 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:54:56.0222 4752 BFE - ok
18:54:56.0362 4752 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:54:56.0424 4752 BITS - ok
18:54:56.0440 4752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:54:56.0456 4752 blbdrive - ok
18:54:56.0518 4752 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:54:56.0534 4752 Bonjour Service - ok
18:54:56.0565 4752 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:54:56.0612 4752 bowser - ok
18:54:56.0627 4752 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:54:56.0643 4752 BrFiltLo - ok
18:54:56.0658 4752 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:54:56.0674 4752 BrFiltUp - ok
18:54:56.0690 4752 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
18:54:56.0752 4752 Bridge - ok
18:54:56.0768 4752 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:54:56.0814 4752 BridgeMP - ok
18:54:56.0830 4752 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:54:56.0846 4752 Browser - ok
18:54:56.0861 4752 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:54:56.0892 4752 Brserid - ok
18:54:56.0908 4752 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:54:56.0939 4752 BrSerWdm - ok
18:54:56.0955 4752 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:54:56.0986 4752 BrUsbMdm - ok
18:54:56.0986 4752 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:54:57.0002 4752 BrUsbSer - ok
18:54:57.0048 4752 [ C05ED3246C06EC56F10D85B0304CD09E ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
18:54:57.0064 4752 BTATH_A2DP - ok
18:54:57.0064 4752 [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
18:54:57.0080 4752 btath_avdt - ok
18:54:57.0126 4752 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
18:54:57.0142 4752 BTATH_BUS - ok
18:54:57.0158 4752 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
18:54:57.0173 4752 BTATH_HCRP - ok
18:54:57.0189 4752 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
18:54:57.0204 4752 BTATH_LWFLT - ok
18:54:57.0220 4752 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
18:54:57.0236 4752 BTATH_RCP - ok
18:54:57.0251 4752 [ 4FBDD8AF372ED5CB2EA63C0890C62435 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
18:54:57.0267 4752 BtFilter - ok
18:54:57.0298 4752 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:54:57.0345 4752 BthEnum - ok
18:54:57.0360 4752 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:54:57.0376 4752 BTHMODEM - ok
18:54:57.0407 4752 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:54:57.0438 4752 BthPan - ok
18:54:57.0470 4752 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:54:57.0501 4752 BTHPORT - ok
18:54:57.0532 4752 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:54:57.0594 4752 bthserv - ok
18:54:57.0610 4752 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:54:57.0641 4752 BTHUSB - ok
18:54:57.0657 4752 catchme - ok
18:54:57.0704 4752 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:54:57.0750 4752 cdfs - ok
18:54:57.0782 4752 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:54:57.0813 4752 cdrom - ok
18:54:57.0844 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:54:57.0906 4752 CertPropSvc - ok
18:54:57.0922 4752 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:54:57.0938 4752 circlass - ok
18:54:57.0969 4752 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:54:57.0984 4752 CLFS - ok
18:54:58.0031 4752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:54:58.0047 4752 clr_optimization_v2.0.50727_32 - ok
18:54:58.0078 4752 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:54:58.0094 4752 clr_optimization_v2.0.50727_64 - ok
18:54:58.0156 4752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:54:58.0172 4752 clr_optimization_v4.0.30319_32 - ok
18:54:58.0187 4752 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:54:58.0203 4752 clr_optimization_v4.0.30319_64 - ok
18:54:58.0218 4752 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:54:58.0234 4752 CmBatt - ok
18:54:58.0250 4752 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:54:58.0265 4752 cmdide - ok
18:54:58.0296 4752 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:54:58.0328 4752 CNG - ok
18:54:58.0328 4752 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:54:58.0343 4752 Compbatt - ok
18:54:58.0343 4752 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:54:58.0374 4752 CompositeBus - ok
18:54:58.0390 4752 COMSysApp - ok
18:54:58.0452 4752 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:54:58.0484 4752 cphs - ok
18:54:58.0499 4752 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:54:58.0515 4752 crcdisk - ok
18:54:58.0546 4752 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:54:58.0577 4752 CryptSvc - ok
18:54:58.0608 4752 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:54:58.0655 4752 CSC - ok
18:54:58.0686 4752 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:54:58.0718 4752 CscService - ok
18:54:58.0764 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:54:58.0811 4752 DcomLaunch - ok
18:54:58.0874 4752 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:54:58.0905 4752 defragsvc - ok
18:54:58.0920 4752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:54:58.0967 4752 DfsC - ok
18:54:58.0983 4752 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:54:59.0030 4752 Dhcp - ok
18:54:59.0030 4752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:54:59.0076 4752 discache - ok
18:54:59.0076 4752 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:54:59.0092 4752 Disk - ok
18:54:59.0123 4752 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:54:59.0139 4752 dmvsc - ok
18:54:59.0154 4752 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:54:59.0170 4752 Dnscache - ok
18:54:59.0186 4752 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:54:59.0232 4752 dot3svc - ok
18:54:59.0248 4752 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:54:59.0295 4752 DPS - ok
18:54:59.0326 4752 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:54:59.0357 4752 drmkaud - ok
18:54:59.0388 4752 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:54:59.0420 4752 dtsoftbus01 - ok
18:54:59.0451 4752 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:54:59.0466 4752 DXGKrnl - ok
18:54:59.0482 4752 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:54:59.0544 4752 EapHost - ok
18:54:59.0607 4752 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:54:59.0700 4752 ebdrv - ok
18:54:59.0716 4752 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:54:59.0747 4752 EFS - ok
18:54:59.0794 4752 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:54:59.0825 4752 ehRecvr - ok
18:54:59.0825 4752 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:54:59.0841 4752 ehSched - ok
18:54:59.0888 4752 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:54:59.0903 4752 elxstor - ok
18:54:59.0934 4752 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
18:54:59.0950 4752 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
18:54:59.0950 4752 epmntdrv - detected UnsignedFile.Multi.Generic (1)
18:54:59.0966 4752 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:54:59.0981 4752 ErrDev - ok
18:55:00.0012 4752 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
18:55:00.0028 4752 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
18:55:00.0028 4752 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
18:55:00.0044 4752 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:55:00.0090 4752 EventSystem - ok
18:55:00.0106 4752 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:55:00.0153 4752 exfat - ok
18:55:00.0168 4752 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:55:00.0215 4752 fastfat - ok
18:55:00.0246 4752 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:55:00.0278 4752 Fax - ok
18:55:00.0278 4752 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:55:00.0309 4752 fdc - ok
18:55:00.0324 4752 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:55:00.0371 4752 fdPHost - ok
18:55:00.0387 4752 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:55:00.0434 4752 FDResPub - ok
18:55:00.0465 4752 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:55:00.0480 4752 FileInfo - ok
18:55:00.0496 4752 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:55:00.0543 4752 Filetrace - ok
18:55:00.0558 4752 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:55:00.0574 4752 flpydisk - ok
18:55:00.0605 4752 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:55:00.0621 4752 FltMgr - ok
18:55:00.0668 4752 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:55:00.0699 4752 FontCache - ok
18:55:00.0730 4752 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:55:00.0746 4752 FontCache3.0.0.0 - ok
18:55:00.0746 4752 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:55:00.0777 4752 FsDepends - ok
18:55:00.0792 4752 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:55:00.0808 4752 Fs_Rec - ok
18:55:00.0808 4752 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:55:00.0839 4752 fvevol - ok
18:55:00.0855 4752 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:55:00.0870 4752 gagp30kx - ok
18:55:00.0902 4752 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:55:00.0917 4752 GEARAspiWDM - ok
18:55:00.0964 4752 [ 4E1D0A246E10CFDDBF856432418DE404 ] GFNEXSrv C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
18:55:00.0964 4752 GFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
18:55:00.0964 4752 GFNEXSrv - detected UnsignedFile.Multi.Generic (1)
18:55:00.0995 4752 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:55:01.0042 4752 gpsvc - ok
18:55:01.0089 4752 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:55:01.0104 4752 gupdate - ok
18:55:01.0120 4752 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:55:01.0136 4752 gupdatem - ok
18:55:01.0167 4752 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:55:01.0182 4752 hamachi - ok
18:55:01.0229 4752 [ 49FF998B490B4AEF6C71A669FD10F09B ] hcmon C:\Windows\system32\drivers\hcmon.sys
18:55:01.0245 4752 hcmon - ok
18:55:01.0245 4752 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:55:01.0276 4752 hcw85cir - ok
18:55:01.0307 4752 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:55:01.0338 4752 HdAudAddService - ok
18:55:01.0338 4752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:55:01.0385 4752 HDAudBus - ok
18:55:01.0385 4752 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:55:01.0416 4752 HidBatt - ok
18:55:01.0432 4752 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:55:01.0463 4752 HidBth - ok
18:55:01.0463 4752 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:55:01.0494 4752 HidIr - ok
18:55:01.0510 4752 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:55:01.0557 4752 hidserv - ok
18:55:01.0572 4752 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:55:01.0604 4752 HidUsb - ok
18:55:01.0635 4752 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:55:01.0697 4752 hkmsvc - ok
18:55:01.0713 4752 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:55:01.0728 4752 HomeGroupListener - ok
18:55:01.0760 4752 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:55:01.0775 4752 HomeGroupProvider - ok
18:55:01.0791 4752 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:55:01.0806 4752 HpSAMD - ok
18:55:01.0838 4752 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:55:01.0884 4752 HTTP - ok
18:55:01.0884 4752 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:55:01.0900 4752 hwpolicy - ok
18:55:01.0916 4752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:55:01.0931 4752 i8042prt - ok
18:55:01.0978 4752 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:55:01.0994 4752 iaStor - ok
18:55:02.0040 4752 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:55:02.0056 4752 IAStorDataMgrSvc - ok
18:55:02.0103 4752 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:55:02.0118 4752 iaStorV - ok
18:55:02.0337 4752 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:55:02.0352 4752 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:55:02.0352 4752 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:55:02.0399 4752 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:55:02.0430 4752 idsvc - ok
18:55:02.0540 4752 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:55:02.0633 4752 igfx - ok
18:55:02.0649 4752 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:55:02.0664 4752 iirsp - ok
18:55:02.0727 4752 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
18:55:02.0742 4752 IJPLMSVC - ok
18:55:02.0774 4752 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:55:02.0836 4752 IKEEXT - ok
18:55:02.0945 4752 [ 059DDDEDBE5701DC3B779D32798108AC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:55:03.0023 4752 IntcAzAudAddService - ok
18:55:03.0070 4752 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:55:03.0101 4752 IntcDAud - ok
18:55:03.0179 4752 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:55:03.0210 4752 Intel® Capability Licensing Service Interface - ok
18:55:03.0226 4752 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:55:03.0242 4752 intelide - ok
18:55:03.0257 4752 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:55:03.0288 4752 intelppm - ok
18:55:03.0320 4752 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:55:03.0382 4752 IPBusEnum - ok
18:55:03.0398 4752 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:55:03.0429 4752 IpFilterDriver - ok
18:55:03.0460 4752 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:55:03.0491 4752 iphlpsvc - ok
18:55:03.0507 4752 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:55:03.0522 4752 IPMIDRV - ok
18:55:03.0538 4752 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:55:03.0585 4752 IPNAT - ok
18:55:03.0647 4752 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:55:03.0678 4752 iPod Service - ok
18:55:03.0678 4752 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:55:03.0694 4752 IRENUM - ok
18:55:03.0710 4752 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:55:03.0725 4752 isapnp - ok
18:55:03.0741 4752 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:55:03.0772 4752 iScsiPrt - ok
18:55:03.0788 4752 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
18:55:03.0803 4752 iusb3hcs - ok
18:55:03.0819 4752 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
18:55:03.0850 4752 iusb3hub - ok
18:55:03.0881 4752 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
18:55:03.0897 4752 iusb3xhc - ok
18:55:03.0959 4752 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
18:55:03.0975 4752 jhi_service - ok
18:55:03.0990 4752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:55:04.0006 4752 kbdclass - ok
18:55:04.0022 4752 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:55:04.0037 4752 kbdhid - ok
18:55:04.0053 4752 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:55:04.0068 4752 KeyIso - ok
18:55:04.0162 4752 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
18:55:04.0193 4752 Kodak AiO Network Discovery Service - ok
18:55:04.0224 4752 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
18:55:04.0256 4752 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - warning
18:55:04.0256 4752 Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic (1)
18:55:04.0287 4752 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:55:04.0302 4752 KSecDD - ok
18:55:04.0318 4752 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:55:04.0349 4752 KSecPkg - ok
18:55:04.0349 4752 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:55:04.0396 4752 ksthunk - ok
18:55:04.0427 4752 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:55:04.0474 4752 KtmRm - ok
18:55:04.0521 4752 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:55:04.0568 4752 LanmanServer - ok
18:55:04.0599 4752 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:55:04.0646 4752 LanmanWorkstation - ok
18:55:04.0677 4752 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:55:04.0739 4752 lltdio - ok
18:55:04.0755 4752 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:55:04.0802 4752 lltdsvc - ok
18:55:04.0817 4752 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:55:04.0848 4752 lmhosts - ok
18:55:04.0880 4752 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:55:04.0895 4752 LMS - ok
18:55:04.0926 4752 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:55:04.0942 4752 LSI_FC - ok
18:55:04.0942 4752 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:55:04.0958 4752 LSI_SAS - ok
18:55:04.0973 4752 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:55:04.0989 4752 LSI_SAS2 - ok
18:55:04.0989 4752 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:55:05.0004 4752 LSI_SCSI - ok
18:55:05.0020 4752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:55:05.0067 4752 luafv - ok
18:55:05.0082 4752 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:55:05.0114 4752 Mcx2Svc - ok
18:55:05.0114 4752 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:55:05.0129 4752 megasas - ok
18:55:05.0129 4752 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:55:05.0160 4752 MegaSR - ok
18:55:05.0176 4752 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:55:05.0192 4752 MEIx64 - ok
18:55:05.0207 4752 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:55:05.0254 4752 MMCSS - ok
18:55:05.0270 4752 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:55:05.0316 4752 Modem - ok
18:55:05.0332 4752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:55:05.0379 4752 monitor - ok
18:55:05.0379 4752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:55:05.0394 4752 mouclass - ok
18:55:05.0394 4752 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:55:05.0426 4752 mouhid - ok
18:55:05.0441 4752 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:55:05.0457 4752 mountmgr - ok
18:55:05.0488 4752 [ B4CC7669C2ADF80AB25A37B0837EF476 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:55:05.0504 4752 MozillaMaintenance - ok
18:55:05.0550 4752 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:55:05.0566 4752 MpFilter - ok
18:55:05.0582 4752 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:55:05.0597 4752 mpio - ok
18:55:05.0675 4752 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:55:05.0706 4752 mpsdrv - ok
18:55:05.0738 4752 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:55:05.0784 4752 MpsSvc - ok
18:55:05.0800 4752 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:55:05.0831 4752 MRxDAV - ok
18:55:05.0862 4752 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:05.0894 4752 mrxsmb - ok
18:55:05.0925 4752 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:05.0940 4752 mrxsmb10 - ok
18:55:05.0956 4752 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:05.0972 4752 mrxsmb20 - ok
18:55:05.0972 4752 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:55:05.0987 4752 msahci - ok
18:55:06.0003 4752 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:55:06.0018 4752 msdsm - ok
18:55:06.0034 4752 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:55:06.0050 4752 MSDTC - ok
18:55:06.0065 4752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:55:06.0112 4752 Msfs - ok
18:55:06.0112 4752 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:55:06.0143 4752 mshidkmdf - ok
18:55:06.0159 4752 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:55:06.0174 4752 msisadrv - ok
18:55:06.0190 4752 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:55:06.0237 4752 MSiSCSI - ok
18:55:06.0237 4752 msiserver - ok
18:55:06.0268 4752 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:55:06.0315 4752 MSKSSRV - ok
18:55:06.0362 4752 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:55:06.0377 4752 MsMpSvc - ok
18:55:06.0393 4752 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:06.0455 4752 MSPCLOCK - ok
18:55:06.0455 4752 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:55:06.0518 4752 MSPQM - ok
18:55:06.0518 4752 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:55:06.0549 4752 MsRPC - ok
18:55:06.0549 4752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:55:06.0564 4752 mssmbios - ok
18:55:06.0564 4752 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:55:06.0627 4752 MSTEE - ok
18:55:06.0642 4752 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:55:06.0658 4752 MTConfig - ok
18:55:06.0658 4752 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:55:06.0674 4752 Mup - ok
18:55:06.0705 4752 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:55:06.0767 4752 napagent - ok
18:55:06.0783 4752 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:55:06.0830 4752 NativeWifiP - ok
18:55:06.0876 4752 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:55:06.0939 4752 NDIS - ok
18:55:06.0954 4752 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:55:06.0986 4752 NdisCap - ok
18:55:07.0001 4752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:07.0048 4752 NdisTapi - ok
18:55:07.0048 4752 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:07.0095 4752 Ndisuio - ok
18:55:07.0095 4752 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:07.0142 4752 NdisWan - ok
18:55:07.0157 4752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:55:07.0188 4752 NDProxy - ok
18:55:07.0188 4752 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:55:07.0251 4752 NetBIOS - ok
18:55:07.0251 4752 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:55:07.0298 4752 NetBT - ok
18:55:07.0298 4752 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:55:07.0313 4752 Netlogon - ok
18:55:07.0360 4752 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:55:07.0407 4752 Netman - ok
18:55:07.0454 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:55:07.0469 4752 NetMsmqActivator - ok
18:55:07.0485 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:55:07.0500 4752 NetPipeActivator - ok
18:55:07.0516 4752 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:55:07.0578 4752 netprofm - ok
18:55:07.0578 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:55:07.0594 4752 NetTcpActivator - ok
18:55:07.0594 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:55:07.0610 4752 NetTcpPortSharing - ok
18:55:07.0641 4752 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:55:07.0656 4752 nfrd960 - ok
18:55:07.0703 4752 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:55:07.0719 4752 NisDrv - ok
18:55:07.0750 4752 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
18:55:07.0781 4752 NisSrv - ok
18:55:07.0797 4752 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:55:07.0828 4752 NlaSvc - ok
18:55:07.0828 4752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:55:07.0875 4752 Npfs - ok
18:55:07.0890 4752 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:55:07.0937 4752 nsi - ok
18:55:07.0953 4752 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:55:07.0984 4752 nsiproxy - ok
18:55:08.0031 4752 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:55:08.0093 4752 Ntfs - ok
18:55:08.0109 4752 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:55:08.0140 4752 Null - ok
18:55:08.0421 4752 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:55:08.0624 4752 nvlddmkm - ok
18:55:08.0655 4752 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
18:55:08.0670 4752 nvpciflt - ok
18:55:08.0702 4752 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:55:08.0717 4752 nvraid - ok
18:55:08.0733 4752 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:55:08.0764 4752 nvstor - ok
18:55:08.0780 4752 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:55:08.0811 4752 nvsvc - ok
18:55:08.0858 4752 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:55:08.0920 4752 nvUpdatusService - ok
18:55:08.0936 4752 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:55:08.0951 4752 nv_agp - ok
18:55:08.0967 4752 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:55:08.0982 4752 ohci1394 - ok
18:55:09.0045 4752 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
18:55:09.0060 4752 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
18:55:09.0060 4752 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
18:55:09.0123 4752 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:09.0138 4752 ose64 - ok
18:55:09.0248 4752 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:55:09.0388 4752 osppsvc - ok
18:55:09.0419 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:55:09.0450 4752 p2pimsvc - ok
18:55:09.0482 4752 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:55:09.0497 4752 p2psvc - ok
18:55:09.0528 4752 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:55:09.0544 4752 Parport - ok
18:55:09.0575 4752 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:55:09.0591 4752 partmgr - ok
18:55:09.0591 4752 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:55:09.0638 4752 PcaSvc - ok
18:55:09.0653 4752 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:55:09.0669 4752 pci - ok
18:55:09.0669 4752 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:55:09.0684 4752 pciide - ok
18:55:09.0700 4752 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:55:09.0716 4752 pcmcia - ok
18:55:09.0731 4752 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:55:09.0747 4752 pcw - ok
18:55:09.0747 4752 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:55:09.0809 4752 PEAUTH - ok
18:55:09.0856 4752 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:55:09.0918 4752 PeerDistSvc - ok
18:55:09.0934 4752 [ EE926C59CBD4DC4DC9FBB85014A2F1A5 ] PEGAGFN C:\Program Files (x86)\PHotkey\PEGAGFN.sys
18:55:09.0950 4752 PEGAGFN - ok
18:55:09.0996 4752 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:55:10.0028 4752 PerfHost - ok
18:55:10.0106 4752 [ 0015113A604B94769AB5159E8DCFC6E6 ] PinnacleUpdateSvc C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
18:55:10.0184 4752 PinnacleUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
18:55:10.0184 4752 PinnacleUpdateSvc - detected UnsignedFile.Multi.Generic (1)
18:55:10.0308 4752 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:55:10.0371 4752 pla - ok
18:55:10.0402 4752 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:55:10.0449 4752 PlugPlay - ok
18:55:10.0449 4752 PnkBstrA - ok
18:55:10.0464 4752 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:55:10.0496 4752 PNRPAutoReg - ok
18:55:10.0511 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:55:10.0527 4752 PNRPsvc - ok
18:55:10.0558 4752 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:55:10.0620 4752 PolicyAgent - ok
18:55:10.0636 4752 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:55:10.0698 4752 Power - ok
18:55:10.0761 4752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:55:10.0823 4752 PptpMiniport - ok
18:55:10.0839 4752 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:55:10.0870 4752 Processor - ok
18:55:10.0901 4752 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:55:10.0932 4752 ProfSvc - ok
18:55:10.0948 4752 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:55:10.0964 4752 ProtectedStorage - ok
18:55:10.0979 4752 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:55:11.0026 4752 Psched - ok
18:55:11.0042 4752 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:55:11.0057 4752 PxHlpa64 - ok
18:55:11.0104 4752 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:55:11.0166 4752 ql2300 - ok
18:55:11.0166 4752 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:55:11.0182 4752 ql40xx - ok
18:55:11.0198 4752 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:55:11.0229 4752 QWAVE - ok
18:55:11.0244 4752 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:55:11.0260 4752 QWAVEdrv - ok
18:55:11.0369 4752 [ 62BFCA92E1F08AE3D9ABD26A72E55DB4 ] RapportCerberus_44365 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys
18:55:11.0385 4752 RapportCerberus_44365 - ok
18:55:11.0447 4752 [ CEF1691AAAA8B3F291CD241D7B8778C2 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
18:55:11.0463 4752 RapportEI64 - ok
18:55:11.0510 4752 [ EE86BA861726741F03A786EEC847A0F7 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys
18:55:11.0525 4752 RapportIaso - ok
18:55:11.0556 4752 [ 095A3F9074D328B5ABAE2D8BEE39D63F ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
18:55:11.0588 4752 RapportMgmtService - ok
18:55:11.0619 4752 [ 80812ECC5CF0AB1143BD6E59CDB8D8F3 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
18:55:11.0634 4752 RapportPG64 - ok
18:55:11.0650 4752 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:55:11.0697 4752 RasAcd - ok
18:55:11.0744 4752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:55:11.0775 4752 RasAgileVpn - ok
18:55:11.0790 4752 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:55:11.0837 4752 RasAuto - ok
18:55:11.0853 4752 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:11.0900 4752 Rasl2tp - ok
18:55:11.0915 4752 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:55:11.0962 4752 RasMan - ok
18:55:11.0962 4752 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:12.0024 4752 RasPppoe - ok
18:55:12.0024 4752 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:55:12.0071 4752 RasSstp - ok
18:55:12.0071 4752 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:55:12.0134 4752 rdbss - ok
18:55:12.0134 4752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:55:12.0165 4752 rdpbus - ok
18:55:12.0165 4752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:12.0212 4752 RDPCDD - ok
18:55:12.0243 4752 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:55:12.0258 4752 RDPDR - ok
18:55:12.0258 4752 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:55:12.0321 4752 RDPENCDD - ok
18:55:12.0321 4752 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:55:12.0368 4752 RDPREFMP - ok
18:55:12.0414 4752 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:55:12.0446 4752 RdpVideoMiniport - ok
18:55:12.0461 4752 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:55:12.0477 4752 RDPWD - ok
18:55:12.0492 4752 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:55:12.0508 4752 rdyboost - ok
18:55:12.0539 4752 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:55:12.0586 4752 RemoteAccess - ok
18:55:12.0602 4752 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:55:12.0648 4752 RemoteRegistry - ok
18:55:12.0680 4752 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:55:12.0711 4752 RFCOMM - ok
18:55:12.0758 4752 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:55:12.0773 4752 RimUsb - ok
18:55:12.0820 4752 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:55:12.0851 4752 RimVSerPort - ok
18:55:12.0867 4752 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
18:55:12.0914 4752 ROOTMODEM - ok
18:55:12.0929 4752 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:55:12.0976 4752 RpcEptMapper - ok
18:55:12.0992 4752 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:55:13.0023 4752 RpcLocator - ok
18:55:13.0038 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
18:55:13.0085 4752 RpcSs - ok
18:55:13.0085 4752 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:55:13.0132 4752 rspndr - ok
18:55:13.0163 4752 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:55:13.0194 4752 RSUSBSTOR - ok
18:55:13.0226 4752 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:55:13.0257 4752 RTL8167 - ok
18:55:13.0272 4752 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:55:13.0304 4752 s3cap - ok
18:55:13.0319 4752 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:55:13.0335 4752 SamSs - ok
18:55:13.0350 4752 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:55:13.0366 4752 sbp2port - ok
18:55:13.0397 4752 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:55:13.0444 4752 SCardSvr - ok
18:55:13.0444 4752 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:55:13.0506 4752 scfilter - ok
18:55:13.0522 4752 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:55:13.0616 4752 Schedule - ok
18:55:13.0647 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:55:13.0678 4752 SCPolicySvc - ok
18:55:13.0709 4752 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:55:13.0725 4752 SDRSVC - ok
18:55:13.0740 4752 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:55:13.0787 4752 secdrv - ok
18:55:13.0803 4752 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:55:13.0850 4752 seclogon - ok
18:55:13.0865 4752 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:55:13.0912 4752 SENS - ok
18:55:13.0928 4752 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:55:13.0959 4752 SensrSvc - ok
18:55:13.0990 4752 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:55:14.0006 4752 Serenum - ok
18:55:14.0021 4752 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:55:14.0052 4752 Serial - ok
18:55:14.0068 4752 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:55:14.0099 4752 sermouse - ok
18:55:14.0115 4752 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:55:14.0162 4752 SessionEnv - ok
18:55:14.0177 4752 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:55:14.0208 4752 sffdisk - ok
18:55:14.0208 4752 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:55:14.0240 4752 sffp_mmc - ok
18:55:14.0255 4752 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:55:14.0271 4752 sffp_sd - ok
18:55:14.0286 4752 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:55:14.0302 4752 sfloppy - ok
18:55:14.0364 4752 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:55:14.0411 4752 SharedAccess - ok
18:55:14.0458 4752 [ 28D8BA53682D2A986EC0EC53606CA1D4 ] SharedReg C:\Windows\system32\SharedReg.dll
18:55:14.0489 4752 SharedReg ( UnsignedFile.Multi.Generic ) - warning
18:55:14.0489 4752 SharedReg - detected UnsignedFile.Multi.Generic (1)
18:55:14.0505 4752 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:55:14.0552 4752 ShellHWDetection - ok
18:55:14.0552 4752 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:55:14.0567 4752 SiSRaid2 - ok
18:55:14.0583 4752 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:55:14.0598 4752 SiSRaid4 - ok
18:55:14.0630 4752 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:55:14.0645 4752 SkypeUpdate - ok
18:55:14.0676 4752 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:55:14.0723 4752 Smb - ok
18:55:14.0754 4752 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:55:14.0786 4752 SNMPTRAP - ok
18:55:14.0801 4752 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:55:14.0817 4752 spldr - ok
18:55:14.0848 4752 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:55:14.0864 4752 Spooler - ok
18:55:14.0926 4752 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:55:15.0004 4752 sppsvc - ok
18:55:15.0020 4752 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:55:15.0066 4752 sppuinotify - ok
18:55:15.0098 4752 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
18:55:15.0129 4752 sptd - ok
18:55:15.0160 4752 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:55:15.0207 4752 srv - ok
18:55:15.0207 4752 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:55:15.0238 4752 srv2 - ok
18:55:15.0269 4752 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:55:15.0285 4752 srvnet - ok
18:55:15.0300 4752 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:55:15.0347 4752 SSDPSRV - ok
18:55:15.0363 4752 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:55:15.0410 4752 SstpSvc - ok
18:55:15.0441 4752 Steam Client Service - ok
18:55:15.0550 4752 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:55:15.0566 4752 Stereo Service - ok
18:55:15.0597 4752 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:55:15.0612 4752 stexstor - ok
18:55:15.0644 4752 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:55:15.0675 4752 stisvc - ok
18:55:15.0690 4752 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:55:15.0706 4752 storflt - ok
18:55:15.0737 4752 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:55:15.0768 4752 StorSvc - ok
18:55:15.0768 4752 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:55:15.0784 4752 storvsc - ok
18:55:15.0831 4752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:55:15.0831 4752 swenum - ok
18:55:15.0971 4752 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:55:16.0002 4752 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:55:16.0002 4752 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:55:16.0034 4752 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:55:16.0096 4752 swprv - ok
18:55:16.0127 4752 [ EBDE64F7A7BB5D98294CF1E7562BBDBA ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:55:16.0158 4752 SynTP - ok
18:55:16.0205 4752 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:55:16.0252 4752 SysMain - ok
18:55:16.0283 4752 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:55:16.0314 4752 TabletInputService - ok
18:55:16.0346 4752 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
18:55:16.0392 4752 tap0901 - ok
18:55:16.0408 4752 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:55:16.0470 4752 TapiSrv - ok
18:55:16.0486 4752 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:55:16.0517 4752 TBS - ok
18:55:16.0580 4752 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:55:16.0658 4752 Tcpip - ok
18:55:16.0704 4752 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:55:16.0736 4752 TCPIP6 - ok
18:55:16.0767 4752 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:55:16.0782 4752 tcpipreg - ok
18:55:16.0814 4752 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:55:16.0829 4752 TDPIPE - ok
18:55:16.0860 4752 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:55:16.0876 4752 TDTCP - ok
18:55:16.0892 4752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:55:16.0938 4752 tdx - ok
18:55:17.0063 4752 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:55:17.0157 4752 TeamViewer7 - ok
18:55:17.0172 4752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:55:17.0188 4752 TermDD - ok
18:55:17.0204 4752 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:55:17.0266 4752 TermService - ok
18:55:17.0282 4752 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:55:17.0297 4752 Themes - ok
18:55:17.0328 4752 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:55:17.0375 4752 THREADORDER - ok
18:55:17.0391 4752 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:55:17.0438 4752 TrkWks - ok
18:55:17.0484 4752 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:55:17.0531 4752 TrustedInstaller - ok
18:55:17.0547 4752 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:55:17.0594 4752 tssecsrv - ok
18:55:17.0609 4752 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:55:17.0640 4752 TsUsbFlt - ok
18:55:17.0656 4752 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:55:17.0672 4752 TsUsbGD - ok
18:55:17.0687 4752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:55:17.0734 4752 tunnel - ok
18:55:17.0765 4752 [ 42350E49DA754D2D77362FDAE3491651 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
18:55:17.0781 4752 TurboB - ok
18:55:17.0843 4752 [ 4F4B0AB2FB69C414CCBCEF7CF2E1C8D8 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:55:17.0859 4752 TurboBoost - ok
18:55:17.0874 4752 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:55:17.0890 4752 uagp35 - ok
18:55:17.0906 4752 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:55:17.0952 4752 udfs - ok
18:55:17.0968 4752 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:55:17.0984 4752 UI0Detect - ok
18:55:17.0999 4752 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:55:18.0015 4752 uliagpkx - ok
18:55:18.0030 4752 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:55:18.0062 4752 umbus - ok
18:55:18.0077 4752 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:55:18.0108 4752 UmPass - ok
18:55:18.0140 4752 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:55:18.0155 4752 UmRdpService - ok
18:55:18.0218 4752 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:55:18.0249 4752 UNS - ok
18:55:18.0264 4752 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:55:18.0311 4752 upnphost - ok
18:55:18.0358 4752 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:55:18.0374 4752 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:55:18.0374 4752 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:55:18.0405 4752 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:55:18.0436 4752 usbaudio - ok
18:55:18.0452 4752 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:55:18.0467 4752 usbccgp - ok
18:55:18.0498 4752 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:55:18.0514 4752 usbcir - ok
18:55:18.0545 4752 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:55:18.0561 4752 usbehci - ok
18:55:18.0592 4752 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:55:18.0623 4752 usbhub - ok
18:55:18.0639 4752 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:55:18.0670 4752 usbohci - ok
18:55:18.0686 4752 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:55:18.0717 4752 usbprint - ok
18:55:18.0748 4752 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:55:18.0764 4752 usbscan - ok
18:55:18.0779 4752 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:55:18.0810 4752 USBSTOR - ok
18:55:18.0826 4752 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:55:18.0857 4752 usbuhci - ok
18:55:18.0888 4752 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:55:18.0904 4752 usbvideo - ok
18:55:18.0935 4752 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
18:55:18.0951 4752 usb_rndisx - ok
18:55:18.0966 4752 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:55:19.0029 4752 UxSms - ok
18:55:19.0044 4752 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:55:19.0060 4752 VaultSvc - ok
18:55:19.0107 4752 [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:55:19.0138 4752 VBoxDrv - ok
18:55:19.0154 4752 [ A2FE818D7F930C51ADA37C04DBCB015D ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:55:19.0169 4752 VBoxNetAdp - ok
18:55:19.0200 4752 [ CD37A9264C404E48BCE162D37B117B45 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:55:19.0216 4752 VBoxNetFlt - ok
18:55:19.0247 4752 [ F649B3D30C6F40B04BDCCD0D11A43481 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:55:19.0263 4752 VBoxUSBMon - ok
18:55:19.0278 4752 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:55:19.0294 4752 vdrvroot - ok
18:55:19.0325 4752 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:55:19.0388 4752 vds - ok
18:55:19.0419 4752 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:55:19.0434 4752 vga - ok
18:55:19.0434 4752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:55:19.0481 4752 VgaSave - ok
18:55:19.0497 4752 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:55:19.0528 4752 vhdmp - ok
18:55:19.0528 4752 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:55:19.0544 4752 viaide - ok
18:55:19.0606 4752 [ 7171B884DA8BFB1CE5C8BAE46D993CB1 ] VMAuthdService D:\VMware\VMware Workstation\vmware-authd.exe
18:55:19.0637 4752 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
18:55:19.0637 4752 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
18:55:19.0668 4752 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:55:19.0684 4752 vmbus - ok
18:55:19.0700 4752 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:55:19.0731 4752 VMBusHID - ok
18:55:19.0762 4752 [ 6203C901DEFF10631AAD919B3BD1489B ] vmci C:\Windows\system32\DRIVERS\vmci.sys
18:55:19.0778 4752 vmci - ok
18:55:19.0809 4752 [ AF3FAAE90D4BE41ECB510969A05C1842 ] vmkbd2 C:\Windows\system32\drivers\VMkbd.sys
18:55:19.0824 4752 vmkbd2 - ok
18:55:19.0840 4752 [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
18:55:19.0856 4752 VMnetAdapter - ok
18:55:19.0856 4752 [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
18:55:19.0871 4752 VMnetBridge - ok
18:55:19.0902 4752 VMnetDHCP - ok
18:55:19.0918 4752 [ B19B92D57515D3DE3330ADD34AB6AB05 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
18:55:19.0934 4752 VMnetuserif - ok
18:55:19.0965 4752 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
18:55:19.0980 4752 vmusb - ok
18:55:20.0027 4752 [ 105CC87FF31CB3C911ED6C515EC82F75 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
18:55:20.0058 4752 VMUSBArbService - ok
18:55:20.0074 4752 VMware NAT Service - ok
18:55:20.0168 4752 [ F939341BF1846C5FB1B3614D5FEE32B8 ] vmware-view-usbd C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
18:55:20.0214 4752 vmware-view-usbd ( UnsignedFile.Multi.Generic ) - warning
18:55:20.0214 4752 vmware-view-usbd - detected UnsignedFile.Multi.Generic (1)
18:55:20.0433 4752 [ 5C6121C09B35B01705EEF7B948B92338 ] VMwareHostd D:\VMware\VMware Workstation\vmware-hostd.exe
18:55:20.0760 4752 VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
18:55:20.0760 4752 VMwareHostd - detected UnsignedFile.Multi.Generic (1)
18:55:20.0792 4752 [ B95C74CB53894249F43A8302E9AF7E23 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
18:55:20.0807 4752 vmx86 - ok
18:55:20.0823 4752 [ 93F279A2C172562050700A18FA84BE2E ] vncmirror C:\Windows\system32\DRIVERS\vncmirror.sys
18:55:20.0838 4752 vncmirror - ok
18:55:20.0870 4752 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:55:20.0885 4752 volmgr - ok
18:55:20.0901 4752 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:55:20.0916 4752 volmgrx - ok
18:55:20.0932 4752 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:55:20.0948 4752 volsnap - ok
18:55:21.0010 4752 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
18:55:21.0026 4752 vpcbus - ok
18:55:21.0041 4752 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:55:21.0072 4752 vpcnfltr - ok
18:55:21.0088 4752 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
18:55:21.0104 4752 vpcusb - ok
18:55:21.0135 4752 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
18:55:21.0150 4752 vpcvmm - ok
18:55:21.0166 4752 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:55:21.0182 4752 vsmraid - ok
18:55:21.0213 4752 [ 1BD504B8678825B40C515BEF5BFB08E7 ] vsock C:\Windows\system32\drivers\vsock.sys
18:55:21.0228 4752 vsock - ok
18:55:21.0275 4752 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:55:21.0369 4752 VSS - ok
18:55:21.0369 4752 vstor2 - ok
18:55:21.0447 4752 [ 65EFAEC68FA234F36880533A79D7B1C1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
18:55:21.0462 4752 vstor2-mntapi10-shared - ok
18:55:21.0462 4752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:55:21.0494 4752 vwifibus - ok
18:55:21.0494 4752 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:55:21.0525 4752 vwififlt - ok
18:55:21.0540 4752 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:55:21.0556 4752 vwifimp - ok
18:55:21.0572 4752 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:55:21.0618 4752 W32Time - ok
18:55:21.0650 4752 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:55:21.0665 4752 WacomPen - ok
18:55:21.0681 4752 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:55:21.0743 4752 WANARP - ok
18:55:21.0743 4752 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:55:21.0790 4752 Wanarpv6 - ok
18:55:21.0837 4752 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:55:21.0884 4752 WatAdminSvc - ok
18:55:21.0930 4752 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:55:22.0008 4752 wbengine - ok
18:55:22.0040 4752 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:55:22.0055 4752 WbioSrvc - ok
18:55:22.0071 4752 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:55:22.0102 4752 wcncsvc - ok
18:55:22.0118 4752 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:55:22.0133 4752 WcsPlugInService - ok
18:55:22.0149 4752 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:55:22.0164 4752 Wd - ok
18:55:22.0196 4752 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:55:22.0227 4752 Wdf01000 - ok
18:55:22.0242 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:55:22.0274 4752 WdiServiceHost - ok
18:55:22.0274 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:55:22.0320 4752 WdiSystemHost - ok
18:55:22.0336 4752 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:55:22.0367 4752 WebClient - ok
18:55:22.0383 4752 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:55:22.0445 4752 Wecsvc - ok
18:55:22.0461 4752 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:55:22.0492 4752 wercplsupport - ok
18:55:22.0508 4752 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:55:22.0554 4752 WerSvc - ok
18:55:22.0601 4752 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:55:22.0632 4752 WfpLwf - ok
18:55:22.0664 4752 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:55:22.0679 4752 WIMMount - ok
18:55:22.0695 4752 WinDefend - ok
18:55:22.0695 4752 WinHttpAutoProxySvc - ok
18:55:22.0757 4752 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:55:22.0804 4752 Winmgmt - ok
18:55:22.0835 4752 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:55:22.0929 4752 WinRM - ok
18:55:22.0991 4752 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:55:23.0007 4752 WinUsb - ok
18:55:23.0038 4752 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:55:23.0085 4752 Wlansvc - ok
18:55:23.0194 4752 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:55:23.0241 4752 wlidsvc - ok
18:55:23.0241 4752 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:55:23.0256 4752 WmiAcpi - ok
18:55:23.0303 4752 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:55:23.0319 4752 wmiApSrv - ok
18:55:23.0334 4752 WMPNetworkSvc - ok
18:55:23.0350 4752 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:55:23.0366 4752 WPCSvc - ok
18:55:23.0381 4752 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:55:23.0397 4752 WPDBusEnum - ok
18:55:23.0412 4752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:55:23.0444 4752 ws2ifsl - ok
18:55:23.0459 4752 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:55:23.0506 4752 wscsvc - ok
18:55:23.0506 4752 WSearch - ok
18:55:23.0537 4752 [ EA21558D53933880F6A3CD9F6462D482 ] wsnm C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
18:55:23.0568 4752 wsnm - ok
18:55:23.0631 4752 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:55:23.0678 4752 wuauserv - ok
18:55:23.0693 4752 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:55:23.0709 4752 WudfPf - ok
18:55:23.0724 4752 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:55:23.0756 4752 WUDFRd - ok
18:55:23.0787 4752 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:55:23.0818 4752 wudfsvc - ok
18:55:23.0849 4752 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:55:23.0865 4752 WwanSvc - ok
18:55:23.0927 4752 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:55:23.0943 4752 xusb21 - ok
18:55:23.0990 4752 ================ Scan global ===============================
18:55:24.0021 4752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:55:24.0052 4752 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:55:24.0052 4752 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:55:24.0083 4752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:55:24.0099 4752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:55:24.0099 4752 [Global] - ok
18:55:24.0099 4752 ================ Scan MBR ==================================
18:55:24.0130 4752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:55:24.0520 4752 \Device\Harddisk0\DR0 - ok
18:55:24.0520 4752 ================ Scan VBR ==================================
18:55:24.0520 4752 [ 63E8774F1433D4B821F869B1DA00FD9A ] \Device\Harddisk0\DR0\Partition1
18:55:24.0520 4752 \Device\Harddisk0\DR0\Partition1 - ok
18:55:24.0520 4752 [ 78F44A7063A42A150695EFC206CB0349 ] \Device\Harddisk0\DR0\Partition2
18:55:24.0536 4752 \Device\Harddisk0\DR0\Partition2 - ok
18:55:24.0551 4752 [ EEFDC9A59B97E9EFC95065EC5A347196 ] \Device\Harddisk0\DR0\Partition3
18:55:24.0551 4752 \Device\Harddisk0\DR0\Partition3 - ok
18:55:24.0551 4752 ================ Scan active images ========================
18:55:24.0551 4752 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
18:55:24.0551 4752 C:\Windows\System32\drivers\crashdmp.sys - ok
18:55:24.0551 4752 [ C224331A54571C8C9162F7714400BBBD ] C:\Windows\System32\drivers\iaStor.sys
18:55:24.0551 4752 C:\Windows\System32\drivers\iaStor.sys - ok
18:55:24.0551 4752 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
18:55:24.0551 4752 C:\Windows\System32\drivers\dumpfve.sys - ok
18:55:24.0551 4752 [ 1B1E264203D4EF9D3DA1987AD70355AB ] C:\Windows\System32\drivers\scsiport.sys
18:55:24.0551 4752 C:\Windows\System32\drivers\scsiport.sys - ok
18:55:24.0567 4752 [ 0FAD70B541338024A667AA5858BCFE62 ] \Device\2411000422
18:55:24.0567 4752 \Device\2411000422 - ok
18:55:24.0567 4752 [ 46571ED73AE84469DCA53081D33CF3C8 ] C:\Windows\System32\drivers\dtsoftbus01.sys
18:55:24.0567 4752 C:\Windows\System32\drivers\dtsoftbus01.sys - ok
18:55:24.0567 4752 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
18:55:24.0567 4752 C:\Windows\System32\drivers\cdrom.sys - ok
18:55:24.0567 4752 [ 62BFCA92E1F08AE3D9ABD26A72E55DB4 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys
18:55:24.0567 4752 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys - ok
18:55:24.0567 4752 [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
18:55:24.0567 4752 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
18:55:24.0582 4752 [ 80812ECC5CF0AB1143BD6E59CDB8D8F3 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
18:55:24.0582 4752 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys - ok
18:55:24.0582 4752 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
18:55:24.0582 4752 C:\Windows\System32\drivers\null.sys - ok
18:55:24.0582 4752 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
18:55:24.0582 4752 C:\Windows\System32\drivers\beep.sys - ok
18:55:24.0582 4752 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
18:55:24.0582 4752 C:\Windows\System32\drivers\videoprt.sys - ok
18:55:24.0582 4752 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
18:55:24.0582 4752 C:\Windows\System32\drivers\watchdog.sys - ok
18:55:24.0598 4752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
18:55:24.0598 4752 C:\Windows\System32\drivers\RDPCDD.sys - ok
18:55:24.0598 4752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
18:55:24.0598 4752 C:\Windows\System32\drivers\vga.sys - ok
18:55:24.0598 4752 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
18:55:24.0598 4752 C:\Windows\System32\drivers\RDPENCDD.sys - ok
18:55:24.0598 4752 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
18:55:24.0598 4752 C:\Windows\System32\drivers\RDPREFMP.sys - ok
18:55:24.0598 4752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
18:55:24.0598 4752 C:\Windows\System32\drivers\msfs.sys - ok
18:55:24.0614 4752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
18:55:24.0614 4752 C:\Windows\System32\drivers\npfs.sys - ok
18:55:24.0614 4752 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
18:55:24.0614 4752 C:\Windows\System32\drivers\tdi.sys - ok
18:55:24.0614 4752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
18:55:24.0614 4752 C:\Windows\System32\drivers\tdx.sys - ok
18:55:24.0614 4752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
18:55:24.0614 4752 C:\Windows\System32\drivers\afd.sys - ok
18:55:24.0614 4752 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
18:55:24.0614 4752 C:\Windows\System32\drivers\netbt.sys - ok
18:55:24.0629 4752 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
18:55:24.0629 4752 C:\Windows\System32\drivers\pacer.sys - ok
18:55:24.0629 4752 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
18:55:24.0629 4752 C:\Windows\System32\drivers\wfplwf.sys - ok
18:55:24.0629 4752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
18:55:24.0629 4752 C:\Windows\System32\drivers\ws2ifsl.sys - ok
18:55:24.0629 4752 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
18:55:24.0629 4752 C:\Windows\System32\drivers\vwififlt.sys - ok
18:55:24.0629 4752 [ E675FB2B48C54F09895482E2253B289C ] C:\Windows\System32\drivers\vpcnfltr.sys
18:55:24.0629 4752 C:\Windows\System32\drivers\vpcnfltr.sys - ok
18:55:24.0645 4752 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
18:55:24.0645 4752 C:\Windows\System32\drivers\netbios.sys - ok
18:55:24.0645 4752 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
18:55:24.0645 4752 C:\Windows\System32\drivers\wanarp.sys - ok
18:55:24.0645 4752 [ 207B6539799CC1C112661A9B620DD233 ] C:\Windows\System32\drivers\vpcvmm.sys
18:55:24.0645 4752 C:\Windows\System32\drivers\vpcvmm.sys - ok
18:55:24.0645 4752 [ F649B3D30C6F40B04BDCCD0D11A43481 ] C:\Windows\System32\drivers\VBoxUSBMon.sys
18:55:24.0645 4752 C:\Windows\System32\drivers\VBoxUSBMon.sys - ok
18:55:24.0645 4752 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
18:55:24.0645 4752 C:\Windows\System32\drivers\rdbss.sys - ok
18:55:24.0660 4752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
18:55:24.0660 4752 C:\Windows\System32\drivers\termdd.sys - ok
18:55:24.0660 4752 [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] C:\Windows\System32\drivers\VBoxDrv.sys
18:55:24.0660 4752 C:\Windows\System32\drivers\VBoxDrv.sys - ok
18:55:24.0660 4752 [ CEF1691AAAA8B3F291CD241D7B8778C2 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
18:55:24.0660 4752 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys - ok
18:55:24.0660 4752 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
18:55:24.0660 4752 C:\Windows\System32\drivers\nsiproxy.sys - ok
18:55:24.0660 4752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
18:55:24.0660 4752 C:\Windows\System32\drivers\mssmbios.sys - ok
18:55:24.0676 4752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
18:55:24.0676 4752 C:\Windows\System32\drivers\discache.sys - ok
18:55:24.0676 4752 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys
18:55:24.0676 4752 C:\Windows\System32\drivers\csc.sys - ok
18:55:24.0676 4752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
18:55:24.0676 4752 C:\Windows\System32\drivers\blbdrive.sys - ok
18:55:24.0676 4752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
18:55:24.0676 4752 C:\Windows\System32\drivers\dfsc.sys - ok
18:55:24.0692 4752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
18:55:24.0692 4752 C:\Windows\System32\drivers\tunnel.sys - ok
18:55:24.0692 4752 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
18:55:24.0692 4752 C:\Windows\System32\ntdll.dll - ok
18:55:24.0692 4752 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
18:55:24.0692 4752 C:\Windows\System32\smss.exe - ok
18:55:24.0692 4752 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
18:55:24.0692 4752 C:\Windows\System32\autochk.exe - ok
18:55:24.0692 4752 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
18:55:24.0692 4752 C:\Windows\System32\nsi.dll - ok
18:55:24.0692 4752 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
18:55:24.0692 4752 C:\Windows\System32\clbcatq.dll - ok
18:55:24.0707 4752 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
18:55:24.0707 4752 C:\Windows\System32\usp10.dll - ok
18:55:24.0707 4752 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] C:\Windows\System32\drivers\nvlddmkm.sys
18:55:24.0707 4752 C:\Windows\System32\drivers\nvlddmkm.sys - ok
18:55:24.0707 4752 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
18:55:24.0707 4752 C:\Windows\System32\ole32.dll - ok
18:55:24.0707 4752 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
18:55:24.0707 4752 C:\Windows\System32\msvcrt.dll - ok
18:55:24.0707 4752 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
18:55:24.0707 4752 C:\Windows\System32\difxapi.dll - ok
18:55:24.0723 4752 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
18:55:24.0723 4752 C:\Windows\System32\drivers\dxgkrnl.sys - ok
18:55:24.0723 4752 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
18:55:24.0723 4752 C:\Windows\System32\drivers\dxgmms1.sys - ok
18:55:24.0723 4752 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
18:55:24.0723 4752 C:\Windows\System32\shell32.dll - ok
18:55:24.0723 4752 [ A1CF07D24EDCDC6870535471654D957C ] C:\Windows\System32\drivers\igdkmd64.sys
18:55:24.0723 4752 C:\Windows\System32\drivers\igdkmd64.sys - ok
18:55:24.0723 4752 [ 1008CD90DA2198FFD250298DEB9DF160 ] C:\Windows\System32\drivers\iusb3xhc.sys
18:55:24.0723 4752 C:\Windows\System32\drivers\iusb3xhc.sys - ok
18:55:24.0738 4752 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
18:55:24.0738 4752 C:\Windows\System32\drivers\usbd.sys - ok
18:55:24.0738 4752 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] C:\Windows\System32\drivers\HECIx64.sys
18:55:24.0738 4752 C:\Windows\System32\drivers\HECIx64.sys - ok
18:55:24.0738 4752 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
18:55:24.0738 4752 C:\Windows\System32\drivers\usbport.sys - ok
18:55:24.0738 4752 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
18:55:24.0738 4752 C:\Windows\System32\drivers\usbehci.sys - ok
18:55:24.0738 4752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
18:55:24.0738 4752 C:\Windows\System32\drivers\hdaudbus.sys - ok
18:55:24.0754 4752 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
18:55:24.0754 4752 C:\Windows\System32\urlmon.dll - ok
18:55:24.0754 4752 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
18:55:24.0754 4752 C:\Windows\System32\wininet.dll - ok
18:55:24.0754 4752 [ 881AF14AD2F1207672873B65ACA6C92F ] C:\Windows\System32\drivers\athrx.sys
18:55:24.0754 4752 C:\Windows\System32\drivers\athrx.sys - ok
18:55:24.0754 4752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
18:55:24.0754 4752 C:\Windows\System32\drivers\vwifibus.sys - ok
18:55:24.0754 4752 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
18:55:24.0754 4752 C:\Windows\System32\sechost.dll - ok
18:55:24.0770 4752 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
18:55:24.0770 4752 C:\Windows\System32\imm32.dll - ok
18:55:24.0770 4752 [ 9140DB0911DE035FED0A9A77A2D156EA ] C:\Windows\System32\drivers\Rt64win7.sys
18:55:24.0770 4752 C:\Windows\System32\drivers\Rt64win7.sys - ok
18:55:24.0770 4752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
18:55:24.0770 4752 C:\Windows\System32\drivers\i8042prt.sys - ok
18:55:24.0770 4752 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
18:55:24.0770 4752 C:\Windows\System32\msctf.dll - ok
18:55:24.0770 4752 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
18:55:24.0770 4752 C:\Windows\System32\psapi.dll - ok
18:55:24.0785 4752 [ EBDE64F7A7BB5D98294CF1E7562BBDBA ] C:\Windows\System32\drivers\SynTP.sys
18:55:24.0785 4752 C:\Windows\System32\drivers\SynTP.sys - ok
18:55:24.0785 4752 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
18:55:24.0785 4752 C:\Windows\System32\kernel32.dll - ok
18:55:24.0785 4752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
18:55:24.0785 4752 C:\Windows\System32\drivers\mouclass.sys - ok
18:55:24.0785 4752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
18:55:24.0785 4752 C:\Windows\System32\drivers\kbdclass.sys - ok
18:55:24.0785 4752 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
18:55:24.0785 4752 C:\Windows\System32\shlwapi.dll - ok
18:55:24.0801 4752 [ AF3FAAE90D4BE41ECB510969A05C1842 ] C:\Windows\System32\drivers\VMkbd.sys
18:55:24.0801 4752 C:\Windows\System32\drivers\VMkbd.sys - ok
18:55:24.0801 4752 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
18:55:24.0801 4752 C:\Windows\System32\imagehlp.dll - ok
18:55:24.0801 4752 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
18:55:24.0801 4752 C:\Windows\System32\drivers\CmBatt.sys - ok
18:55:24.0801 4752 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
18:55:24.0801 4752 C:\Windows\System32\drivers\wmiacpi.sys - ok
18:55:24.0801 4752 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
18:55:24.0801 4752 C:\Windows\System32\drivers\intelppm.sys - ok
18:55:24.0816 4752 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
18:55:24.0816 4752 C:\Windows\System32\ws2_32.dll - ok
18:55:24.0816 4752 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
18:55:24.0816 4752 C:\Windows\System32\drivers\CompositeBus.sys - ok
18:55:24.0816 4752 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
18:55:24.0816 4752 C:\Windows\System32\gdi32.dll - ok
18:55:24.0816 4752 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] C:\Windows\System32\drivers\rootmdm.sys
18:55:24.0816 4752 C:\Windows\System32\drivers\rootmdm.sys - ok
18:55:24.0832 4752 [ 800BA92F7010378B09F9ED9270F07137 ] C:\Windows\System32\drivers\modem.sys
18:55:24.0832 4752 C:\Windows\System32\drivers\modem.sys - ok
18:55:24.0832 4752 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
18:55:24.0832 4752 C:\Windows\System32\Wldap32.dll - ok
18:55:24.0832 4752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
18:55:24.0832 4752 C:\Windows\System32\drivers\agilevpn.sys - ok
18:55:24.0832 4752 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
18:55:24.0832 4752 C:\Windows\System32\drivers\rasl2tp.sys - ok
18:55:24.0832 4752 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
18:55:24.0832 4752 C:\Windows\System32\iertutil.dll - ok
18:55:24.0848 4752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
18:55:24.0848 4752 C:\Windows\System32\drivers\ndistapi.sys - ok
18:55:24.0848 4752 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
18:55:24.0848 4752 C:\Windows\System32\drivers\ndiswan.sys - ok
18:55:24.0848 4752 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
18:55:24.0848 4752 C:\Windows\System32\drivers\raspppoe.sys - ok
18:55:24.0848 4752 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
18:55:24.0848 4752 C:\Windows\System32\rpcrt4.dll - ok
18:55:24.0848 4752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
18:55:24.0848 4752 C:\Windows\System32\drivers\raspptp.sys - ok
18:55:24.0863 4752 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
18:55:24.0863 4752 C:\Windows\System32\drivers\rassstp.sys - ok
18:55:24.0863 4752 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
18:55:24.0863 4752 C:\Windows\System32\oleaut32.dll - ok
18:55:24.0863 4752 [ A2FE818D7F930C51ADA37C04DBCB015D ] C:\Windows\System32\drivers\VBoxNetAdp.sys
18:55:24.0863 4752 C:\Windows\System32\drivers\VBoxNetAdp.sys - ok
18:55:24.0863 4752 [ F9BE29D5E097F03F81D3CD12B794CB66 ] C:\Windows\System32\drivers\tap0901.sys
18:55:24.0863 4752 C:\Windows\System32\drivers\tap0901.sys - ok
18:55:24.0863 4752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
18:55:24.0863 4752 C:\Windows\System32\drivers\rdpbus.sys - ok
18:55:24.0879 4752 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] C:\Windows\System32\drivers\RimSerial_AMD64.sys
18:55:24.0879 4752 C:\Windows\System32\drivers\RimSerial_AMD64.sys - ok
18:55:24.0879 4752 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
18:55:24.0879 4752 C:\Windows\System32\comdlg32.dll - ok
18:55:24.0879 4752 [ CD37A9264C404E48BCE162D37B117B45 ] C:\Windows\System32\drivers\VBoxNetFlt.sys
18:55:24.0879 4752 C:\Windows\System32\drivers\VBoxNetFlt.sys - ok
18:55:24.0879 4752 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
18:55:24.0879 4752 C:\Windows\System32\advapi32.dll - ok
18:55:24.0879 4752 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
18:55:24.0879 4752 C:\Windows\System32\drivers\ks.sys - ok
18:55:24.0894 4752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
18:55:24.0894 4752 C:\Windows\System32\drivers\swenum.sys - ok
18:55:24.0894 4752 [ E6B734A37ADE36FE1A77035F4E484C8C ] C:\Windows\System32\drivers\btath_bus.sys
18:55:24.0894 4752 C:\Windows\System32\drivers\btath_bus.sys - ok
18:55:24.0894 4752 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
18:55:24.0894 4752 C:\Windows\System32\drivers\umbus.sys - ok
18:55:24.0894 4752 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
18:55:24.0894 4752 C:\Windows\System32\user32.dll - ok
18:55:24.0894 4752 [ C3EC945DEC43C00E2AD4C98DDDD064C7 ] C:\Windows\System32\drivers\usbrpm.sys
18:55:24.0894 4752 C:\Windows\System32\drivers\usbrpm.sys - ok
18:55:24.0910 4752 [ 5FB42082B0D19A0268705F1DD343DF20 ] C:\Windows\System32\drivers\vpcusb.sys
18:55:24.0910 4752 C:\Windows\System32\drivers\vpcusb.sys - ok
18:55:24.0910 4752 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
18:55:24.0910 4752 C:\Windows\System32\setupapi.dll - ok
18:55:24.0910 4752 [ 65E3C9FA59EC5846F29DC5D9D6D438F5 ] C:\Windows\System32\drivers\vmnet.sys
18:55:24.0910 4752 C:\Windows\System32\drivers\vmnet.sys - ok
18:55:24.0910 4752 [ AEF53B47E960F227BF7638A6A1A9D5C6 ] C:\Windows\System32\drivers\vmnetadapter.sys
18:55:24.0910 4752 C:\Windows\System32\drivers\vmnetadapter.sys - ok
18:55:24.0910 4752 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] C:\Windows\System32\drivers\vpchbus.sys
18:55:24.0910 4752 C:\Windows\System32\drivers\vpchbus.sys - ok
18:55:24.0926 4752 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
18:55:24.0926 4752 C:\Windows\System32\lpk.dll - ok
18:55:24.0926 4752 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
18:55:24.0926 4752 C:\Windows\System32\normaliz.dll - ok
18:55:24.0926 4752 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
18:55:24.0926 4752 C:\Windows\System32\crypt32.dll - ok
18:55:24.0926 4752 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
18:55:24.0926 4752 C:\Windows\System32\devobj.dll - ok
18:55:24.0926 4752 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
18:55:24.0926 4752 C:\Windows\System32\cfgmgr32.dll - ok
18:55:24.0941 4752 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
18:55:24.0941 4752 C:\Windows\System32\drivers\usbhub.sys - ok
18:55:24.0941 4752 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
18:55:24.0941 4752 C:\Windows\System32\wintrust.dll - ok
18:55:24.0941 4752 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
18:55:24.0941 4752 C:\Windows\System32\comctl32.dll - ok
18:55:24.0941 4752 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
18:55:24.0941 4752 C:\Windows\System32\KernelBase.dll - ok
18:55:24.0941 4752 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
18:55:24.0941 4752 C:\Windows\System32\msasn1.dll - ok
18:55:24.0957 4752 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
18:55:24.0957 4752 C:\Windows\SysWOW64\normaliz.dll - ok
18:55:24.0957 4752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
18:55:24.0957 4752 C:\Windows\System32\drivers\ndproxy.sys - ok
18:55:24.0957 4752 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] C:\Windows\System32\drivers\iusb3hub.sys
18:55:24.0957 4752 C:\Windows\System32\drivers\iusb3hub.sys - ok
18:55:24.0957 4752 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
18:55:24.0957 4752 C:\Windows\System32\drivers\drmk.sys - ok
18:55:24.0957 4752 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
18:55:24.0957 4752 C:\Windows\System32\drivers\portcls.sys - ok
18:55:24.0972 4752 [ 059DDDEDBE5701DC3B779D32798108AC ] C:\Windows\System32\drivers\RTKVHD64.sys
18:55:24.0972 4752 C:\Windows\System32\drivers\RTKVHD64.sys - ok
18:55:24.0972 4752 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
18:55:24.0972 4752 C:\Windows\System32\drivers\ksthunk.sys - ok
18:55:24.0972 4752 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] C:\Windows\System32\drivers\IntcDAud.sys
18:55:24.0972 4752 C:\Windows\System32\drivers\IntcDAud.sys - ok
18:55:24.0972 4752 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
18:55:24.0972 4752 C:\Windows\System32\drivers\dxapi.sys - ok
18:55:24.0972 4752 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
18:55:24.0972 4752 C:\Windows\System32\win32k.sys - ok
18:55:24.0988 4752 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
18:55:24.0988 4752 C:\Windows\System32\csrss.exe - ok
18:55:24.0988 4752 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
18:55:24.0988 4752 C:\Windows\System32\csrsrv.dll - ok
18:55:24.0988 4752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
18:55:24.0988 4752 C:\Windows\System32\basesrv.dll - ok
18:55:24.0988 4752 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
18:55:24.0988 4752 C:\Windows\System32\winsrv.dll - ok
18:55:25.0004 4752 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
18:55:25.0004 4752 C:\Windows\System32\drivers\usbccgp.sys - ok
18:55:25.0004 4752 [ 454800C2BC7F3927CE030141EE4F4C50 ] C:\Windows\System32\drivers\usbvideo.sys
18:55:25.0004 4752 C:\Windows\System32\drivers\usbvideo.sys - ok
18:55:25.0004 4752 [ 4FBDD8AF372ED5CB2EA63C0890C62435 ] C:\Windows\System32\drivers\btfilter.sys
18:55:25.0004 4752 C:\Windows\System32\drivers\btfilter.sys - ok
18:55:25.0004 4752 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] C:\Windows\System32\drivers\bthport.sys
18:55:25.0004 4752 C:\Windows\System32\drivers\bthport.sys - ok
18:55:25.0004 4752 [ F188B7394D81010767B6DF3178519A37 ] C:\Windows\System32\drivers\BTHUSB.SYS
18:55:25.0004 4752 C:\Windows\System32\drivers\BTHUSB.SYS - ok
18:55:25.0019 4752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
18:55:25.0019 4752 C:\Windows\System32\drivers\monitor.sys - ok
18:55:25.0019 4752 [ 3DD798846E2C28102B922C56E71B7932 ] C:\Windows\System32\drivers\rfcomm.sys
18:55:25.0019 4752 C:\Windows\System32\drivers\rfcomm.sys - ok
18:55:25.0019 4752 [ CF98190A94F62E405C8CB255018B2315 ] C:\Windows\System32\drivers\bthenum.sys
18:55:25.0019 4752 C:\Windows\System32\drivers\bthenum.sys - ok
18:55:25.0019 4752 [ 02DD601B708DD0667E1331FA8518E9FF ] C:\Windows\System32\drivers\bthpan.sys
18:55:25.0019 4752 C:\Windows\System32\drivers\bthpan.sys - ok
18:55:25.0019 4752 [ ABCD3C16CA850A7594CEB9AD5D966810 ] C:\Windows\System32\drivers\btath_rcp.sys
18:55:25.0019 4752 C:\Windows\System32\drivers\btath_rcp.sys - ok
18:55:25.0035 4752 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
18:55:25.0035 4752 C:\Windows\System32\drivers\hidclass.sys - ok
18:55:25.0035 4752 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
18:55:25.0035 4752 C:\Windows\System32\drivers\hidparse.sys - ok
18:55:25.0035 4752 [ 2D27F7A831657D63AFC78E5E78DCA83F ] C:\Windows\System32\drivers\btath_avdt.sys
18:55:25.0035 4752 C:\Windows\System32\drivers\btath_avdt.sys - ok
18:55:25.0035 4752 [ C05ED3246C06EC56F10D85B0304CD09E ] C:\Windows\System32\drivers\btath_a2dp.sys
18:55:25.0035 4752 C:\Windows\System32\drivers\btath_a2dp.sys - ok
18:55:25.0050 4752 [ FB3833E63FF602B69C2FF085846DCF43 ] C:\Windows\System32\drivers\btath_hcrp.sys
18:55:25.0050 4752 C:\Windows\System32\drivers\btath_hcrp.sys - ok
18:55:25.0050 4752 [ D0B119D6F52BDCA8D204F79D27690209 ] C:\Windows\System32\drivers\btath_flt.sys
18:55:25.0050 4752 C:\Windows\System32\drivers\btath_flt.sys - ok
18:55:25.0050 4752 [ 371A11C1333BA526263A987A93ACDE3D ] C:\Windows\System32\drivers\btath_lwflt.sys
18:55:25.0050 4752 C:\Windows\System32\drivers\btath_lwflt.sys - ok
18:55:25.0050 4752 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
18:55:25.0050 4752 C:\Windows\System32\tsddd.dll - ok
18:55:25.0050 4752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
18:55:25.0050 4752 C:\Windows\System32\sxssrv.dll - ok
18:55:25.0066 4752 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
18:55:25.0066 4752 C:\Windows\System32\wininit.exe - ok
18:55:25.0066 4752 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
18:55:25.0066 4752 C:\Windows\System32\profapi.dll - ok
18:55:25.0066 4752 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
18:55:25.0066 4752 C:\Windows\System32\cdd.dll - ok
18:55:25.0066 4752 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
18:55:25.0066 4752 C:\Windows\System32\RpcRtRemote.dll - ok
18:55:25.0066 4752 [ 1A83FACA2135AF076E8EA73A30B3B26C ] C:\Windows\System32\KBDUK.DLL
18:55:25.0066 4752 C:\Windows\System32\KBDUK.DLL - ok
18:55:25.0082 4752 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
18:55:25.0082 4752 C:\Windows\System32\winlogon.exe - ok
18:55:25.0082 4752 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
18:55:25.0082 4752 C:\Windows\System32\winsta.dll - ok
18:55:25.0082 4752 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
18:55:25.0082 4752 C:\Windows\System32\WlS0WndH.dll - ok
18:55:25.0082 4752 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
18:55:25.0082 4752 C:\Windows\System32\sxs.dll - ok
18:55:25.0082 4752 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
18:55:25.0082 4752 C:\Windows\System32\cryptbase.dll - ok
18:55:25.0097 4752 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
18:55:25.0097 4752 C:\Windows\System32\apphelp.dll - ok
18:55:25.0097 4752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
18:55:25.0097 4752 C:\Windows\System32\services.exe - ok
18:55:25.0097 4752 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
18:55:25.0097 4752 C:\Windows\System32\lsass.exe - ok
18:55:25.0097 4752 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
18:55:25.0097 4752 C:\Windows\System32\lsm.exe - ok
18:55:25.0097 4752 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
18:55:25.0097 4752 C:\Windows\System32\sspicli.dll - ok
18:55:25.0113 4752 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
18:55:25.0113 4752 C:\Windows\System32\sspisrv.dll - ok
18:55:25.0113 4752 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
18:55:25.0113 4752 C:\Windows\System32\scext.dll - ok
18:55:25.0113 4752 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
18:55:25.0113 4752 C:\Windows\System32\sysntfy.dll - ok
18:55:25.0113 4752 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
18:55:25.0113 4752 C:\Windows\System32\secur32.dll - ok
18:55:25.0113 4752 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
18:55:25.0113 4752 C:\Windows\System32\wmsgapi.dll - ok
18:55:25.0128 4752 [ 685527DA09EBFB681E98C515978BDEE2 ] C:\Windows\System32\lsasrv.dll
18:55:25.0128 4752 C:\Windows\System32\lsasrv.dll - ok
18:55:25.0128 4752 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
18:55:25.0128 4752 C:\Windows\System32\scesrv.dll - ok
18:55:25.0128 4752 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
18:55:25.0128 4752 C:\Windows\System32\srvcli.dll - ok
18:55:25.0128 4752 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
18:55:25.0128 4752 C:\Windows\System32\samsrv.dll - ok
18:55:25.0128 4752 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
18:55:25.0128 4752 C:\Windows\System32\cryptdll.dll - ok
18:55:25.0144 4752 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
18:55:25.0144 4752 C:\Windows\System32\wevtapi.dll - ok
18:55:25.0144 4752 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
18:55:25.0144 4752 C:\Windows\System32\cngaudit.dll - ok
18:55:25.0144 4752 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
18:55:25.0144 4752 C:\Windows\System32\authz.dll - ok
18:55:25.0144 4752 [ 9B3718651DDE8A75FC4E8D6542A250D8 ] C:\Windows\System32\ncrypt.dll
18:55:25.0144 4752 C:\Windows\System32\ncrypt.dll - ok
18:55:25.0144 4752 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
18:55:25.0144 4752 C:\Windows\System32\bcrypt.dll - ok
18:55:25.0160 4752 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
18:55:25.0160 4752 C:\Windows\System32\msprivs.dll - ok
18:55:25.0160 4752 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
18:55:25.0160 4752 C:\Windows\System32\netjoin.dll - ok
18:55:25.0160 4752 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
18:55:25.0160 4752 C:\Windows\System32\negoexts.dll - ok
18:55:25.0160 4752 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
18:55:25.0160 4752 C:\Windows\System32\kerberos.dll - ok
18:55:25.0160 4752 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
18:55:25.0160 4752 C:\Windows\System32\cryptsp.dll - ok
18:55:25.0175 4752 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
18:55:25.0175 4752 C:\Windows\System32\msv1_0.dll - ok
18:55:25.0175 4752 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
18:55:25.0175 4752 C:\Windows\System32\netlogon.dll - ok
18:55:25.0175 4752 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
18:55:25.0175 4752 C:\Windows\System32\dnsapi.dll - ok
18:55:25.0175 4752 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
18:55:25.0175 4752 C:\Windows\System32\logoncli.dll - ok
18:55:25.0175 4752 [ B7D42CB36C08FA017E73FF2433CD7287 ] C:\Windows\System32\schannel.dll
18:55:25.0175 4752 C:\Windows\System32\schannel.dll - ok
18:55:25.0191 4752 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
18:55:25.0191 4752 C:\Windows\System32\wdigest.dll - ok
18:55:25.0191 4752 [ E543D373382C3B76D3BC27585DEF3907 ] C:\Windows\System32\atmfd.dll
18:55:25.0191 4752 C:\Windows\System32\atmfd.dll - ok
18:55:25.0191 4752 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
18:55:25.0191 4752 C:\Windows\System32\rsaenh.dll - ok
18:55:25.0191 4752 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
18:55:25.0191 4752 C:\Windows\System32\TSpkg.dll - ok
18:55:25.0191 4752 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
18:55:25.0191 4752 C:\Windows\System32\pku2u.dll - ok
18:55:25.0206 4752 [ 94AA2DFFF94DF789AAA0081333A6CADA ] C:\Windows\System32\LIVESSP.DLL
18:55:25.0206 4752 C:\Windows\System32\LIVESSP.DLL - ok
18:55:25.0206 4752 [ 1C393F125A8700891BD20425E0A25A25 ] C:\Windows\System32\wsauth.dll
18:55:25.0206 4752 C:\Windows\System32\wsauth.dll - ok
18:55:25.0206 4752 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
18:55:25.0206 4752 C:\Windows\System32\version.dll - ok
18:55:25.0206 4752 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
18:55:25.0206 4752 C:\Windows\System32\wtsapi32.dll - ok
18:55:25.0206 4752 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
18:55:25.0206 4752 C:\Windows\System32\cryptui.dll - ok
18:55:25.0222 4752 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
18:55:25.0222 4752 C:\Windows\System32\bcryptprimitives.dll - ok
18:55:25.0222 4752 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
18:55:25.0222 4752 C:\Windows\System32\efslsaext.dll - ok
18:55:25.0222 4752 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
18:55:25.0222 4752 C:\Windows\System32\credssp.dll - ok
18:55:25.0222 4752 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
18:55:25.0222 4752 C:\Windows\System32\ubpm.dll - ok
18:55:25.0222 4752 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
18:55:25.0222 4752 C:\Windows\System32\scecli.dll - ok
18:55:25.0222 4752 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
18:55:25.0222 4752 C:\Windows\System32\svchost.exe - ok
18:55:25.0238 4752 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
18:55:25.0238 4752 C:\Windows\System32\umpnpmgr.dll - ok
18:55:25.0238 4752 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
18:55:25.0238 4752 C:\Windows\System32\SPInf.dll - ok
18:55:25.0238 4752 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
18:55:25.0238 4752 C:\Windows\System32\devrtl.dll - ok
18:55:25.0238 4752 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
18:55:25.0238 4752 C:\Windows\System32\userenv.dll - ok
18:55:25.0238 4752 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
18:55:25.0238 4752 C:\Windows\System32\gpapi.dll - ok
18:55:25.0253 4752 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
18:55:25.0253 4752 C:\Windows\System32\umpo.dll - ok
18:55:25.0253 4752 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
18:55:25.0253 4752 C:\Windows\System32\pcwum.dll - ok
18:55:25.0253 4752 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
18:55:25.0253 4752 C:\Windows\System32\powrprof.dll - ok
18:55:25.0253 4752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
18:55:25.0253 4752 C:\Windows\System32\drivers\luafv.sys - ok
18:55:25.0253 4752 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] C:\Windows\System32\nvvsvc.exe
18:55:25.0253 4752 C:\Windows\System32\nvvsvc.exe - ok
18:55:25.0269 4752 [ F0359F7CE712D69ACEF0886BDB4792ED ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:55:25.0269 4752 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok
18:55:25.0269 4752 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
18:55:25.0269 4752 C:\Windows\SysWOW64\ntdll.dll - ok
18:55:25.0269 4752 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
18:55:25.0269 4752 C:\Windows\System32\wow64.dll - ok
18:55:25.0269 4752 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
18:55:25.0269 4752 C:\Windows\System32\wow64win.dll - ok
18:55:25.0269 4752 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
18:55:25.0269 4752 C:\Windows\System32\wow64cpu.dll - ok
18:55:25.0284 4752 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
18:55:25.0284 4752 C:\Windows\SysWOW64\kernel32.dll - ok
18:55:25.0284 4752 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
18:55:25.0284 4752 C:\Windows\SysWOW64\KernelBase.dll - ok
18:55:25.0284 4752 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
18:55:25.0284 4752 C:\Windows\SysWOW64\version.dll - ok
18:55:25.0284 4752 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
18:55:25.0284 4752 C:\Windows\SysWOW64\msvcrt.dll - ok
18:55:25.0284 4752 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
18:55:25.0284 4752 C:\Windows\SysWOW64\setupapi.dll - ok
18:55:25.0300 4752 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
18:55:25.0300 4752 C:\Windows\SysWOW64\cfgmgr32.dll - ok
18:55:25.0300 4752 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
18:55:25.0300 4752 C:\Windows\SysWOW64\rpcrt4.dll - ok
18:55:25.0300 4752 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
18:55:25.0300 4752 C:\Windows\SysWOW64\cryptbase.dll - ok
18:55:25.0300 4752 [ BFB26890612FB8AE8B0463EBEBE84B7E ] C:\Windows\SysWOW64\sspicli.dll
18:55:25.0300 4752 C:\Windows\SysWOW64\sspicli.dll - ok
18:55:25.0300 4752 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
18:55:25.0300 4752 C:\Windows\SysWOW64\advapi32.dll - ok
18:55:25.0316 4752 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
18:55:25.0316 4752 C:\Windows\SysWOW64\sechost.dll - ok
18:55:25.0316 4752 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
18:55:25.0316 4752 C:\Windows\SysWOW64\gdi32.dll - ok
18:55:25.0316 4752 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
18:55:25.0316 4752 C:\Windows\SysWOW64\user32.dll - ok
18:55:25.0316 4752 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
18:55:25.0316 4752 C:\Windows\SysWOW64\lpk.dll - ok
18:55:25.0316 4752 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
18:55:25.0316 4752 C:\Windows\SysWOW64\usp10.dll - ok
18:55:25.0331 4752 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
18:55:25.0331 4752 C:\Windows\SysWOW64\oleaut32.dll - ok
18:55:25.0331 4752 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
18:55:25.0331 4752 C:\Windows\SysWOW64\ole32.dll - ok
18:55:25.0331 4752 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users