Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit/Peristant threat


  • This topic is locked This topic is locked
13 replies to this topic

#1 ihackedthegibson

ihackedthegibson

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 26 May 2013 - 05:53 AM

I noticed some odd traffic that was orignating from another Windows 7 box that is on the same LAN as my win7/gentoo dual boot but even though it was using a switch to isolate myself from everyone else that was directly connecting to the router it looks like whoever gained access was able to persist even after a clean install. I'm rarely ever booted into this windows partition unless I'm gaming but I noticed one day that an unusaual amount of sddp traffic was orignating from my LAN. It looks like they were able to gain access to my system once I booted up into Win 7. So far I was only able to determine that the BOOTP  protocol was used and that's all so far without doing any static analysis. Here's my log from TDSSKiller and I'll attach the dds logs as well.

Attached Files



BC AdBot (Login to Remove)

 


#2 ihackedthegibson

ihackedthegibson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 27 May 2013 - 05:40 PM

Here is the dds log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.9.2
Run by NotNick at 2:46:10 on 2013-05-26
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.1410 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\NotNick\AppData\Local\Temp\ocrFA9.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\NotNick\AppData\Local\Temp\ocr13ED.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Windows\system32\calc.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\HexChat\hexchat.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
C:\Users\NotNick\Desktop\New folder (7)\PUTTY.EXE
C:\Users\NotNick\Desktop\New folder (7)\PUTTY.EXE
C:\Users\NotNick\Desktop\New folder (7)\PAGEANT.EXE
C:\Users\NotNick\Desktop\New folder (7)\PUTTY.EXE
C:\Users\NotNick\Desktop\New folder (7)\PUTTY.EXE
C:\Users\NotNick\Desktop\New folder (7)\PUTTY.EXE
C:\Users\NotNick\Desktop\New folder (7)\PUTTY.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\NotNick\Desktop\New folder (7)\putty.exe
C:\Users\NotNick\Desktop\New folder (7)\putty.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\NotNick\Desktop\New folder (7)\putty.exe
C:\Users\NotNick\Desktop\New folder (7)\putty.exe
C:\Users\NotNick\Desktop\New folder (7)\putty.exe
C:\Program Files\pia_manager\openvpn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWow64\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWow64\NOTEPAD.EXE
C:\Windows\system32\mmc.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\SysWow64\NOTEPAD.EXE
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Windows\SysWow64\notepad.exe
C:\Windows\system32\perfmon.exe
C:\Windows\system32\perfmon.exe
C:\Windows\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\perfmon.exe
C:\Users\NotNick\Downloads\Defogger(1).exe
C:\Users\NotNick\Downloads\Defogger(1).exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe
BHO: Ask Toolbar: {4D594333-0076-A76A-76A7-7A786E7484D7} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {4D594333-0076-A76A-76A7-7A786E7484D7} -
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ext2 Volume Manager] C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00109-0002-0009-ABCDEFFEDCBC} - <orphaned>
LSP: %SystemRoot%\system32\mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{51B9460B-E16A-49E5-A94E-2164CB3AC71D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5C7B7D8D-E19E-4E93-98E1-2602D4DD4877} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7008BB09-C8F3-4271-B5A6-824D822D53C6} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{9D646A80-88AB-4038-A90A-FA8A473D6728} : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL:  - clsid is not listed - N/A
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 1111
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-05 14:13; {972ce4c6-7e08-4474-a285-3208198ce6fd}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - ExtSQL: 2013-01-03 02:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-03 02:09; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-01-03 02:09; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-01-04 16:07; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-02-25 21:52; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - ExtSQL: 2013-05-11 02:29; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2010-11-20 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2010-11-20 27008]
R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2012-11-6 458704]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2010-11-20 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2010-11-20 223248]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-11-6 95600]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2012-11-6 151920]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2010-11-20 94592]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2010-11-20 951680]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-11-6 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2010-11-20 184704]
R0 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-13 12352]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2012-11-6 1913200]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2010-11-20 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2010-11-20 295808]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2009-7-13 654928]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-11-6 498688]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2010-11-20 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]
R1 Ext2Fsd;Linux ext2 file system driver;C:\Windows\System32\drivers\ext2fsd.sys [2012-12-28 769816]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2010-11-20 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2010-11-20 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2010-11-20 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
R1 SCDEmu;SCDEmu;C:\Windows\System32\drivers\scdemu.sys [2012-11-6 126944]
R1 Serial;Serial port driver;C:\Windows\System32\drivers\serial.sys [2009-7-13 94208]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2010-11-20 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2010-11-20 63360]
R1 truecrypt;truecrypt;C:\Windows\System32\drivers\truecrypt.sys [2012-12-31 231376]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2013-5-10 237840]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2013-5-10 120080]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-20 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-5-11 65640]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-4-26 169096]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]
R2 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-13 651264]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 PnkBstrA;PnkBstrA;C:\Windows\System32\PnkBstrA.exe --> C:\Windows\System32\PnkBstrA.exe [?]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-11-6 31232]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 simptcp;Simple TCP/IP Services;C:\Windows\System32\TCPSVCS.EXE [2009-7-13 10240]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2010-11-20 559104]
R2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2010-11-20 3524608]
R2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-13 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2010-11-20 45056]
R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2009-7-13 593408]
R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-12-19 552960]
R3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]
R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2012-11-6 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2010-11-20 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2010-11-20 982912]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2010-11-20 350208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2010-11-20 122368]
R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2010-11-20 30208]
R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2010-11-20 753664]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]
R3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2010-11-20 33280]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-11-6 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-5-25 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]
R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2012-11-6 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2012-11-6 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2012-11-6 128000]
R3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-13 7168]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-13 6784]
R3 MTsensor;ATK0110 ACPI UTILITY;C:\Windows\System32\drivers\ASACPI.sys [2005-3-29 8192]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2010-11-20 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2010-11-20 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2010-11-20 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2010-11-20 1659776]
R3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-13 97280]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2010-11-20 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2010-11-20 129536]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]
R3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-11-6 210944]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-22 13368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]
R3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-13 23552]
R3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2012-11-6 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2012-11-6 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2012-11-6 168448]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]
R3 tap0901;TAP-Win32 Adapter V9;C:\Windows\System32\drivers\tap0901.sys [2011-12-15 31232]
R3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-11-5 23552]
R3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2010-11-20 39424]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2010-11-20 125440]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2010-11-20 48640]
R3 usbaudio;USB Audio Driver (WDM);C:\Windows\System32\drivers\USBAUDIO.sys [2010-11-20 109696]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2010-11-20 98816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2010-11-20 52224]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2010-11-20 343040]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2009-7-13 25600]
R3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2010-11-20 184960]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2013-4-12 131856]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2013-4-12 146704]
R3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-13 14336]
R3 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2010-11-20 1525248]
R3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2010-11-20 112128]
S1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2010-11-20 147456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-5 116648]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-2 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-2 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2010-11-20 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2010-11-20 12800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-9 256904]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-13 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-13 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-13 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-13 15440]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-11-5 46136]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-13 64512]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2010-11-20 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2010-11-20 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-3-18 44376]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-13 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-13 14720]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-13 72192]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-13 45568]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-13 17488]
S3 Compbatt;Compbatt;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-13 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-11-6 31232]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2010-11-20 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-13 127488]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-12-17 16776]
S3 ERmvrDrv;ESET standalone malware removal tool kernel-mode driver;C:\Windows\System32\drivers\ERKRmvrDrv.sys [2013-5-11 41328]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-13 9728]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-12-17 9096]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-13 195072]
S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2010-11-20 689152]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-13 29696]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-13 34304]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-13 24576]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-11-20 42856]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-13 55376]
S3 FTDIBUS;USB Serial Converter Driver;C:\Windows\System32\drivers\ftdibus.sys [2012-4-13 75016]
S3 FTSER2K;USB Serial Port Driver;C:\Windows\System32\drivers\ftser2k.sys [2012-4-13 85384]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-13 65088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-5 116648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-13 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-13 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-13 46592]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2010-11-20 78720]
S3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]
S3 iaStorV;iaStorV;C:\Windows\System32\drivers\iaStorV.sys [2010-11-20 410496]
S3 IDriverT;InstallDriver Table Manager;C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-4-4 69632]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2010-11-20 856400]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-13 16960]
S3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-13 62464]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2010-11-20 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2010-11-20 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-13 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-13 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-13 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2010-11-20 273792]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 lvrs64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-2 24176]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-13 40448]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-31 117144]
S3 mpio;mpio;C:\Windows\System32\drivers\mpio.sys [2010-11-20 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2010-11-20 140800]
S3 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2010-11-20 31104]
S3 msdsm;msdsm;C:\Windows\System32\drivers\msdsm.sys [2010-11-20 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-13 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2010-11-20 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-13 11136]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2010-11-20 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-13 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-13 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-13 35328]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-11-6 31232]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-13 122960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2010-11-20 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2010-11-20 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-13 72832]
S3 OpenVPNService;OpenVPN Service;C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2011-12-15 14848]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-11-6 19544]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-13 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
S3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-13 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2012-11-6 31232]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-13 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-13 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-13 24064]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-13 27136]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-13 10240]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;C:\Windows\System32\drivers\RTL2832U_IRHID.sys [2009-10-5 44320]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;C:\Windows\System32\drivers\RTL2832UBDA.sys [2010-7-1 224488]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;C:\Windows\System32\drivers\RTL2832UUSB.sys [2010-7-1 39016]
S3 sbp2port;sbp2port;C:\Windows\System32\drivers\sbp2port.sys [2010-11-20 103808]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2010-11-20 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-13 26624]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-13 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2010-11-20 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-13 16896]
S3 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-13 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-13 14336]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\Windows\System32\drivers\sscdbus.sys [2010-11-11 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter;C:\Windows\System32\drivers\sscdmdfl.sys [2010-11-11 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers;C:\Windows\System32\drivers\sscdmdm.sys [2010-11-11 172104]
S3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 Steam Client Service;Steam Client Service;C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-6 543656]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-13 27136]
S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2012-11-6 1913200]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-13 15872]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-13 64080]
S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-13 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-13 9728]
S3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 usb_rndisx;USB RNDIS Adapter;C:\Windows\System32\drivers\usb8023x.sys [2009-7-13 19968]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-13 100352]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-13 25088]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2010-11-20 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2009-7-13 30720]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2012-11-6 31232]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-4-12 106256]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2010-11-20 533504]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-13 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2010-11-20 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-13 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2010-11-20 1600512]
S3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-13 24576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-13 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-20 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-6 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2010-11-20 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]
S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 WinUsb;Android USB Driver;C:\Windows\System32\drivers\winusb.sys [2010-11-20 41984]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-13 203264]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2010-11-20 172544]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-13 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-13 24144]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S4 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2010-11-20 328192]
S4 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-13 21504]
SUnknown 64r9pn8v;64r9pn8v; [x]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: firefox.exe: open="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: Nereid.exe: open="C:\Program Files (x86)\Banshee\bin\Nereid.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: uTorrent.exe: open="C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1"
ShellExec: vlc.exe: Open="C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
ShellExec: WinRAR.exe: open="C:\Program Files\WinRAR\WinRAR.exe" "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-05-26 05:15:54    --------    d-----w-    C:\Users\NotNick\wireshark
2013-05-26 00:43:38    --------    d-----w-    C:\Program Files\Common Files\logishrd
2013-05-25 22:58:50    --------    d-----w-    C:\ProgramData\AskPartnerNetwork
2013-05-25 22:58:50    --------    d-----w-    C:\Program Files (x86)\AskPartnerNetwork
2013-05-25 22:58:10    --------    d-----w-    C:\ProgramData\APN
2013-05-25 22:57:33    --------    d-----w-    C:\Users\NotNick\AppData\Local\ManyCam
2013-05-25 22:57:33    --------    d-----w-    C:\ProgramData\ManyCam
2013-05-25 22:57:31    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\ManyCam
2013-05-25 22:57:24    44928    ----a-w-    C:\Windows\System32\drivers\mcvidrv_x64.sys
2013-05-25 22:56:03    --------    d-----w-    C:\ProgramData\Temp
2013-05-25 22:56:03    --------    d-----w-    C:\Program Files (x86)\ManyCam
2013-05-25 04:08:54    --------    d-----w-    C:\Program Files (x86)\pidgin-otr
2013-05-25 03:45:25    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\.purple
2013-05-25 03:44:54    --------    d-----w-    C:\Program Files (x86)\Pidgin
2013-05-25 03:08:49    --------    d-----w-    C:\Program Files (x86)\Sapphire TRIXX
2013-05-24 19:48:14    262552    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-24 19:48:11    96664    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-05-24 19:48:11    272280    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-05-24 19:48:11    19449240    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-05-24 19:48:11    19352    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2013-05-24 19:48:11    170232    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-05-24 19:48:10    92056    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2013-05-24 19:48:10    920472    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2013-05-24 19:48:10    91544    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2013-05-24 19:48:10    865968    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-05-24 19:48:10    825752    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2013-05-24 19:48:10    770384    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2013-05-24 19:48:10    74136    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-05-24 19:48:10    642968    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nss3.dll
2013-05-24 19:48:10    59288    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2013-05-24 19:48:10    478104    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2013-05-24 19:48:10    421200    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2013-05-24 19:48:10    375192    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
2013-05-24 19:48:10    3128728    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-05-24 19:48:10    3076504    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2013-05-24 19:48:10    279448    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-05-24 19:48:10    26520    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-05-24 19:48:10    21912    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plc4.dll
2013-05-24 19:48:10    2106216    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2013-05-24 19:48:10    20888    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plds4.dll
2013-05-24 19:48:10    193824    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-05-24 19:48:10    19352    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-05-24 19:48:10    17304    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2013-05-24 19:48:10    172440    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
2013-05-24 19:48:10    16280    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2013-05-24 19:48:10    157080    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2013-05-24 19:48:10    152472    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2013-05-24 19:48:10    131480    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2013-05-24 19:48:10    117144    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-05-24 19:48:10    116120    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-05-24 19:48:10    104344    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
2013-05-24 19:48:10    --------    d-----w-    C:\Program Files (x86)\Mozilla Firefox
2013-05-24 18:19:07    --------    d-----w-    C:\ProgramData\ATI
2013-05-24 18:13:24    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-05-24 15:05:51    --------    d-----w-    C:\Users\NotNick\AppData\Local\Apple Computer
2013-05-24 15:05:50    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\Titanium
2013-05-24 15:05:50    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\Apple Computer
2013-05-24 15:05:17    --------    d-----w-    C:\Program Files\pia_manager
2013-05-11 09:17:24    --------    d-----w-    C:\Program Files (x86)\Common Files\Skype
2013-05-11 08:43:38    --------    d-----w-    C:\Users\NotNick\kaminanda
2013-05-11 07:23:31    41328    ----a-w-    C:\Windows\System32\drivers\ERKRmvrDrv.sys
2013-05-11 02:34:43    798720    ----a-w-    C:\Windows\yasm.exe
2013-05-11 00:48:41    --------    d-----w-    C:\94217cb088b992c5bdb3be4c96
2013-05-11 00:27:12    --------    d-----w-    C:\Users\NotNick\AppData\Local\nasm
2013-05-11 00:26:13    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\Subversion
2013-05-10 07:20:07    237840    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2013-05-10 07:19:55    120080    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-05-10 07:06:59    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\HexChat
2013-05-10 07:06:27    --------    d-----w-    C:\Program Files\HexChat
2013-05-10 02:54:51    --------    d-----w-    C:\Users\NotNick\Untitledr
2013-05-09 23:24:27    --------    d-----w-    C:\Users\NotNick\AppData\Local\gtk-2.0
2013-05-09 23:20:23    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\banshee-1
2013-05-09 23:18:40    --------    d-----w-    C:\Program Files (x86)\Banshee
2013-04-24 13:13:54    --------    d-sh--w-    C:\found.001
2013-04-12 18:41:28    131856    ----a-w-    C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-04-12 18:40:18    146704    ----a-w-    C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-04-12 18:40:18    106256    ----a-w-    C:\Windows\System32\drivers\VBoxUSB.sys
2013-04-12 18:40:16    204048    ----a-w-    C:\Windows\System32\VBoxNetFltNobj.dll
.
==================== Find6M  ====================
.
2013-05-24 18:26:28    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-24 18:26:28    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-26 05:52:36    4126720    ----a-w-    C:\Program Files (x86)\GUT958B.tmp
2013-01-31 09:50:58    28160    ----a-w-    C:\Windows\System32\drivers\mcaudrv_x64.sys
2013-01-21 18:12:12    2177664    ----a-w-    C:\Windows\System32\coin93.dll
2013-01-18 03:01:38    5368852    ----a-w-    C:\flaEC18.tmp
2013-01-10 12:48:29    69953    ----a-w-    C:\Users\NotNick\wallet6654031653010364893.tmp
2012-12-31 15:24:01    231376    ----a-w-    C:\Windows\System32\drivers\truecrypt.sys
2012-12-19 23:45:12    222720    ----a-w-    C:\Windows\System32\clinfo.exe
2012-12-19 23:44:48    76288    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2012-12-19 23:44:42    65536    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2012-12-19 23:44:36    64000    ----a-w-    C:\Windows\System32\OVDecode64.dll
2012-12-19 23:44:32    56320    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2012-12-19 23:44:20    34518016    ----a-w-    C:\Windows\System32\amdocl64.dll
2012-12-19 23:38:48    28732928    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2012-12-19 23:34:40    54784    ----a-w-    C:\Windows\System32\OpenCL.dll
2012-12-19 23:34:38    50176    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2012-12-19 20:50:14    5630200    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2012-12-19 20:48:48    11278336    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2012-12-19 20:29:36    23461376    ----a-w-    C:\Windows\System32\atio6axx.dll
2012-12-19 20:22:50    70144    ----a-w-    C:\Windows\System32\coinst_9.012.dll
2012-12-19 20:19:46    163840    ----a-w-    C:\Windows\System32\atiapfxx.exe
2012-12-19 20:18:04    51200    ----a-w-    C:\Windows\System32\aticalrt64.dll
2012-12-19 20:18:02    46080    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2012-12-19 20:17:54    44544    ----a-w-    C:\Windows\System32\aticalcl64.dll
2012-12-19 20:17:52    44032    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2012-12-19 20:17:40    16082944    ----a-w-    C:\Windows\System32\aticaldd64.dll
2012-12-19 20:13:24    13703168    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2012-12-19 20:12:44    18982400    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2012-12-19 20:09:52    960512    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2012-12-19 20:08:04    1151488    ----a-w-    C:\Windows\System32\aticfx64.dll
2012-12-19 20:06:00    6681088    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2012-12-19 19:59:44    5087744    ----a-w-    C:\Windows\System32\atiumd6a.dll
2012-12-19 19:57:00    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2012-12-19 19:56:46    550912    ----a-w-    C:\Windows\System32\SET314E.tmp
2012-12-19 19:56:46    550912    ----a-w-    C:\Windows\System32\atieclxx.exe
2012-12-19 19:56:00    240640    ----a-w-    C:\Windows\System32\atiesrxx.exe
2012-12-19 19:54:38    120320    ----a-w-    C:\Windows\System32\atitmm64.dll
2012-12-19 19:54:22    21504    ----a-w-    C:\Windows\System32\atimuixx.dll
2012-12-19 19:54:18    59392    ----a-w-    C:\Windows\System32\atiedu64.dll
2012-12-19 19:54:12    43520    ----a-w-    C:\Windows\SysWow64\ati2edxx.dll
2012-12-19 19:49:00    7370752    ----a-w-    C:\Windows\System32\atidxx64.dll
2012-12-19 19:44:28    4162048    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2012-12-19 19:44:12    6786560    ----a-w-    C:\Windows\System32\atiumd64.dll
2012-12-19 19:33:50    56320    ----a-w-    C:\Windows\System32\atimpc64.dll
2012-12-19 19:33:50    56320    ----a-w-    C:\Windows\System32\amdpcom64.dll
2012-12-19 19:33:42    619008    ----a-w-    C:\Windows\System32\SET2140.tmp
2012-12-19 19:33:42    619008    ----a-w-    C:\Windows\System32\atiadlxx.dll
2012-12-19 19:33:40    56832    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2012-12-19 19:33:40    56832    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2012-12-19 19:33:32    421888    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2012-12-19 19:33:18    17920    ----a-w-    C:\Windows\System32\atig6pxx.dll
2012-12-19 19:33:14    14848    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2012-12-19 19:33:14    14848    ----a-w-    C:\Windows\System32\atiglpxx.dll
2012-12-19 19:33:10    41984    ----a-w-    C:\Windows\System32\atig6txx.dll
2012-12-19 19:33:04    33280    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2012-12-19 19:32:54    552960    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2012-12-19 19:31:14    130048    ----a-w-    C:\Windows\System32\atiuxp64.dll
2012-12-19 19:31:08    109568    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2012-12-19 19:31:00    104448    ----a-w-    C:\Windows\System32\atiu9p64.dll
2012-12-19 19:30:52    83968    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2012-12-19 19:30:16    53248    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2012-12-15 00:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-11-28 23:58:30    67413224    ----a-w-    C:\Windows\System32\MRT.exe
2012-11-27 16:52:58    595456    ----a-w-    C:\Windows\SysWow64\tsccvid64.dll
2012-11-27 16:52:58    571392    ----a-w-    C:\Windows\SysWow64\tsccvid.dll
.
============= FINISH:  2:47:05.43 ===============
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 PM

Posted 28 May 2013 - 08:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please run the DDS tool again and post a fresh log.
    p.s.
    Do not use these options.
    #Option Extended Search is enabled.
    #Option Whitelisting is disabled.


    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#4 ihackedthegibson

ihackedthegibson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 28 May 2013 - 01:34 PM

Thank you for your help, here are the 3 logs, I'm fairly certain the issue is still persistant though

 

Rouge Killer log:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : NotNick [Admin rights]
Mode : Remove -- Date : 05/28/2013 10:53:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 4 ¤¤¤
[SUSP PATH] rubyw.exe -- C:\Users\NotNick\AppData\Local\Temp\ocrE569.tmp\bin\rubyw.exe [-] -> KILLED [TermProc]
[SUSP PATH] PUTTY.EXE -- C:\Users\NotNick\Desktop\New folder (7)\PUTTY.EXE [-] -> KILLED [TermThr]
[SUSP PATH] PUTTY.EXE -- C:\Users\NotNick\Desktop\New folder (7)\PUTTY.EXE [-] -> KILLED [TermThr]
[SUSP PATH] PUTTY.EXE -- C:\Users\NotNick\Desktop\New folder (7)\PUTTY.EXE [-] -> KILLED [TermThr]

¤¤¤ Registry Entries : 2 ¤¤¤
[IFEO] HKLM\[...]\taskmgr.exe : Debugger ("C:\USERS\NOTNICK\DESKTOP\PROCEXP.EXE") -> DELETED
[RUN][HJNAME] [ON_K:Default]HKCU[...]\RunOnce : mctadmin (C:\Windows\System32\mctadmin.exe) [7] -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> K:\Users\Default\NTUSER.DAT
-> K:\Users\Default User\NTUSER.DAT
-> K:\Documents and Settings\Default\NTUSER.DAT
-> K:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-00HXZT3 ATA Device +++++
--- User ---
[MBR] bdecfe593df5593233cb0f733f423c01
[BSP] 0c67e0b54d6f1edcbe38d9b54b75e2a9 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 250839 Mo
2 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 513927166 | Size: 225998 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05282013_02d1053.txt >>
RKreport[1]_S_05282013_02d1052.txt ; RKreport[2]_D_05282013_02d1053.txts

 

 

adwcleaner log:

 

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 10:55:52
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : NotNick - NOTNICK-PC
# Boot Mode : Normal
# Running from : C:\Users\NotNick\Desktop\adwcleaner(2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\NotNick\AppData\Local\Conduit
Folder Deleted : C:\Users\NotNick\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\NotNick\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1807 octets] - [28/05/2013 10:55:52]

########## EOF - C:\AdwCleaner[S1].txt - [1867 octets] ##########
 

 

 

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by NotNick on Tue 05/28/2013 at 11:06:41.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\NotNick\AppData\Roaming\mozilla\firefox\profiles\5pzsmk0i.default-1356987280212\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi"
Successfully deleted: [Folder] C:\Users\NotNick\AppData\Roaming\mozilla\firefox\profiles\5pzsmk0i.default-1356987280212\jetpack
Emptied folder: C:\Users\NotNick\AppData\Roaming\mozilla\firefox\profiles\5pzsmk0i.default-1356987280212\minidumps [30 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/28/2013 at 11:14:22.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

See next post for more info



TDDS killer still comes up with 6 threats found and here is the log:

11:18:57.0832 2940  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:18:57.0941 2940  ============================================================
11:18:57.0941 2940  Current date / time: 2013/05/28 11:18:57.0941
11:18:57.0941 2940  SystemInfo:
11:18:57.0941 2940  
11:18:57.0941 2940  OS Version: 6.1.7601 ServicePack: 1.0
11:18:57.0941 2940  Product type: Workstation
11:18:57.0941 2940  ComputerName: NOTNICK-PC
11:18:57.0941 2940  UserName: NotNick
11:18:57.0941 2940  Windows directory: C:\Windows
11:18:57.0941 2940  System windows directory: C:\Windows
11:18:57.0941 2940  Running under WOW64
11:18:57.0941 2940  Processor architecture: Intel x64
11:18:57.0941 2940  Number of processors: 4
11:18:57.0941 2940  Page size: 0x1000
11:18:57.0941 2940  Boot type: Normal boot
11:18:57.0941 2940  ============================================================
11:19:30.0829 2940  BG loaded
11:19:40.0455 2940  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:19:40.0595 2940  ============================================================
11:19:40.0595 2940  \Device\Harddisk0\DR0:
11:19:40.0689 2940  MBR partitions:
11:19:40.0689 2940  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:19:40.0689 2940  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E9EB800
11:19:41.0328 2940  ============================================================
11:19:42.0093 2940  C: <-> \Device\Harddisk0\DR0\Partition2
11:19:42.0093 2940  ============================================================
11:19:42.0093 2940  Initialize success
11:19:42.0093 2940  ============================================================
11:20:51.0585 3264  ============================================================
11:20:51.0585 3264  Scan started
11:20:51.0585 3264  Mode: Manual; SigCheck; TDLFS;
11:20:51.0585 3264  ============================================================
11:20:52.0014 3264  ================ Scan system memory ========================
11:20:52.0014 3264  System memory - ok
11:20:52.0015 3264  ================ Scan services =============================
11:20:52.0691 3264  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:20:52.0877 3264  1394ohci - ok
11:20:52.0943 3264  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:20:52.0985 3264  ACPI - ok
11:20:53.0036 3264  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:20:53.0177 3264  AcpiPmi - ok
11:20:53.0429 3264  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:53.0462 3264  AdobeFlashPlayerUpdateSvc - ok
11:20:53.0517 3264  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:20:53.0566 3264  adp94xx - ok
11:20:53.0595 3264  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:20:53.0636 3264  adpahci - ok
11:20:53.0651 3264  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:20:53.0685 3264  adpu320 - ok
11:20:53.0738 3264  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:20:53.0966 3264  AeLookupSvc - ok
11:20:54.0034 3264  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:20:54.0133 3264  AFD - ok
11:20:54.0221 3264  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:20:54.0263 3264  agp440 - ok
11:20:54.0295 3264  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:20:54.0369 3264  ALG - ok
11:20:54.0401 3264  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:20:54.0441 3264  aliide - ok
11:20:54.0513 3264  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:20:54.0630 3264  AMD External Events Utility - ok
11:20:54.0713 3264  AMD FUEL Service - ok
11:20:54.0745 3264  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:20:54.0772 3264  amdide - ok
11:20:54.0799 3264  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
11:20:54.0873 3264  amdiox64 - ok
11:20:54.0909 3264  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:20:54.0962 3264  AmdK8 - ok
11:20:55.0421 3264  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:20:55.0788 3264  amdkmdag - ok
11:20:55.0848 3264  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:20:55.0905 3264  amdkmdap - ok
11:20:55.0931 3264  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:20:55.0982 3264  AmdPPM - ok
11:20:56.0004 3264  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:20:56.0034 3264  amdsata - ok
11:20:56.0053 3264  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:20:56.0087 3264  amdsbs - ok
11:20:56.0102 3264  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:20:56.0129 3264  amdxata - ok
11:20:56.0184 3264  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:20:56.0206 3264  AODDriver4.2 - ok
11:20:56.0248 3264  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:20:56.0486 3264  AppID - ok
11:20:56.0514 3264  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:20:56.0625 3264  AppIDSvc - ok
11:20:56.0656 3264  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
11:20:56.0754 3264  Appinfo - ok
11:20:56.0799 3264  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:20:56.0829 3264  arc - ok
11:20:56.0867 3264  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:20:56.0905 3264  arcsas - ok
11:20:57.0057 3264  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:20:57.0126 3264  aspnet_state - ok
11:20:57.0165 3264  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:20:57.0285 3264  AsyncMac - ok
11:20:57.0327 3264  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:20:57.0352 3264  atapi - ok
11:20:57.0396 3264  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:20:57.0454 3264  AtiHDAudioService - ok
11:20:57.0523 3264  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:20:57.0634 3264  AudioEndpointBuilder - ok
11:20:57.0658 3264  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:20:57.0758 3264  AudioSrv - ok
11:20:57.0808 3264  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:20:57.0875 3264  AxInstSV - ok
11:20:57.0922 3264  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:20:58.0010 3264  b06bdrv - ok
11:20:58.0058 3264  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:20:58.0122 3264  b57nd60a - ok
11:20:58.0180 3264  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:20:58.0224 3264  BDESVC - ok
11:20:58.0256 3264  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:20:58.0386 3264  Beep - ok
11:20:58.0461 3264  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:20:58.0631 3264  BFE - ok
11:20:58.0729 3264  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:20:58.0836 3264  BITS - ok
11:20:58.0855 3264  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:20:58.0893 3264  blbdrive - ok
11:20:58.0937 3264  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:20:58.0990 3264  bowser - ok
11:20:59.0043 3264  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:20:59.0094 3264  BrFiltLo - ok
11:20:59.0119 3264  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:20:59.0154 3264  BrFiltUp - ok
11:20:59.0199 3264  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:20:59.0239 3264  Browser - ok
11:20:59.0324 3264  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:20:59.0401 3264  Brserid - ok
11:20:59.0458 3264  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:20:59.0508 3264  BrSerWdm - ok
11:20:59.0524 3264  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:20:59.0597 3264  BrUsbMdm - ok
11:20:59.0607 3264  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:20:59.0642 3264  BrUsbSer - ok
11:20:59.0667 3264  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:20:59.0721 3264  BTHMODEM - ok
11:20:59.0780 3264  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:20:59.0887 3264  bthserv - ok
11:20:59.0919 3264  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:21:00.0018 3264  cdfs - ok
11:21:00.0107 3264  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:21:00.0138 3264  cdrom - ok
11:21:00.0193 3264  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:21:00.0294 3264  CertPropSvc - ok
11:21:00.0352 3264  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:21:00.0408 3264  circlass - ok
11:21:00.0454 3264  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:21:00.0514 3264  CLFS - ok
11:21:00.0576 3264  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:21:00.0606 3264  clr_optimization_v2.0.50727_32 - ok
11:21:00.0651 3264  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:21:00.0679 3264  clr_optimization_v2.0.50727_64 - ok
11:21:00.0820 3264  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:21:00.0905 3264  clr_optimization_v4.0.30319_32 - ok
11:21:00.0959 3264  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:21:01.0001 3264  clr_optimization_v4.0.30319_64 - ok
11:21:01.0060 3264  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:21:01.0093 3264  CmBatt - ok
11:21:01.0228 3264  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:21:01.0255 3264  cmdide - ok
11:21:01.0354 3264  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:21:01.0428 3264  CNG - ok
11:21:01.0448 3264  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:21:01.0484 3264  Compbatt - ok
11:21:01.0526 3264  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:21:01.0571 3264  CompositeBus - ok
11:21:01.0607 3264  COMSysApp - ok
11:21:01.0634 3264  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:21:01.0661 3264  crcdisk - ok
11:21:01.0706 3264  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:21:01.0758 3264  CryptSvc - ok
11:21:01.0858 3264  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:21:01.0962 3264  DcomLaunch - ok
11:21:02.0030 3264  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:21:02.0147 3264  defragsvc - ok
11:21:02.0186 3264  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:21:02.0292 3264  DfsC - ok
11:21:02.0333 3264  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:21:02.0451 3264  Dhcp - ok
11:21:02.0712 3264  [ 5BA2436D527CAA53C8B52FC85159FEBF ] DirMngr         C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
11:21:02.0749 3264  DirMngr ( UnsignedFile.Multi.Generic ) - warning
11:21:02.0749 3264  DirMngr - detected UnsignedFile.Multi.Generic (1)
11:21:02.0780 3264  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:21:02.0878 3264  discache - ok
11:21:02.0908 3264  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:21:02.0937 3264  Disk - ok
11:21:02.0984 3264  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:21:03.0046 3264  Dnscache - ok
11:21:03.0093 3264  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:21:03.0205 3264  dot3svc - ok
11:21:03.0218 3264  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:21:03.0325 3264  DPS - ok
11:21:03.0353 3264  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:21:03.0393 3264  drmkaud - ok
11:21:03.0442 3264  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:21:03.0505 3264  DXGKrnl - ok
11:21:03.0539 3264  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:21:03.0643 3264  EapHost - ok
11:21:03.0740 3264  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:21:03.0909 3264  ebdrv - ok
11:21:03.0949 3264  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:21:04.0015 3264  EFS - ok
11:21:04.0127 3264  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:21:04.0225 3264  ehRecvr - ok
11:21:04.0240 3264  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:21:04.0271 3264  ehSched - ok
11:21:04.0323 3264  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:21:04.0374 3264  elxstor - ok
11:21:04.0424 3264  [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv        C:\Windows\system32\epmntdrv.sys
11:21:04.0451 3264  epmntdrv ( UnsignedFile.Multi.Generic ) - warning
11:21:04.0451 3264  epmntdrv - detected UnsignedFile.Multi.Generic (1)
11:21:04.0503 3264  [ 4E79C67D9E92EAE8566B8676A75FCC4C ] ERmvrDrv        C:\Windows\system32\drivers\ERKRmvrDrv.sys
11:21:04.0534 3264  ERmvrDrv - ok
11:21:04.0555 3264  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:21:04.0595 3264  ErrDev - ok
11:21:04.0669 3264  [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
11:21:04.0698 3264  EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
11:21:04.0698 3264  EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
11:21:04.0744 3264  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:21:04.0849 3264  EventSystem - ok
11:21:04.0881 3264  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:21:04.0974 3264  exfat - ok
11:21:05.0058 3264  [ 86B0FBC17425B0A00D431B3C8F4D2F9D ] Ext2Fsd         C:\Windows\system32\drivers\Ext2Fsd.sys
11:21:05.0111 3264  Ext2Fsd - ok
11:21:05.0146 3264  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:21:05.0254 3264  fastfat - ok
11:21:05.0308 3264  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:21:05.0387 3264  Fax - ok
11:21:05.0425 3264  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
11:21:05.0464 3264  fdc - ok
11:21:05.0483 3264  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:21:05.0571 3264  fdPHost - ok
11:21:05.0585 3264  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:21:05.0681 3264  FDResPub - ok
11:21:05.0697 3264  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:21:05.0726 3264  FileInfo - ok
11:21:05.0740 3264  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:21:05.0838 3264  Filetrace - ok
11:21:05.0869 3264  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:21:05.0896 3264  flpydisk - ok
11:21:05.0921 3264  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:21:05.0957 3264  FltMgr - ok
11:21:06.0009 3264  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
11:21:06.0154 3264  FontCache - ok
11:21:06.0212 3264  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:21:06.0233 3264  FontCache3.0.0.0 - ok
11:21:06.0271 3264  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:21:06.0299 3264  FsDepends - ok
11:21:06.0339 3264  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:21:06.0367 3264  Fs_Rec - ok
11:21:06.0400 3264  [ 35FD2BB5131714E657B7AB3A78642854 ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
11:21:06.0422 3264  FTDIBUS - ok
11:21:06.0483 3264  [ 196C9BDDBEF9B6D0973F398BEF5B2EEE ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
11:21:06.0514 3264  FTSER2K - ok
11:21:06.0589 3264  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:21:06.0634 3264  fvevol - ok
11:21:06.0658 3264  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:21:06.0687 3264  gagp30kx - ok
11:21:06.0736 3264  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:21:06.0841 3264  gpsvc - ok
11:21:06.0866 3264  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:21:06.0921 3264  hcw85cir - ok
11:21:06.0960 3264  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:21:07.0013 3264  HdAudAddService - ok
11:21:07.0069 3264  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:21:07.0122 3264  HDAudBus - ok
11:21:07.0138 3264  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:21:07.0181 3264  HidBatt - ok
11:21:07.0223 3264  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:21:07.0266 3264  HidBth - ok
11:21:07.0289 3264  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:21:07.0324 3264  HidIr - ok
11:21:07.0353 3264  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:21:07.0455 3264  hidserv - ok
11:21:07.0494 3264  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:21:07.0521 3264  HidUsb - ok
11:21:07.0534 3264  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:21:07.0638 3264  hkmsvc - ok
11:21:07.0668 3264  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:21:07.0725 3264  HomeGroupListener - ok
11:21:07.0761 3264  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:21:07.0803 3264  HomeGroupProvider - ok
11:21:07.0822 3264  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:21:07.0851 3264  HpSAMD - ok
11:21:07.0886 3264  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:21:07.0999 3264  HTTP - ok
11:21:08.0028 3264  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:21:08.0055 3264  hwpolicy - ok
11:21:08.0076 3264  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:21:08.0106 3264  i8042prt - ok
11:21:08.0136 3264  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:21:08.0181 3264  iaStorV - ok
11:21:08.0248 3264  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:21:08.0257 3264  IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:21:08.0257 3264  IDriverT - detected UnsignedFile.Multi.Generic (1)
11:21:08.0314 3264  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:21:08.0375 3264  idsvc - ok
11:21:08.0409 3264  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:21:08.0437 3264  iirsp - ok
11:21:08.0548 3264  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:21:08.0704 3264  IKEEXT - ok
11:21:08.0747 3264  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:21:08.0790 3264  intelide - ok
11:21:08.0825 3264  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
11:21:08.0859 3264  intelppm - ok
11:21:08.0896 3264  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:21:08.0993 3264  IPBusEnum - ok
11:21:09.0042 3264  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:21:09.0128 3264  IpFilterDriver - ok
11:21:09.0161 3264  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:21:09.0267 3264  iphlpsvc - ok
11:21:09.0277 3264  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:21:09.0335 3264  IPMIDRV - ok
11:21:09.0346 3264  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:21:09.0436 3264  IPNAT - ok
11:21:09.0466 3264  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:21:09.0506 3264  IRENUM - ok
11:21:09.0550 3264  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:21:09.0576 3264  isapnp - ok
11:21:09.0605 3264  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:21:09.0643 3264  iScsiPrt - ok
11:21:09.0668 3264  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:21:09.0695 3264  kbdclass - ok
11:21:09.0736 3264  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:21:09.0779 3264  kbdhid - ok
11:21:09.0794 3264  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:21:09.0820 3264  KeyIso - ok
11:21:09.0868 3264  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:21:09.0898 3264  KSecDD - ok
11:21:09.0915 3264  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:21:09.0948 3264  KSecPkg - ok
11:21:09.0962 3264  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:21:10.0062 3264  ksthunk - ok
11:21:10.0108 3264  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:21:10.0220 3264  KtmRm - ok
11:21:10.0276 3264  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:21:10.0373 3264  LanmanServer - ok
11:21:10.0412 3264  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:21:10.0511 3264  LanmanWorkstation - ok
11:21:10.0567 3264  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:21:10.0664 3264  lltdio - ok
11:21:10.0708 3264  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:21:10.0818 3264  lltdsvc - ok
11:21:10.0858 3264  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:21:10.0946 3264  lmhosts - ok
11:21:10.0982 3264  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:21:11.0012 3264  LSI_FC - ok
11:21:11.0034 3264  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:21:11.0066 3264  LSI_SAS - ok
11:21:11.0088 3264  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:21:11.0117 3264  LSI_SAS2 - ok
11:21:11.0127 3264  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:21:11.0158 3264  LSI_SCSI - ok
11:21:11.0180 3264  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:21:11.0277 3264  luafv - ok
11:21:11.0333 3264  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
11:21:11.0373 3264  LVRS64 - ok
11:21:11.0408 3264  [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
11:21:11.0448 3264  ManyCam - ok
11:21:11.0474 3264  [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
11:21:11.0526 3264  mcaudrv_simple - ok
11:21:11.0567 3264  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:21:11.0597 3264  Mcx2Svc - ok
11:21:11.0660 3264  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:21:11.0699 3264  megasas - ok
11:21:11.0752 3264  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:21:11.0791 3264  MegaSR - ok
11:21:11.0827 3264  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:21:11.0942 3264  MMCSS - ok
11:21:11.0973 3264  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:21:12.0069 3264  Modem - ok
11:21:12.0090 3264  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:21:12.0136 3264  monitor - ok
11:21:12.0171 3264  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:21:12.0198 3264  mouclass - ok
11:21:12.0229 3264  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:21:12.0262 3264  mouhid - ok
11:21:12.0281 3264  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:21:12.0319 3264  mountmgr - ok
11:21:12.0379 3264  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:21:12.0407 3264  MozillaMaintenance - ok
11:21:12.0452 3264  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:21:12.0484 3264  mpio - ok
11:21:12.0527 3264  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:21:12.0615 3264  mpsdrv - ok
11:21:12.0682 3264  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:21:12.0794 3264  MpsSvc - ok
11:21:12.0817 3264  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:21:12.0877 3264  MRxDAV - ok
11:21:12.0927 3264  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:21:12.0987 3264  mrxsmb - ok
11:21:13.0016 3264  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:21:13.0047 3264  mrxsmb10 - ok
11:21:13.0067 3264  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:21:13.0095 3264  mrxsmb20 - ok
11:21:13.0131 3264  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:21:13.0159 3264  msahci - ok
11:21:13.0181 3264  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:21:13.0213 3264  msdsm - ok
11:21:13.0238 3264  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:21:13.0281 3264  MSDTC - ok
11:21:13.0308 3264  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:21:13.0394 3264  Msfs - ok
11:21:13.0425 3264  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:21:13.0526 3264  mshidkmdf - ok
11:21:13.0546 3264  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:21:13.0573 3264  msisadrv - ok
11:21:13.0608 3264  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:21:13.0709 3264  MSiSCSI - ok
11:21:13.0718 3264  msiserver - ok
11:21:13.0749 3264  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:21:13.0846 3264  MSKSSRV - ok
11:21:13.0855 3264  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:21:13.0947 3264  MSPCLOCK - ok
11:21:13.0956 3264  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:21:14.0050 3264  MSPQM - ok
11:21:14.0075 3264  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:21:14.0117 3264  MsRPC - ok
11:21:14.0137 3264  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:21:14.0164 3264  mssmbios - ok
11:21:14.0173 3264  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:21:14.0269 3264  MSTEE - ok
11:21:14.0285 3264  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:21:14.0312 3264  MTConfig - ok
11:21:14.0344 3264  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
11:21:14.0381 3264  MTsensor - ok
11:21:14.0414 3264  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:21:14.0443 3264  Mup - ok
11:21:14.0527 3264  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:21:14.0639 3264  napagent - ok
11:21:14.0707 3264  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:21:14.0768 3264  NativeWifiP - ok
11:21:14.0815 3264  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:21:14.0897 3264  NDIS - ok
11:21:14.0931 3264  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:21:15.0019 3264  NdisCap - ok
11:21:15.0043 3264  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:21:15.0129 3264  NdisTapi - ok
11:21:15.0164 3264  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:21:15.0257 3264  Ndisuio - ok
11:21:15.0274 3264  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:21:15.0374 3264  NdisWan - ok
11:21:15.0393 3264  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:21:15.0477 3264  NDProxy - ok
11:21:15.0532 3264  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:21:15.0631 3264  NetBIOS - ok
11:21:15.0680 3264  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:21:15.0769 3264  NetBT - ok
11:21:15.0793 3264  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:21:15.0820 3264  Netlogon - ok
11:21:15.0861 3264  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:21:15.0981 3264  Netman - ok
11:21:16.0034 3264  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:21:16.0133 3264  NetMsmqActivator - ok
11:21:16.0179 3264  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:21:16.0204 3264  NetPipeActivator - ok
11:21:16.0245 3264  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:21:16.0351 3264  netprofm - ok
11:21:16.0439 3264  [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
11:21:16.0502 3264  netr7364 - ok
11:21:16.0534 3264  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:21:16.0558 3264  NetTcpActivator - ok
11:21:16.0567 3264  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:21:16.0592 3264  NetTcpPortSharing - ok
11:21:16.0634 3264  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:21:16.0662 3264  nfrd960 - ok
11:21:16.0713 3264  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:21:16.0832 3264  NlaSvc - ok
11:21:16.0854 3264  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:21:16.0942 3264  Npfs - ok
11:21:16.0958 3264  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:21:17.0058 3264  nsi - ok
11:21:17.0103 3264  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:21:17.0201 3264  nsiproxy - ok
11:21:17.0273 3264  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:21:17.0403 3264  Ntfs - ok
11:21:17.0427 3264  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:21:17.0512 3264  Null - ok
11:21:17.0544 3264  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:21:17.0576 3264  nvraid - ok
11:21:17.0597 3264  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:21:17.0630 3264  nvstor - ok
11:21:17.0653 3264  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:21:17.0684 3264  nv_agp - ok
11:21:17.0699 3264  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:21:17.0728 3264  ohci1394 - ok
11:21:17.0807 3264  [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
11:21:17.0824 3264  OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
11:21:17.0825 3264  OpenVPNService - detected UnsignedFile.Multi.Generic (1)
11:21:17.0870 3264  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:21:17.0940 3264  p2pimsvc - ok
11:21:17.0975 3264  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:21:18.0017 3264  p2psvc - ok
11:21:18.0055 3264  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:21:18.0084 3264  Parport - ok
11:21:18.0139 3264  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:21:18.0169 3264  partmgr - ok
11:21:18.0175 3264  pbfilter - ok
11:21:18.0213 3264  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:21:18.0278 3264  PcaSvc - ok
11:21:18.0306 3264  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:21:18.0339 3264  pci - ok
11:21:18.0353 3264  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:21:18.0381 3264  pciide - ok
11:21:18.0408 3264  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:21:18.0445 3264  pcmcia - ok
11:21:18.0478 3264  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:21:18.0506 3264  pcw - ok
11:21:18.0526 3264  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:21:18.0645 3264  PEAUTH - ok
11:21:18.0762 3264  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:21:18.0806 3264  PerfHost - ok
11:21:18.0908 3264  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:21:19.0066 3264  pla - ok
11:21:19.0121 3264  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:21:19.0176 3264  PlugPlay - ok
11:21:19.0198 3264  PnkBstrA - ok
11:21:19.0218 3264  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:21:19.0255 3264  PNRPAutoReg - ok
11:21:19.0336 3264  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:21:19.0372 3264  PNRPsvc - ok
11:21:19.0415 3264  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:21:19.0532 3264  PolicyAgent - ok
11:21:19.0573 3264  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:21:19.0676 3264  Power - ok
11:21:19.0708 3264  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:21:19.0804 3264  PptpMiniport - ok
11:21:19.0830 3264  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:21:19.0866 3264  Processor - ok
11:21:19.0926 3264  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
11:21:20.0037 3264  ProfSvc - ok
11:21:20.0059 3264  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:21:20.0086 3264  ProtectedStorage - ok
11:21:20.0125 3264  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:21:20.0211 3264  Psched - ok
11:21:20.0272 3264  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:21:20.0386 3264  ql2300 - ok
11:21:20.0428 3264  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:21:20.0459 3264  ql40xx - ok
11:21:20.0524 3264  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:21:20.0582 3264  QWAVE - ok
11:21:20.0605 3264  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:21:20.0665 3264  QWAVEdrv - ok
11:21:20.0683 3264  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:21:20.0770 3264  RasAcd - ok
11:21:20.0807 3264  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:21:20.0894 3264  RasAgileVpn - ok
11:21:20.0958 3264  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:21:21.0057 3264  RasAuto - ok
11:21:21.0092 3264  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:21:21.0191 3264  Rasl2tp - ok
11:21:21.0263 3264  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:21:21.0360 3264  RasMan - ok
11:21:21.0385 3264  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:21:21.0489 3264  RasPppoe - ok
11:21:21.0510 3264  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:21:21.0610 3264  RasSstp - ok
11:21:21.0651 3264  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:21:21.0757 3264  rdbss - ok
11:21:21.0788 3264  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
11:21:21.0822 3264  rdpbus - ok
11:21:21.0843 3264  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:21:21.0943 3264  RDPCDD - ok
11:21:21.0988 3264  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:21:22.0087 3264  RDPENCDD - ok
11:21:22.0112 3264  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:21:22.0198 3264  RDPREFMP - ok
11:21:22.0279 3264  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:21:22.0338 3264  RDPWD - ok
11:21:22.0374 3264  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:21:22.0410 3264  rdyboost - ok
11:21:22.0480 3264  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:21:22.0597 3264  RemoteAccess - ok
11:21:22.0663 3264  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:21:22.0785 3264  RemoteRegistry - ok
11:21:22.0801 3264  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:21:22.0908 3264  RpcEptMapper - ok
11:21:22.0938 3264  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:21:22.0968 3264  RpcLocator - ok
11:21:23.0012 3264  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:21:23.0111 3264  RpcSs - ok
11:21:23.0159 3264  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:21:23.0249 3264  rspndr - ok
11:21:23.0308 3264  [ 6FA271B6816AFFAEF640808FC51AC8AF ] RTCore64        C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
11:21:23.0334 3264  RTCore64 - ok
11:21:23.0373 3264  [ B88880586ACD3EDEFCD0F9C2A6C1EE27 ] RTL2832UBDA     C:\Windows\system32\drivers\RTL2832UBDA.sys
11:21:23.0404 3264  RTL2832UBDA - ok
11:21:23.0441 3264  [ 4C04300EE6A5E780FD4E2F0806AECA0E ] RTL2832UUSB     C:\Windows\system32\Drivers\RTL2832UUSB.sys
11:21:23.0463 3264  RTL2832UUSB - ok
11:21:23.0501 3264  [ 19FAA5E7CF3D5263F4E79450A03E50CA ] RTL2832U_IRHID  C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
11:21:23.0525 3264  RTL2832U_IRHID - ok
11:21:23.0576 3264  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:21:23.0626 3264  RTL8167 - ok
11:21:23.0659 3264  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:21:23.0686 3264  SamSs - ok
11:21:23.0710 3264  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:21:23.0740 3264  sbp2port - ok
11:21:23.0774 3264  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:21:23.0882 3264  SCardSvr - ok
11:21:23.0905 3264  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:21:24.0004 3264  scfilter - ok
11:21:24.0052 3264  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:21:24.0179 3264  Schedule - ok
11:21:24.0203 3264  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:21:24.0290 3264  SCPolicySvc - ok
11:21:24.0309 3264  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:21:24.0368 3264  SDRSVC - ok
11:21:24.0394 3264  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:21:24.0489 3264  secdrv - ok
11:21:24.0499 3264  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:21:24.0585 3264  seclogon - ok
11:21:24.0611 3264  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:21:24.0710 3264  SENS - ok
11:21:24.0737 3264  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:21:24.0785 3264  SensrSvc - ok
11:21:24.0809 3264  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:21:24.0843 3264  Serenum - ok
11:21:24.0884 3264  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:21:24.0929 3264  Serial - ok
11:21:24.0947 3264  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:21:24.0982 3264  sermouse - ok
11:21:25.0076 3264  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:21:25.0178 3264  SessionEnv - ok
11:21:25.0211 3264  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:21:25.0245 3264  sffdisk - ok
11:21:25.0287 3264  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:21:25.0338 3264  sffp_mmc - ok
11:21:25.0354 3264  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:21:25.0398 3264  sffp_sd - ok
11:21:25.0417 3264  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:21:25.0444 3264  sfloppy - ok
11:21:25.0502 3264  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:21:25.0604 3264  SharedAccess - ok
11:21:25.0642 3264  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:21:25.0758 3264  ShellHWDetection - ok
11:21:25.0781 3264  [ E9E830D540EDEDED650F906628468548 ] simptcp         C:\Windows\System32\tcpsvcs.exe
11:21:25.0813 3264  simptcp - ok
11:21:25.0866 3264  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:21:25.0895 3264  SiSRaid2 - ok
11:21:25.0911 3264  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:21:25.0941 3264  SiSRaid4 - ok
11:21:26.0027 3264  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:21:26.0053 3264  SkypeUpdate - ok
11:21:26.0089 3264  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:21:26.0192 3264  Smb - ok
11:21:26.0226 3264  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:21:26.0267 3264  SNMPTRAP - ok
11:21:26.0324 3264  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
11:21:26.0352 3264  speedfan - ok
11:21:26.0375 3264  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:21:26.0401 3264  spldr - ok
11:21:26.0473 3264  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
11:21:26.0574 3264  Spooler - ok
11:21:26.0693 3264  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:21:26.0882 3264  sppsvc - ok
11:21:26.0904 3264  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:21:27.0012 3264  sppuinotify - ok
11:21:27.0067 3264  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:21:27.0125 3264  srv - ok
11:21:27.0151 3264  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:21:27.0200 3264  srv2 - ok
11:21:27.0223 3264  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:21:27.0251 3264  srvnet - ok
11:21:27.0321 3264  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:21:27.0427 3264  SSDPSRV - ok
11:21:27.0446 3264  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:21:27.0536 3264  SstpSvc - ok
11:21:27.0572 3264  Steam Client Service - ok
11:21:27.0606 3264  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:21:27.0633 3264  stexstor - ok
11:21:27.0686 3264  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:21:27.0743 3264  stisvc - ok
11:21:27.0764 3264  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:21:27.0790 3264  swenum - ok
11:21:27.0839 3264  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:21:27.0960 3264  swprv - ok
11:21:28.0017 3264  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:21:28.0143 3264  SysMain - ok
11:21:28.0170 3264  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:21:28.0215 3264  TabletInputService - ok
11:21:28.0267 3264  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
11:21:28.0311 3264  tap0901 - ok
11:21:28.0348 3264  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:21:28.0468 3264  TapiSrv - ok
11:21:28.0493 3264  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:21:28.0583 3264  TBS - ok
11:21:28.0674 3264  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:21:28.0806 3264  Tcpip - ok
11:21:28.0868 3264  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:21:28.0965 3264  TCPIP6 - ok
11:21:28.0994 3264  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:21:29.0093 3264  tcpipreg - ok
11:21:29.0119 3264  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:21:29.0154 3264  TDPIPE - ok
11:21:29.0178 3264  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:21:29.0215 3264  TDTCP - ok
11:21:29.0240 3264  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:21:29.0324 3264  tdx - ok
11:21:29.0464 3264  [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service      C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
11:21:29.0490 3264  Te.Service ( UnsignedFile.Multi.Generic ) - warning
11:21:29.0490 3264  Te.Service - detected UnsignedFile.Multi.Generic (1)
11:21:29.0507 3264  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:21:29.0534 3264  TermDD - ok
11:21:29.0607 3264  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:21:29.0738 3264  TermService - ok
11:21:29.0774 3264  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:21:29.0816 3264  Themes - ok
11:21:29.0859 3264  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:21:29.0948 3264  THREADORDER - ok
11:21:29.0971 3264  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:21:30.0097 3264  TrkWks - ok
11:21:30.0199 3264  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
11:21:30.0231 3264  truecrypt - ok
11:21:30.0309 3264  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:21:30.0407 3264  TrustedInstaller - ok
11:21:30.0444 3264  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:21:30.0545 3264  tssecsrv - ok
11:21:30.0608 3264  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:21:30.0643 3264  TsUsbFlt - ok
11:21:30.0826 3264  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:21:30.0873 3264  TsUsbGD - ok
11:21:30.0913 3264  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:21:31.0016 3264  tunnel - ok
11:21:31.0078 3264  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:21:31.0150 3264  uagp35 - ok
11:21:31.0191 3264  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:21:31.0322 3264  udfs - ok
11:21:31.0406 3264  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:21:31.0455 3264  UI0Detect - ok
11:21:31.0489 3264  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:21:31.0522 3264  uliagpkx - ok
11:21:31.0562 3264  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:21:31.0607 3264  umbus - ok
11:21:31.0649 3264  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:21:31.0686 3264  UmPass - ok
11:21:31.0764 3264  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:21:31.0877 3264  upnphost - ok
11:21:31.0932 3264  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:21:31.0994 3264  usbaudio - ok
11:21:32.0039 3264  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:21:32.0068 3264  usbccgp - ok
11:21:32.0100 3264  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:21:32.0136 3264  usbcir - ok
11:21:32.0163 3264  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:21:32.0213 3264  usbehci - ok
11:21:32.0262 3264  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:21:32.0311 3264  usbhub - ok
11:21:32.0329 3264  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
11:21:32.0356 3264  usbohci - ok
11:21:32.0399 3264  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
11:21:32.0446 3264  usbprint - ok
11:21:32.0473 3264  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:21:32.0526 3264  USBSTOR - ok
11:21:32.0551 3264  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:21:32.0604 3264  usbuhci - ok
11:21:32.0651 3264  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:21:32.0691 3264  usbvideo - ok
11:21:32.0761 3264  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
11:21:32.0822 3264  usb_rndisx - ok
11:21:32.0850 3264  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:21:32.0950 3264  UxSms - ok
11:21:32.0993 3264  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:21:33.0020 3264  VaultSvc - ok
11:21:33.0221 3264  [ AD6D273E646B94BB6668C8CB439CFBD3 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
11:21:33.0254 3264  VBoxDrv - ok
11:21:33.0301 3264  [ B0A8C5BC95689A130F9E05492341833D ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:21:33.0330 3264  VBoxNetAdp - ok
11:21:33.0414 3264  [ 2966838EDAFBEB2819D127BF7D23F27B ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
11:21:33.0444 3264  VBoxNetFlt - ok
11:21:33.0479 3264  [ 1E821B0057C861F6AFE88187466F7CA4 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
11:21:33.0526 3264  VBoxUSB - ok
11:21:33.0594 3264  [ E5C140160617B2B0545B4051AA9507FF ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
11:21:33.0622 3264  VBoxUSBMon - ok
11:21:33.0657 3264  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:21:33.0684 3264  vdrvroot - ok
11:21:33.0747 3264  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:21:33.0881 3264  vds - ok
11:21:33.0919 3264  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:21:33.0955 3264  vga - ok
11:21:33.0986 3264  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:21:34.0110 3264  VgaSave - ok
11:21:34.0171 3264  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:21:34.0207 3264  vhdmp - ok
11:21:34.0263 3264  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:21:34.0311 3264  viaide - ok
11:21:34.0348 3264  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:21:34.0378 3264  volmgr - ok
11:21:34.0419 3264  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:21:34.0463 3264  volmgrx - ok
11:21:34.0608 3264  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:21:34.0653 3264  volsnap - ok
11:21:34.0754 3264  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:21:34.0788 3264  vsmraid - ok
11:21:35.0203 3264  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:21:35.0372 3264  VSS - ok
11:21:35.0400 3264  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:21:35.0473 3264  vwifibus - ok
11:21:35.0522 3264  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:21:35.0598 3264  vwififlt - ok
11:21:35.0659 3264  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
11:21:35.0700 3264  vwifimp - ok
11:21:35.0749 3264  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:21:35.0863 3264  W32Time - ok
11:21:35.0918 3264  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:21:35.0981 3264  WacomPen - ok
11:21:36.0050 3264  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:21:36.0177 3264  WANARP - ok
11:21:36.0200 3264  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:21:36.0287 3264  Wanarpv6 - ok
11:21:36.0765 3264  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:21:36.0861 3264  WatAdminSvc - ok
11:21:36.0968 3264  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:21:37.0135 3264  wbengine - ok
11:21:37.0193 3264  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:21:37.0242 3264  WbioSrvc - ok
11:21:37.0263 3264  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:21:37.0332 3264  wcncsvc - ok
11:21:37.0357 3264  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:21:37.0432 3264  WcsPlugInService - ok
11:21:37.0518 3264  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:21:37.0567 3264  Wd - ok
11:21:37.0648 3264  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:21:37.0730 3264  Wdf01000 - ok
11:21:37.0786 3264  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:21:38.0211 3264  WdiServiceHost - ok
11:21:38.0220 3264  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:21:38.0263 3264  WdiSystemHost - ok
11:21:38.0330 3264  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:21:38.0399 3264  WebClient - ok
11:21:38.0414 3264  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:21:38.0542 3264  Wecsvc - ok
11:21:38.0564 3264  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:21:38.0659 3264  wercplsupport - ok
11:21:38.0726 3264  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:21:38.0840 3264  WerSvc - ok
11:21:38.0891 3264  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:21:38.0982 3264  WfpLwf - ok
11:21:38.0998 3264  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:21:39.0025 3264  WIMMount - ok
11:21:39.0039 3264  WinDefend - ok
11:21:39.0055 3264  WinHttpAutoProxySvc - ok
11:21:39.0159 3264  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:21:39.0253 3264  Winmgmt - ok
11:21:39.0489 3264  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:21:39.0665 3264  WinRM - ok
11:21:39.0729 3264  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:21:39.0764 3264  WinUsb - ok
11:21:39.0810 3264  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:21:39.0890 3264  Wlansvc - ok
11:21:39.0917 3264  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:21:39.0950 3264  WmiAcpi - ok
11:21:39.0988 3264  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:21:40.0033 3264  wmiApSrv - ok
11:21:40.0071 3264  WMPNetworkSvc - ok
11:21:40.0096 3264  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:21:40.0137 3264  WPCSvc - ok
11:21:40.0161 3264  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:21:40.0196 3264  WPDBusEnum - ok
11:21:40.0252 3264  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:21:40.0339 3264  ws2ifsl - ok
11:21:40.0365 3264  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:21:40.0425 3264  wscsvc - ok
11:21:40.0493 3264  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:21:40.0538 3264  WSDPrintDevice - ok
11:21:40.0589 3264  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
11:21:40.0624 3264  WSDScan - ok
11:21:40.0632 3264  WSearch - ok
11:21:40.0730 3264  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:21:40.0849 3264  wuauserv - ok
11:21:40.0878 3264  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:21:40.0978 3264  WudfPf - ok
11:21:41.0012 3264  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:21:41.0113 3264  WUDFRd - ok
11:21:41.0152 3264  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:21:41.0240 3264  wudfsvc - ok
11:21:41.0269 3264  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:21:41.0330 3264  WwanSvc - ok
11:21:41.0388 3264  ================ Scan global ===============================
11:21:41.0421 3264  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:21:41.0491 3264  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:21:41.0512 3264  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:21:41.0542 3264  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:21:41.0606 3264  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:21:41.0614 3264  [Global] - ok
11:21:41.0615 3264  ================ Scan MBR ==================================
11:21:41.0628 3264  [ AD9B705AB096A51023121C8E7DB9D21B ] \Device\Harddisk0\DR0
11:21:41.0937 3264  \Device\Harddisk0\DR0 - ok
11:21:41.0938 3264  ================ Scan VBR ==================================
11:21:41.0968 3264  [ 5DCAD835B01EE0B1F0ADFCF941E18228 ] \Device\Harddisk0\DR0\Partition1
11:21:41.0971 3264  \Device\Harddisk0\DR0\Partition1 - ok
11:21:41.0988 3264  [ C496F11C74840C634302E3AEF7267407 ] \Device\Harddisk0\DR0\Partition2
11:21:41.0992 3264  \Device\Harddisk0\DR0\Partition2 - ok
11:21:41.0992 3264  ================ Scan active images ========================
11:21:41.0998 3264  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
11:21:41.0998 3264  C:\Windows\System32\drivers\crashdmp.sys - ok
11:21:42.0005 3264  [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
11:21:42.0005 3264  C:\Windows\System32\drivers\Dumpata.sys - ok
11:21:42.0015 3264  [ 02062C0B390B7729EDC9E69C680A6F3C ] C:\Windows\System32\drivers\atapi.sys
11:21:42.0015 3264  C:\Windows\System32\drivers\atapi.sys - ok
11:21:42.0026 3264  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
11:21:42.0026 3264  C:\Windows\System32\drivers\dumpfve.sys - ok
11:21:42.0037 3264  [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
11:21:42.0037 3264  C:\Windows\System32\drivers\cdrom.sys - ok
11:21:42.0048 3264  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
11:21:42.0048 3264  C:\Windows\System32\drivers\null.sys - ok
11:21:42.0058 3264  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
11:21:42.0058 3264  C:\Windows\System32\drivers\beep.sys - ok
11:21:42.0069 3264  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
11:21:42.0069 3264  C:\Windows\System32\drivers\vga.sys - ok
11:21:42.0081 3264  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
11:21:42.0081 3264  C:\Windows\System32\drivers\videoprt.sys - ok
11:21:42.0091 3264  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
11:21:42.0091 3264  C:\Windows\System32\drivers\watchdog.sys - ok
11:21:42.0102 3264  [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
11:21:42.0102 3264  C:\Windows\System32\drivers\RDPCDD.sys - ok
11:21:42.0113 3264  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
11:21:42.0113 3264  C:\Windows\System32\drivers\RDPENCDD.sys - ok
11:21:42.0124 3264  [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
11:21:42.0124 3264  C:\Windows\System32\drivers\RDPREFMP.sys - ok
11:21:42.0134 3264  [ 86B0FBC17425B0A00D431B3C8F4D2F9D ] C:\Windows\System32\drivers\ext2fsd.sys
11:21:42.0135 3264  C:\Windows\System32\drivers\ext2fsd.sys - ok
11:21:42.0145 3264  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
11:21:42.0145 3264  C:\Windows\System32\drivers\msfs.sys - ok
11:21:42.0155 3264  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
11:21:42.0155 3264  C:\Windows\System32\drivers\npfs.sys - ok
11:21:42.0166 3264  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
11:21:42.0166 3264  C:\Windows\System32\drivers\tdi.sys - ok
11:21:42.0177 3264  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
11:21:42.0177 3264  C:\Windows\System32\drivers\tdx.sys - ok
11:21:42.0188 3264  [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
11:21:42.0188 3264  C:\Windows\System32\drivers\afd.sys - ok
11:21:42.0199 3264  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
11:21:42.0199 3264  C:\Windows\System32\drivers\netbt.sys - ok
11:21:42.0210 3264  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
11:21:42.0210 3264  C:\Windows\System32\drivers\pacer.sys - ok
11:21:42.0220 3264  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
11:21:42.0221 3264  C:\Windows\System32\drivers\wfplwf.sys - ok
11:21:42.0231 3264  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
11:21:42.0231 3264  C:\Windows\System32\drivers\netbios.sys - ok
11:21:42.0242 3264  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
11:21:42.0242 3264  C:\Windows\System32\drivers\vwififlt.sys - ok
11:21:42.0253 3264  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys
11:21:42.0253 3264  C:\Windows\System32\drivers\serial.sys - ok
11:21:42.0260 3264  [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
11:21:42.0260 3264  C:\Windows\System32\drivers\wanarp.sys - ok
11:21:42.0271 3264  [ E5C140160617B2B0545B4051AA9507FF ] C:\Windows\System32\drivers\VBoxUSBMon.sys
11:21:42.0271 3264  C:\Windows\System32\drivers\VBoxUSBMon.sys - ok
11:21:42.0282 3264  [ AD6D273E646B94BB6668C8CB439CFBD3 ] C:\Windows\System32\drivers\VBoxDrv.sys
11:21:42.0282 3264  C:\Windows\System32\drivers\VBoxDrv.sys - ok
11:21:42.0293 3264  [ 370A6907DDF79532A39319492B1FA38A ] C:\Windows\System32\drivers\truecrypt.sys
11:21:42.0293 3264  C:\Windows\System32\drivers\truecrypt.sys - ok
11:21:42.0304 3264  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
11:21:42.0304 3264  C:\Windows\System32\drivers\termdd.sys - ok
11:21:42.0315 3264  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
11:21:42.0315 3264  C:\Windows\System32\drivers\rdbss.sys - ok
11:21:42.0326 3264  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
11:21:42.0326 3264  C:\Windows\System32\drivers\nsiproxy.sys - ok
11:21:42.0337 3264  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
11:21:42.0337 3264  C:\Windows\System32\drivers\mssmbios.sys - ok
11:21:42.0348 3264  [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
11:21:42.0348 3264  C:\Windows\System32\drivers\discache.sys - ok
11:21:42.0359 3264  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
11:21:42.0359 3264  C:\Windows\System32\drivers\dfsc.sys - ok
11:21:42.0370 3264  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
11:21:42.0370 3264  C:\Windows\System32\drivers\blbdrive.sys - ok
11:21:42.0381 3264  [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
11:21:42.0381 3264  C:\Windows\System32\drivers\tunnel.sys - ok
11:21:42.0392 3264  [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
11:21:42.0392 3264  C:\Windows\System32\ntdll.dll - ok
11:21:42.0403 3264  [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
11:21:42.0403 3264  C:\Windows\System32\smss.exe - ok
11:21:42.0413 3264  [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
11:21:42.0413 3264  C:\Windows\System32\drivers\amdppm.sys - ok
11:21:42.0424 3264  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
11:21:42.0424 3264  C:\Windows\System32\autochk.exe - ok
11:21:42.0435 3264  [ EE22D3ED6D55A855E709F811CCCA97ED ] C:\Windows\System32\drivers\atikmpag.sys
11:21:42.0435 3264  C:\Windows\System32\drivers\atikmpag.sys - ok
11:21:42.0445 3264  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
11:21:42.0445 3264  C:\Windows\System32\gdi32.dll - ok
11:21:42.0457 3264  [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
11:21:42.0457 3264  C:\Windows\System32\rpcrt4.dll - ok
11:21:42.0468 3264  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
11:21:42.0468 3264  C:\Windows\System32\imm32.dll - ok
11:21:42.0479 3264  [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
11:21:42.0479 3264  C:\Windows\System32\usp10.dll - ok
11:21:42.0489 3264  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
11:21:42.0489 3264  C:\Windows\System32\sechost.dll - ok
11:21:42.0499 3264  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
11:21:42.0499 3264  C:\Windows\System32\lpk.dll - ok
11:21:42.0509 3264  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
11:21:42.0509 3264  C:\Windows\System32\ws2_32.dll - ok
11:21:42.0516 3264  [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
11:21:42.0516 3264  C:\Windows\System32\iertutil.dll - ok
11:21:42.0527 3264  [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
11:21:42.0527 3264  C:\Windows\System32\urlmon.dll - ok
11:21:42.0537 3264  [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
11:21:42.0537 3264  C:\Windows\System32\kernel32.dll - ok
11:21:42.0548 3264  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
11:21:42.0548 3264  C:\Windows\System32\advapi32.dll - ok
11:21:42.0558 3264  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
11:21:42.0559 3264  C:\Windows\System32\comdlg32.dll - ok
11:21:42.0569 3264  [ 22A14DF59FB8D0BE918C597988AF4296 ] C:\Windows\System32\drivers\atikmdag.sys
11:21:42.0569 3264  C:\Windows\System32\drivers\atikmdag.sys - ok
11:21:42.0580 3264  [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
11:21:42.0580 3264  C:\Windows\System32\msvcrt.dll - ok
11:21:42.0590 3264  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
11:21:42.0591 3264  C:\Windows\System32\clbcatq.dll - ok
11:21:42.0601 3264  [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
11:21:42.0601 3264  C:\Windows\System32\shell32.dll - ok
11:21:42.0613 3264  [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
11:21:42.0613 3264  C:\Windows\System32\drivers\dxgkrnl.sys - ok
11:21:42.0624 3264  [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
11:21:42.0624 3264  C:\Windows\System32\drivers\dxgmms1.sys - ok
11:21:42.0635 3264  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
11:21:42.0635 3264  C:\Windows\System32\drivers\hdaudbus.sys - ok
11:21:42.0645 3264  [ BAEFEE35D27A5440D35092CE10267BEC ] C:\Windows\System32\drivers\Rt64win7.sys
11:21:42.0645 3264  C:\Windows\System32\drivers\Rt64win7.sys - ok
11:21:42.0656 3264  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
11:21:42.0656 3264  C:\Windows\System32\normaliz.dll - ok
11:21:42.0667 3264  [ B6D64EE607637301FF8C33139B4950DE ] C:\Windows\System32\drivers\usbport.sys
11:21:42.0667 3264  C:\Windows\System32\drivers\usbport.sys - ok
11:21:42.0678 3264  [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
11:21:42.0678 3264  C:\Windows\System32\oleaut32.dll - ok
11:21:42.0690 3264  [ 58E546BBAF87664FC57E0F6081E4F609 ] C:\Windows\System32\drivers\usbohci.sys
11:21:42.0690 3264  C:\Windows\System32\drivers\usbohci.sys - ok
11:21:42.0701 3264  [ 74EE782B1D9C241EFE425565854C661C ] C:\Windows\System32\drivers\usbehci.sys
11:21:42.0701 3264  C:\Windows\System32\drivers\usbehci.sys - ok
11:21:42.0712 3264  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
11:21:42.0712 3264  C:\Windows\System32\Wldap32.dll - ok
11:21:42.0723 3264  [ 0086431C29C35BE1DBC43F52CC273887 ] C:\Windows\System32\drivers\parport.sys
11:21:42.0723 3264  C:\Windows\System32\drivers\parport.sys - ok
11:21:42.0734 3264  [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
11:21:42.0734 3264  C:\Windows\System32\wininet.dll - ok
11:21:42.0745 3264  [ 03B7145C889603537E9FFEABB1AD1089 ] C:\Windows\System32\drivers\ASACPI.sys
11:21:42.0745 3264  C:\Windows\System32\drivers\ASACPI.sys - ok
11:21:42.0755 3264  [ CB624C0035412AF0DEBEC78C41F5CA1B ] C:\Windows\System32\drivers\serenum.sys
11:21:42.0756 3264  C:\Windows\System32\drivers\serenum.sys - ok
11:21:42.0762 3264  [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
11:21:42.0762 3264  C:\Windows\System32\drivers\wmiacpi.sys - ok
11:21:42.0779 3264  [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
11:21:42.0779 3264  C:\Windows\System32\drivers\CompositeBus.sys - ok
11:21:42.0785 3264  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
11:21:42.0785 3264  C:\Windows\System32\psapi.dll - ok
11:21:42.0795 3264  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
11:21:42.0795 3264  C:\Windows\System32\shlwapi.dll - ok
11:21:42.0806 3264  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
11:21:42.0806 3264  C:\Windows\System32\msctf.dll - ok
11:21:42.0819 3264  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
11:21:42.0819 3264  C:\Windows\System32\drivers\ks.sys - ok
11:21:42.0828 3264  [ DE585D1D266805E5EEDAE911FDD16F38 ] C:\Windows\System32\drivers\mcvidrv_x64.sys
11:21:42.0828 3264  C:\Windows\System32\drivers\mcvidrv_x64.sys - ok
11:21:42.0844 3264  [ 001CC10FA5E71AE1119115E126C8750D ] C:\Windows\System32\drivers\stream.sys
11:21:42.0844 3264  C:\Windows\System32\drivers\stream.sys - ok
11:21:42.0852 3264  [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
11:21:42.0852 3264  C:\Windows\System32\drivers\ksthunk.sys - ok
11:21:42.0864 3264  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
11:21:42.0864 3264  C:\Windows\System32\nsi.dll - ok
11:21:42.0874 3264  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
11:21:42.0875 3264  C:\Windows\System32\setupapi.dll - ok
11:21:42.0885 3264  [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
11:21:42.0885 3264  C:\Windows\System32\drivers\drmk.sys - ok
11:21:42.0896 3264  [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
11:21:42.0896 3264  C:\Windows\System32\drivers\portcls.sys - ok
11:21:42.0907 3264  [ 5858C4ABE87D0A842A941D6BD08038F1 ] C:\Windows\System32\drivers\mcaudrv_x64.sys
11:21:42.0907 3264  C:\Windows\System32\drivers\mcaudrv_x64.sys - ok
11:21:42.0918 3264  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
11:21:42.0918 3264  C:\Windows\System32\drivers\agilevpn.sys - ok
11:21:42.0928 3264  [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
11:21:42.0928 3264  C:\Windows\System32\ole32.dll - ok
11:21:42.0939 3264  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
11:21:42.0939 3264  C:\Windows\System32\drivers\rasl2tp.sys - ok
11:21:42.0950 3264  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
11:21:42.0950 3264  C:\Windows\System32\drivers\ndistapi.sys - ok
11:21:42.0961 3264  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
11:21:42.0961 3264  C:\Windows\System32\drivers\ndiswan.sys - ok
11:21:42.0971 3264  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
11:21:42.0971 3264  C:\Windows\System32\drivers\raspppoe.sys - ok
11:21:42.0982 3264  [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
11:21:42.0983 3264  C:\Windows\System32\imagehlp.dll - ok
11:21:42.0993 3264  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
11:21:42.0993 3264  C:\Windows\System32\difxapi.dll - ok
11:21:43.0004 3264  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
11:21:43.0004 3264  C:\Windows\System32\drivers\raspptp.sys - ok
11:21:43.0015 3264  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
11:21:43.0015 3264  C:\Windows\System32\drivers\rassstp.sys - ok
11:21:43.0021 3264  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
11:21:43.0021 3264  C:\Windows\System32\user32.dll - ok
11:21:43.0032 3264  [ B0A8C5BC95689A130F9E05492341833D ] C:\Windows\System32\drivers\VBoxNetAdp.sys
11:21:43.0032 3264  C:\Windows\System32\drivers\VBoxNetAdp.sys - ok



11:21:43.0043 3264  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
11:21:43.0043 3264  C:\Windows\System32\devobj.dll - ok
11:21:43.0054 3264  [ F9BE29D5E097F03F81D3CD12B794CB66 ] C:\Windows\System32\drivers\tap0901.sys
11:21:43.0054 3264  C:\Windows\System32\drivers\tap0901.sys - ok
11:21:43.0065 3264  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
11:21:43.0065 3264  C:\Windows\System32\comctl32.dll - ok
11:21:43.0075 3264  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
11:21:43.0076 3264  C:\Windows\System32\drivers\kbdclass.sys - ok
11:21:43.0086 3264  [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
11:21:43.0086 3264  C:\Windows\System32\crypt32.dll - ok
11:21:43.0096 3264  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
11:21:43.0096 3264  C:\Windows\System32\drivers\mouclass.sys - ok
11:21:43.0107 3264  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
11:21:43.0107 3264  C:\Windows\System32\drivers\swenum.sys - ok
11:21:43.0118 3264  [ 2966838EDAFBEB2819D127BF7D23F27B ] C:\Windows\System32\drivers\VBoxNetFlt.sys
11:21:43.0118 3264  C:\Windows\System32\drivers\VBoxNetFlt.sys - ok
11:21:43.0129 3264  [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
11:21:43.0129 3264  C:\Windows\System32\drivers\umbus.sys - ok
11:21:43.0140 3264  [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
11:21:43.0140 3264  C:\Windows\System32\KernelBase.dll - ok
11:21:43.0151 3264  [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
11:21:43.0151 3264  C:\Windows\System32\cfgmgr32.dll - ok
11:21:43.0162 3264  [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
11:21:43.0163 3264  C:\Windows\System32\wintrust.dll - ok
11:21:43.0173 3264  [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
11:21:43.0173 3264  C:\Windows\System32\msasn1.dll - ok
11:21:43.0185 3264  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
11:21:43.0185 3264  C:\Windows\SysWOW64\normaliz.dll - ok
11:21:43.0197 3264  [ DC96BD9CCB8403251BCF25047573558E ] C:\Windows\System32\drivers\usbhub.sys
11:21:43.0197 3264  C:\Windows\System32\drivers\usbhub.sys - ok
11:21:43.0209 3264  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
11:21:43.0209 3264  C:\Windows\System32\drivers\ndproxy.sys - ok
11:21:43.0220 3264  [ 437F55435623D4D54D36197F5AD8B435 ] C:\Windows\System32\drivers\AtihdW76.sys
11:21:43.0220 3264  C:\Windows\System32\drivers\AtihdW76.sys - ok
11:21:43.0231 3264  [ 975761C778E33CD22498059B91E7373A ] C:\Windows\System32\drivers\HdAudio.sys
11:21:43.0231 3264  C:\Windows\System32\drivers\HdAudio.sys - ok
11:21:43.0242 3264  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
11:21:43.0242 3264  C:\Windows\System32\drivers\dxapi.sys - ok
11:21:43.0252 3264  [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
11:21:43.0252 3264  C:\Windows\System32\win32k.sys - ok
11:21:43.0263 3264  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
11:21:43.0263 3264  C:\Windows\System32\csrss.exe - ok
11:21:43.0269 3264  [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
11:21:43.0269 3264  C:\Windows\System32\csrsrv.dll - ok
11:21:43.0281 3264  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] C:\Windows\System32\drivers\usbccgp.sys
11:21:43.0281 3264  C:\Windows\System32\drivers\usbccgp.sys - ok
11:21:43.0291 3264  [ 63C8D74BED9F80F4DD0AA7A3101EB639 ] C:\Windows\System32\drivers\usbd.sys
11:21:43.0291 3264  C:\Windows\System32\drivers\usbd.sys - ok
11:21:43.0302 3264  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
11:21:43.0302 3264  C:\Windows\System32\basesrv.dll - ok
11:21:43.0313 3264  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
11:21:43.0313 3264  C:\Windows\System32\winsrv.dll - ok
11:21:43.0324 3264  [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
11:21:43.0324 3264  C:\Windows\System32\drivers\hidparse.sys - ok
11:21:43.0340 3264  [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
11:21:43.0340 3264  C:\Windows\System32\drivers\hidclass.sys - ok
11:21:43.0347 3264  [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
11:21:43.0347 3264  C:\Windows\System32\drivers\hidusb.sys - ok
11:21:43.0358 3264  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
11:21:43.0358 3264  C:\Windows\System32\drivers\mouhid.sys - ok
11:21:43.0370 3264  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
11:21:43.0370 3264  C:\Windows\System32\drivers\kbdhid.sys - ok
11:21:43.0382 3264  [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
11:21:43.0383 3264  C:\Windows\System32\drivers\monitor.sys - ok
11:21:43.0393 3264  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
11:21:43.0393 3264  C:\Windows\System32\tsddd.dll - ok
11:21:43.0403 3264  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
11:21:43.0403 3264  C:\Windows\System32\sxssrv.dll - ok
11:21:43.0414 3264  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
11:21:43.0414 3264  C:\Windows\System32\wininit.exe - ok
11:21:43.0426 3264  [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
11:21:43.0426 3264  C:\Windows\System32\cdd.dll - ok
11:21:43.0436 3264  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
11:21:43.0437 3264  C:\Windows\System32\profapi.dll - ok
11:21:43.0447 3264  [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
11:21:43.0447 3264  C:\Windows\System32\RpcRtRemote.dll - ok
11:21:43.0458 3264  [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
11:21:43.0458 3264  C:\Windows\System32\KBDUS.DLL - ok
11:21:43.0469 3264  [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
11:21:43.0469 3264  C:\Windows\System32\winlogon.exe - ok
11:21:43.0479 3264  [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
11:21:43.0479 3264  C:\Windows\System32\winsta.dll - ok
11:21:43.0490 3264  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
11:21:43.0490 3264  C:\Windows\System32\WlS0WndH.dll - ok
11:21:43.0502 3264  [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
11:21:43.0502 3264  C:\Windows\System32\sxs.dll - ok
11:21:43.0512 3264  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
11:21:43.0512 3264  C:\Windows\System32\cryptbase.dll - ok
11:21:43.0523 3264  [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
11:21:43.0523 3264  C:\Windows\System32\apphelp.dll - ok
11:21:43.0530 3264  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
11:21:43.0530 3264  C:\Windows\System32\services.exe - ok
11:21:43.0540 3264  [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
11:21:43.0540 3264  C:\Windows\System32\lsass.exe - ok
11:21:43.0550 3264  [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
11:21:43.0550 3264  C:\Windows\System32\lsm.exe - ok
11:21:43.0562 3264  [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
11:21:43.0562 3264  C:\Windows\System32\sspisrv.dll - ok
11:21:43.0572 3264  [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
11:21:43.0572 3264  C:\Windows\System32\lsasrv.dll - ok
11:21:43.0583 3264  [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
11:21:43.0583 3264  C:\Windows\System32\sspicli.dll - ok
11:21:43.0594 3264  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
11:21:43.0594 3264  C:\Windows\System32\scext.dll - ok
11:21:43.0605 3264  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
11:21:43.0605 3264  C:\Windows\System32\sysntfy.dll - ok
11:21:43.0616 3264  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
11:21:43.0616 3264  C:\Windows\System32\wmsgapi.dll - ok
11:21:43.0629 3264  [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
11:21:43.0629 3264  C:\Windows\System32\secur32.dll - ok
11:21:43.0639 3264  [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
11:21:43.0639 3264  C:\Windows\System32\scesrv.dll - ok
11:21:43.0651 3264  [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
11:21:43.0651 3264  C:\Windows\System32\srvcli.dll - ok
11:21:43.0661 3264  [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
11:21:43.0661 3264  C:\Windows\System32\samsrv.dll - ok
11:21:43.0672 3264  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
11:21:43.0672 3264  C:\Windows\System32\cryptdll.dll - ok
11:21:43.0683 3264  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
11:21:43.0683 3264  C:\Windows\System32\wevtapi.dll - ok
11:21:43.0694 3264  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
11:21:43.0694 3264  C:\Windows\System32\cngaudit.dll - ok
11:21:43.0705 3264  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
11:21:43.0705 3264  C:\Windows\System32\authz.dll - ok
11:21:43.0715 3264  [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll
11:21:43.0715 3264  C:\Windows\System32\ncrypt.dll - ok
11:21:43.0726 3264  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
11:21:43.0726 3264  C:\Windows\System32\bcrypt.dll - ok
11:21:43.0738 3264  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
11:21:43.0738 3264  C:\Windows\System32\msprivs.dll - ok
11:21:43.0748 3264  [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
11:21:43.0748 3264  C:\Windows\System32\netjoin.dll - ok
11:21:43.0759 3264  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
11:21:43.0759 3264  C:\Windows\System32\negoexts.dll - ok
11:21:43.0769 3264  [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
11:21:43.0770 3264  C:\Windows\System32\kerberos.dll - ok
11:21:43.0776 3264  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
11:21:43.0776 3264  C:\Windows\System32\cryptsp.dll - ok
11:21:43.0787 3264  [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
11:21:43.0787 3264  C:\Windows\System32\mswsock.dll - ok
11:21:43.0798 3264  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
11:21:43.0798 3264  C:\Windows\System32\wship6.dll - ok
11:21:43.0809 3264  [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
11:21:43.0809 3264  C:\Windows\System32\msv1_0.dll - ok
11:21:43.0820 3264  [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
11:21:43.0820 3264  C:\Windows\System32\netlogon.dll - ok
11:21:43.0830 3264  [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
11:21:43.0830 3264  C:\Windows\System32\dnsapi.dll - ok
11:21:43.0841 3264  [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
11:21:43.0841 3264  C:\Windows\System32\logoncli.dll - ok
11:21:43.0852 3264  [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
11:21:43.0852 3264  C:\Windows\System32\schannel.dll - ok
11:21:43.0863 3264  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
11:21:43.0863 3264  C:\Windows\System32\wdigest.dll - ok
11:21:43.0874 3264  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
11:21:43.0874 3264  C:\Windows\System32\rsaenh.dll - ok
11:21:43.0884 3264  [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
11:21:43.0884 3264  C:\Windows\System32\TSpkg.dll - ok
11:21:43.0895 3264  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
11:21:43.0895 3264  C:\Windows\System32\pku2u.dll - ok
11:21:43.0906 3264  [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
11:21:43.0906 3264  C:\Windows\System32\bcryptprimitives.dll - ok
11:21:43.0916 3264  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
11:21:43.0916 3264  C:\Windows\System32\efslsaext.dll - ok
11:21:43.0927 3264  [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
11:21:43.0927 3264  C:\Windows\System32\credssp.dll - ok
11:21:43.0938 3264  [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
11:21:43.0938 3264  C:\Windows\System32\scecli.dll - ok
11:21:43.0948 3264  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
11:21:43.0948 3264  C:\Windows\System32\ubpm.dll - ok
11:21:43.0959 3264  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
11:21:43.0959 3264  C:\Windows\System32\svchost.exe - ok
11:21:43.0969 3264  [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
11:21:43.0970 3264  C:\Windows\System32\umpnpmgr.dll - ok
11:21:43.0980 3264  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
11:21:43.0980 3264  C:\Windows\System32\SPInf.dll - ok
11:21:43.0990 3264  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
11:21:43.0990 3264  C:\Windows\System32\devrtl.dll - ok
11:21:44.0001 3264  [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
11:21:44.0001 3264  C:\Windows\System32\userenv.dll - ok
11:21:44.0012 3264  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
11:21:44.0012 3264  C:\Windows\System32\gpapi.dll - ok
11:21:44.0022 3264  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
11:21:44.0022 3264  C:\Windows\System32\umpo.dll - ok
11:21:44.0028 3264  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
11:21:44.0028 3264  C:\Windows\System32\pcwum.dll - ok
11:21:44.0040 3264  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
11:21:44.0040 3264  C:\Windows\System32\powrprof.dll - ok
11:21:44.0051 3264  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
11:21:44.0051 3264  C:\Windows\System32\drivers\luafv.sys - ok
11:21:44.0062 3264  [ D3381DC54C34D79B22CEE0D65BA91B7C ] C:\Windows\System32\drivers\WUDFPf.sys
11:21:44.0062 3264  C:\Windows\System32\drivers\WUDFPf.sys - ok
11:21:44.0073 3264  [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
11:21:44.0073 3264  C:\Windows\System32\rpcss.dll - ok
11:21:44.0083 3264  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
11:21:44.0084 3264  C:\Windows\System32\RpcEpMap.dll - ok
11:21:44.0094 3264  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
11:21:44.0094 3264  C:\Windows\System32\WSHTCPIP.DLL - ok
11:21:44.0105 3264  [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
11:21:44.0105 3264  C:\Windows\System32\wshqos.dll - ok
11:21:44.0117 3264  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
11:21:44.0117 3264  C:\Windows\System32\FirewallAPI.dll - ok
11:21:44.0127 3264  [ 4EAAAAB8759644D572522FBCDD196A13 ] C:\Windows\System32\atiesrxx.exe
11:21:44.0127 3264  C:\Windows\System32\atiesrxx.exe - ok
11:21:44.0138 3264  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
11:21:44.0138 3264  C:\Windows\System32\wtsapi32.dll - ok
11:21:44.0149 3264  [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
11:21:44.0149 3264  C:\Windows\System32\LogonUI.exe - ok
11:21:44.0160 3264  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
11:21:44.0160 3264  C:\Windows\System32\version.dll - ok
11:21:44.0171 3264  [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
11:21:44.0171 3264  C:\Windows\System32\authui.dll - ok
11:21:44.0182 3264  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
11:21:44.0182 3264  C:\Windows\System32\ntmarta.dll - ok
11:21:44.0193 3264  [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
11:21:44.0193 3264  C:\Windows\System32\cryptui.dll - ok
11:21:44.0204 3264  [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
11:21:44.0204 3264  C:\Windows\System32\wevtsvc.dll - ok
11:21:44.0216 3264  [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
11:21:44.0216 3264  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
11:21:44.0227 3264  [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
11:21:44.0227 3264  C:\Windows\System32\audiosrv.dll - ok
11:21:44.0238 3264  [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
11:21:44.0238 3264  C:\Windows\System32\mmcss.dll - ok
11:21:44.0249 3264  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
11:21:44.0249 3264  C:\Windows\System32\avrt.dll - ok
11:21:44.0259 3264  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
11:21:44.0259 3264  C:\Windows\System32\shacct.dll - ok
11:21:44.0270 3264  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
11:21:44.0270 3264  C:\Windows\System32\MMDevAPI.dll - ok
11:21:44.0281 3264  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
11:21:44.0281 3264  C:\Windows\System32\adtschema.dll - ok
11:21:44.0288 3264  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
11:21:44.0288 3264  C:\Windows\System32\samlib.dll - ok
11:21:44.0298 3264  [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
11:21:44.0298 3264  C:\Windows\System32\propsys.dll - ok
11:21:44.0309 3264  [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
11:21:44.0309 3264  C:\Windows\System32\dhcpcore6.dll - ok
11:21:44.0319 3264  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
11:21:44.0320 3264  C:\Windows\System32\dhcpcore.dll - ok
11:21:44.0330 3264  [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
11:21:44.0330 3264  C:\Program Files\Windows Defender\MpEvMsg.dll - ok
11:21:44.0341 3264  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
11:21:44.0341 3264  C:\Windows\System32\uxtheme.dll - ok
11:21:44.0351 3264  [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
11:21:44.0351 3264  C:\Windows\System32\radardt.dll - ok
11:21:44.0363 3264  [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
11:21:44.0363 3264  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
11:21:44.0375 3264  [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
11:21:44.0375 3264  C:\Windows\System32\audiodg.exe - ok
11:21:44.0385 3264  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
11:21:44.0385 3264  C:\Windows\System32\wlansvc.dll - ok
11:21:44.0396 3264  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
11:21:44.0397 3264  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
11:21:44.0407 3264  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
11:21:44.0408 3264  C:\Windows\System32\gpsvc.dll - ok
11:21:44.0418 3264  [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
11:21:44.0418 3264  C:\Windows\System32\drivers\fltMgr.sys - ok
11:21:44.0428 3264  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
11:21:44.0428 3264  C:\Windows\System32\dui70.dll - ok
11:21:44.0438 3264  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
11:21:44.0438 3264  C:\Windows\System32\PSHED.DLL - ok
11:21:44.0448 3264  [ 2DF36F15B2BC1571A6A542A3C2107920 ] C:\Windows\System32\nlaapi.dll
11:21:44.0449 3264  C:\Windows\System32\nlaapi.dll - ok
11:21:44.0458 3264  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
11:21:44.0459 3264  C:\Windows\System32\duser.dll - ok
11:21:44.0469 3264  [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
11:21:44.0469 3264  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
11:21:44.0480 3264  [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
11:21:44.0480 3264  C:\Windows\System32\themeservice.dll - ok
11:21:44.0491 3264  [ 5C78838B4D166D1A27DB3A8A820C799A ] C:\Windows\System32\profsvc.dll
11:21:44.0491 3264  C:\Windows\System32\profsvc.dll - ok
11:21:44.0502 3264  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
11:21:44.0502 3264  C:\Windows\System32\atl.dll - ok
11:21:44.0512 3264  [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
11:21:44.0512 3264  C:\Windows\System32\SndVolSSO.dll - ok
11:21:44.0523 3264  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
11:21:44.0523 3264  C:\Windows\System32\dsrole.dll - ok
11:21:44.0533 3264  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
11:21:44.0533 3264  C:\Windows\System32\hid.dll - ok
11:21:44.0539 3264  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
11:21:44.0540 3264  C:\Windows\System32\winmm.dll - ok
11:21:44.0550 3264  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
11:21:44.0550 3264  C:\Windows\System32\es.dll - ok
11:21:44.0560 3264  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
11:21:44.0560 3264  C:\Windows\System32\slc.dll - ok
11:21:44.0571 3264  [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
11:21:44.0571 3264  C:\Windows\System32\wdmaud.drv - ok
11:21:44.0581 3264  [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
11:21:44.0581 3264  C:\Windows\System32\comres.dll - ok
11:21:44.0592 3264  [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
11:21:44.0592 3264  C:\Windows\System32\ksuser.dll - ok
11:21:44.0602 3264  [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
11:21:44.0602 3264  C:\Windows\System32\Sens.dll - ok
11:21:44.0613 3264  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
11:21:44.0613 3264  C:\Windows\System32\dwmapi.dll - ok
11:21:44.0623 3264  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
11:21:44.0623 3264  C:\Windows\System32\uxsms.dll - ok
11:21:44.0634 3264  [ D6F630C1FD7F436316093AE500363B19 ] C:\Windows\System32\xmllite.dll
11:21:44.0634 3264  C:\Windows\System32\xmllite.dll - ok
11:21:44.0647 3264  [ 7A95C95B6C4CF292D689106BCAE49543 ] C:\Windows\System32\WUDFSvc.dll
11:21:44.0647 3264  C:\Windows\System32\WUDFSvc.dll - ok
11:21:44.0659 3264  [ 80E69670BDA10F32A941BA7358E33012 ] C:\Windows\System32\WUDFPlatform.dll
11:21:44.0660 3264  C:\Windows\System32\WUDFPlatform.dll - ok
11:21:44.0671 3264  [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
11:21:44.0671 3264  C:\Windows\System32\WindowsCodecs.dll - ok
11:21:44.0681 3264  [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
11:21:44.0682 3264  C:\Windows\System32\drivers\lltdio.sys - ok
11:21:44.0693 3264  [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
11:21:44.0693 3264  C:\Windows\System32\AudioSes.dll - ok
11:21:44.0705 3264  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
11:21:44.0705 3264  C:\Windows\System32\drivers\nwifi.sys - ok
11:21:44.0716 3264  [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
11:21:44.0716 3264  C:\Windows\System32\drivers\ndisuio.sys - ok
11:21:44.0727 3264  [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
11:21:44.0727 3264  C:\Windows\System32\drivers\rspndr.sys - ok
11:21:44.0739 3264  [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
11:21:44.0739 3264  C:\Windows\System32\msacm32.dll - ok
11:21:44.0750 3264  [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
11:21:44.0750 3264  C:\Windows\System32\msacm32.drv - ok
11:21:44.0761 3264  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
11:21:44.0761 3264  C:\Windows\System32\lmhsvc.dll - ok
11:21:44.0772 3264  [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
11:21:44.0772 3264  C:\Windows\System32\midimap.dll - ok
11:21:44.0783 3264  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
11:21:44.0783 3264  C:\Windows\System32\nsisvc.dll - ok
11:21:44.0790 3264  [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
11:21:44.0790 3264  C:\Windows\System32\IPHLPAPI.DLL - ok
11:21:44.0801 3264  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
11:21:44.0801 3264  C:\Windows\System32\winnsi.dll - ok
11:21:44.0813 3264  [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
11:21:44.0813 3264  C:\Windows\System32\nrpsrv.dll - ok
11:21:44.0824 3264  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
11:21:44.0824 3264  C:\Windows\System32\dnsrslvr.dll - ok
11:21:44.0835 3264  [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
11:21:44.0835 3264  C:\Windows\System32\keyiso.dll - ok
11:21:44.0845 3264  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
11:21:44.0846 3264  C:\Windows\System32\eapsvc.dll - ok
11:21:44.0857 3264  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
11:21:44.0857 3264  C:\Windows\System32\FWPUCLNT.DLL - ok
11:21:44.0869 3264  [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
11:21:44.0869 3264  C:\Windows\System32\AudioEng.dll - ok
11:21:44.0879 3264  [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
11:21:44.0879 3264  C:\Windows\System32\eapphost.dll - ok
11:21:44.0891 3264  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
11:21:44.0891 3264  C:\Windows\System32\winbrand.dll - ok
11:21:44.0901 3264  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
11:21:44.0901 3264  C:\Windows\System32\dnsext.dll - ok
11:21:44.0911 3264  [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
11:21:44.0911 3264  C:\Windows\System32\AUDIOKSE.dll - ok
11:21:44.0923 3264  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
11:21:44.0923 3264  C:\Windows\System32\dhcpcsvc.dll - ok
11:21:44.0934 3264  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
11:21:44.0934 3264  C:\Windows\System32\VaultCredProvider.dll - ok
11:21:44.0945 3264  [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
11:21:44.0945 3264  C:\Windows\System32\dhcpcsvc6.dll - ok
11:21:44.0956 3264  [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
11:21:44.0956 3264  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
11:21:44.0968 3264  [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
11:21:44.0968 3264  C:\Windows\System32\umb.dll - ok
11:21:44.0979 3264  [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
11:21:44.0979 3264  C:\Windows\System32\wlanmsm.dll - ok
11:21:44.0989 3264  [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
11:21:44.0990 3264  C:\Windows\System32\wlansec.dll - ok
11:21:45.0000 3264  [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
11:21:45.0000 3264  C:\Windows\System32\BioCredProv.dll - ok
11:21:45.0011 3264  [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
11:21:45.0011 3264  C:\Windows\System32\WMALFXGFXDSP.dll - ok
11:21:45.0022 3264  [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
11:21:45.0022 3264  C:\Windows\System32\onex.dll - ok
11:21:45.0032 3264  [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
11:21:45.0032 3264  C:\Windows\System32\winbio.dll - ok
11:21:45.0038 3264  [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
11:21:45.0038 3264  C:\Windows\System32\credui.dll - ok
11:21:45.0049 3264  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
11:21:45.0049 3264  C:\Windows\System32\eappprxy.dll - ok
11:21:45.0060 3264  [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
11:21:45.0061 3264  C:\Windows\System32\vaultcli.dll - ok
11:21:45.0071 3264  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
11:21:45.0071 3264  C:\Windows\System32\eappcfg.dll - ok
11:21:45.0082 3264  [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
11:21:45.0082 3264  C:\Windows\System32\netapi32.dll - ok
11:21:45.0095 3264  [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
11:21:45.0095 3264  C:\Windows\System32\netutils.dll - ok
11:21:45.0105 3264  [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
11:21:45.0105 3264  C:\Windows\System32\wkscli.dll - ok
11:21:45.0116 3264  [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
11:21:45.0116 3264  C:\Windows\System32\wlgpclnt.dll - ok
11:21:45.0128 3264  [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
11:21:45.0128 3264  C:\Windows\System32\mfplat.dll - ok
11:21:45.0140 3264  [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
11:21:45.0140 3264  C:\Windows\System32\l2gpstore.dll - ok
11:21:45.0152 3264  [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
11:21:45.0152 3264  C:\Windows\System32\samcli.dll - ok
11:21:45.0163 3264  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
11:21:45.0163 3264  C:\Windows\System32\wlanutil.dll - ok
11:21:45.0176 3264  [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
11:21:45.0176 3264  C:\Windows\System32\certCredProvider.dll - ok
11:21:45.0188 3264  [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
11:21:45.0188 3264  C:\Windows\System32\WinSCard.dll - ok
11:21:45.0200 3264  [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
11:21:45.0200 3264  C:\Windows\System32\rasplap.dll - ok
11:21:45.0212 3264  [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
11:21:45.0212 3264  C:\Windows\System32\msxml6.dll - ok
11:21:45.0227 3264  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
11:21:45.0227 3264  C:\Windows\System32\rasapi32.dll - ok
11:21:45.0238 3264  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
11:21:45.0238 3264  C:\Windows\System32\rasman.dll - ok
11:21:45.0250 3264  [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
11:21:45.0250 3264  C:\Windows\System32\rtutils.dll - ok
11:21:45.0262 3264  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
11:21:45.0262 3264  C:\Windows\System32\UXInit.dll - ok
11:21:45.0276 3264  [ 0620FE89F70FC0895DC312EEBAA62B06 ] C:\Windows\System32\atieclxx.exe
11:21:45.0276 3264  C:\Windows\System32\atieclxx.exe - ok
11:21:45.0284 3264  [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
11:21:45.0284 3264  C:\Windows\System32\shsvcs.dll - ok
11:21:45.0291 3264  [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
11:21:45.0291 3264  C:\Windows\System32\schedsvc.dll - ok
11:21:45.0303 3264  [ 500CE062629FB734989AEEC2A23A6CD8 ] C:\Windows\System32\atiadlxx.dll
11:21:45.0303 3264  C:\Windows\System32\atiadlxx.dll - ok
11:21:45.0315 3264  [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
11:21:45.0315 3264  C:\Windows\System32\ktmw32.dll - ok
11:21:45.0325 3264  [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
11:21:45.0325 3264  C:\Windows\System32\fveapi.dll - ok
11:21:45.0337 3264  [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
11:21:45.0337 3264  C:\Windows\System32\tbs.dll - ok
11:21:45.0349 3264  [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
11:21:45.0349 3264  C:\Windows\System32\fvecerts.dll - ok
11:21:45.0361 3264  [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
11:21:45.0361 3264  C:\Windows\System32\wiarpc.dll - ok
11:21:45.0373 3264  [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
11:21:45.0373 3264  C:\Windows\System32\taskcomp.dll - ok
11:21:45.0386 3264  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
11:21:45.0386 3264  C:\Windows\System32\drivers\http.sys - ok
11:21:45.0397 3264  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
11:21:45.0397 3264  C:\Windows\System32\imageres.dll - ok
11:21:45.0408 3264  [ B96C17B5DC1424D56EEA3A99E97428CD ] C:\Windows\System32\spoolsv.exe
11:21:45.0408 3264  C:\Windows\System32\spoolsv.exe - ok
11:21:45.0420 3264  [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
11:21:45.0420 3264  C:\Windows\System32\BFE.DLL - ok
11:21:45.0432 3264  [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
11:21:45.0433 3264  C:\Windows\System32\drivers\bowser.sys - ok
11:21:45.0446 3264  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
11:21:45.0446 3264  C:\Windows\System32\drivers\mpsdrv.sys - ok
11:21:45.0457 3264  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
11:21:45.0457 3264  C:\Windows\System32\MPSSVC.dll - ok
11:21:45.0468 3264  [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
11:21:45.0468 3264  C:\Windows\System32\drivers\mrxsmb.sys - ok
11:21:45.0481 3264  [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
11:21:45.0481 3264  C:\Windows\System32\drivers\mrxsmb10.sys - ok
11:21:45.0492 3264  [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
11:21:45.0492 3264  C:\Windows\System32\wfapigp.dll - ok
11:21:45.0503 3264  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
11:21:45.0503 3264  C:\Windows\System32\drivers\mrxsmb20.sys - ok
11:21:45.0514 3264  [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
11:21:45.0514 3264  C:\Windows\System32\mscms.dll - ok
11:21:45.0524 3264  [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
11:21:45.0524 3264  C:\Windows\System32\wkssvc.dll - ok
11:21:45.0535 3264  [ A567B70468A04F4BA64339D1CAF78E58 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
11:21:45.0535 3264  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe - ok
11:21:45.0542 3264  [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
11:21:45.0542 3264  C:\Windows\System32\pcasvc.dll - ok
11:21:45.0554 3264  [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
11:21:45.0554 3264  C:\Windows\System32\snmptrap.exe - ok
11:21:45.0564 3264  [ 4F096D96285E06CD51AEF7D2D3DE04DA ] C:\Windows\System32\msvcp100.dll
11:21:45.0564 3264  C:\Windows\System32\msvcp100.dll - ok
11:21:45.0576 3264  [ A34A587FFFD45FA649FBA6D03784D257 ] C:\Windows\System32\iphlpsvc.dll
11:21:45.0576 3264  C:\Windows\System32\iphlpsvc.dll - ok
11:21:45.0590 3264  [ DF3CA8D16BDED6A54977B30E66864D33 ] C:\Windows\System32\msvcr100.dll
11:21:45.0590 3264  C:\Windows\System32\msvcr100.dll - ok
11:21:45.0603 3264  [ 7C00C608FE4C8EDE9E30940837B9AC8B ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
11:21:45.0603 3264  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
11:21:45.0610 3264  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
11:21:45.0610 3264  C:\Windows\System32\sstpsvc.dll - ok
11:21:45.0621 3264  [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
11:21:45.0621 3264  C:\Windows\System32\provsvc.dll - ok
11:21:45.0631 3264  [ 671A40A97B7105D802A61D05E5477748 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
11:21:45.0631 3264  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll - ok
11:21:45.0643 3264  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys
11:21:45.0643 3264  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys - ok
11:21:45.0655 3264  [ 6AF588B2525F7AF76BB8B1DD7D59C4BC ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\device.dll
11:21:45.0655 3264  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\device.dll - ok
11:21:45.0667 3264  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
11:21:45.0667 3264  C:\Windows\System32\cryptsvc.dll - ok
11:21:45.0677 3264  [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
11:21:45.0677 3264  C:\Windows\System32\cryptnet.dll - ok
11:21:45.0687 3264  [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
11:21:45.0687 3264  C:\Windows\System32\vssapi.dll - ok
11:21:45.0699 3264  [ 5BA2436D527CAA53C8B52FC85159FEBF ] C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
11:21:45.0699 3264  C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe - ok
11:21:45.0711 3264  [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
11:21:45.0712 3264  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
11:21:45.0722 3264  [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
11:21:45.0722 3264  C:\Windows\SysWOW64\ntdll.dll - ok
11:21:45.0732 3264  [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
11:21:45.0732 3264  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
11:21:45.0744 3264  [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
11:21:45.0744 3264  C:\Windows\System32\vsstrace.dll - ok
11:21:45.0757 3264  [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
11:21:45.0757 3264  C:\Windows\System32\wow64.dll - ok
11:21:45.0765 3264  [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
11:21:45.0765 3264  C:\Windows\System32\wow64win.dll - ok
11:21:45.0776 3264  [ 0E059FCB8F61BFC50014537564A9B26A ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\platform.dll
11:21:45.0776 3264  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\platform.dll - ok
11:21:45.0786 3264  [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
11:21:45.0786 3264  C:\Windows\System32\wow64cpu.dll - ok
11:21:45.0797 3264  [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
11:21:45.0798 3264  C:\Windows\SysWOW64\kernel32.dll - ok
11:21:45.0804 3264  [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
11:21:45.0804 3264  C:\Windows\SysWOW64\KernelBase.dll - ok
11:21:45.0815 3264  [ 600F89319666A8677BAB62B7B0C71621 ] C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
11:21:45.0815 3264  C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll - ok
11:21:45.0826 3264  [ C818AF54E1631455DC457C22DDC62649 ] C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
11:21:45.0826 3264  C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll - ok
11:21:45.0836 3264  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
11:21:45.0836 3264  C:\Windows\SysWOW64\msvcrt.dll - ok
11:21:45.0846 3264  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
11:21:45.0847 3264  C:\Windows\SysWOW64\user32.dll - ok
11:21:45.0857 3264  [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
11:21:45.0857 3264  C:\Windows\SysWOW64\gdi32.dll - ok
11:21:45.0867 3264  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
11:21:45.0867 3264  C:\Windows\SysWOW64\lpk.dll - ok
11:21:45.0878 3264  [ 0D2B530F060C050265D67C191C8A89DE ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
11:21:45.0878 3264  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll - ok
11:21:45.0890 3264  [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
11:21:45.0890 3264  C:\Windows\SysWOW64\usp10.dll - ok
11:21:45.0901 3264  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
11:21:45.0901 3264  C:\Windows\System32\wlanapi.dll - ok
11:21:45.0912 3264  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
11:21:45.0912 3264  C:\Windows\SysWOW64\advapi32.dll - ok
11:21:45.0924 3264  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
11:21:45.0924 3264  C:\Windows\SysWOW64\sechost.dll - ok
11:21:45.0933 3264  [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
11:21:45.0933 3264  C:\Windows\SysWOW64\rpcrt4.dll - ok
11:21:45.0944 3264  [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
11:21:45.0944 3264  C:\Windows\SysWOW64\sspicli.dll - ok
11:21:45.0955 3264  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
11:21:45.0955 3264  C:\Windows\SysWOW64\cryptbase.dll - ok
11:21:45.0967 3264  [ CD0325DA097F77F424B52BC0288F9132 ] C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
11:21:45.0967 3264  C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll - ok
11:21:45.0980 3264  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
11:21:45.0980 3264  C:\Windows\SysWOW64\ws2_32.dll - ok
11:21:45.0990 3264  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
11:21:45.0990 3264  C:\Windows\SysWOW64\nsi.dll - ok
11:21:46.0001 3264  [ 8E845952C2A2208E54DE7187621D310A ] C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
11:21:46.0001 3264  C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll - ok
11:21:46.0012 3264  [ 18389A0B7DCD9F8216DB2050FE0F3A4C ] C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
11:21:46.0012 3264  C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll - ok
11:21:46.0025 3264  [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
11:21:46.0025 3264  C:\Windows\SysWOW64\imm32.dll - ok
11:21:46.0037 3264  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
11:21:46.0037 3264  C:\Windows\SysWOW64\msctf.dll - ok
11:21:46.0047 3264  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
11:21:46.0047 3264  C:\Windows\System32\dps.dll - ok
11:21:46.0055 3264  [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
11:21:46.0055 3264  C:\Windows\System32\fdPHost.dll - ok
11:21:46.0066 3264  [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
11:21:46.0066 3264  C:\Windows\System32\FDResPub.dll - ok
11:21:46.0080 3264  [ 1EE99A89CC788ADA662441D1E9830529 ] C:\Windows\System32\nlasvc.dll
11:21:46.0080 3264  C:\Windows\System32\nlasvc.dll - ok
11:21:46.0090 3264  [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
11:21:46.0090 3264  C:\Windows\System32\aepic.dll - ok
11:21:46.0101 3264  [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
11:21:46.0101 3264  C:\Windows\SysWOW64\shell32.dll - ok
11:21:46.0111 3264  [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
11:21:46.0112 3264  C:\Windows\System32\fdWSD.dll - ok
11:21:46.0121 3264  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
11:21:46.0121 3264  C:\Windows\System32\sfc.dll - ok
11:21:46.0133 3264  [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
11:21:46.0133 3264  C:\Windows\System32\WSDApi.dll - ok
11:21:46.0143 3264  [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
11:21:46.0143 3264  C:\Windows\System32\taskschd.dll - ok
11:21:46.0154 3264  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
11:21:46.0154 3264  C:\Windows\System32\sfc_os.dll - ok
11:21:46.0167 3264  [ 4A435F95B940E93A88FEC144BD409789 ] C:\Windows\System32\ncsi.dll
11:21:46.0167 3264  C:\Windows\System32\ncsi.dll - ok
11:21:46.0175 3264  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
11:21:46.0175 3264  C:\Windows\System32\mlang.dll - ok
11:21:46.0187 3264  [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
11:21:46.0187 3264  C:\Windows\System32\winhttp.dll - ok
11:21:46.0198 3264  [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
11:21:46.0198 3264  C:\Windows\System32\webservices.dll - ok
11:21:46.0212 3264  [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
11:21:46.0212 3264  C:\Windows\System32\drivers\PEAuth.sys - ok
11:21:46.0226 3264  [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
11:21:46.0226 3264  C:\Windows\System32\webio.dll - ok
11:21:46.0233 3264  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
11:21:46.0233 3264  C:\Windows\System32\ssdpapi.dll - ok
11:21:46.0244 3264  [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
11:21:46.0244 3264  C:\Windows\System32\fundisc.dll - ok
11:21:46.0257 3264  [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
11:21:46.0259 3264  C:\Windows\System32\fdSSDP.dll - ok
11:21:46.0263 3264  [ 831883B107684301F48ACE752C963984 ] C:\Windows\SysWOW64\PnkBstrA.exe
11:21:46.0263 3264  C:\Windows\SysWOW64\PnkBstrA.exe - ok
11:21:46.0277 3264  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
11:21:46.0277 3264  C:\Windows\SysWOW64\wsock32.dll - ok
11:21:46.0283 3264  [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
11:21:46.0283 3264  C:\Windows\System32\httpapi.dll - ok
11:21:46.0298 3264  [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
11:21:46.0298 3264  C:\Windows\System32\aeevts.dll - ok
11:21:46.0304 3264  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
11:21:46.0304 3264  C:\Windows\SysWOW64\shlwapi.dll - ok
11:21:46.0311 3264  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
11:21:46.0311 3264  C:\Windows\SysWOW64\ole32.dll - ok
11:21:46.0324 3264  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
11:21:46.0325 3264  C:\Windows\SysWOW64\wintrust.dll - ok
11:21:46.0333 3264  [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
11:21:46.0333 3264  C:\Windows\SysWOW64\crypt32.dll - ok
11:21:46.0344 3264  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
11:21:46.0344 3264  C:\Windows\SysWOW64\msasn1.dll - ok
11:21:46.0358 3264  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
11:21:46.0358 3264  C:\Windows\SysWOW64\profapi.dll - ok
11:21:46.0371 3264  [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
11:21:46.0371 3264  C:\Windows\System32\drivers\secdrv.sys - ok
11:21:46.0386 3264  [ E9E830D540EDEDED650F906628468548 ] C:\Windows\System32\TCPSVCS.EXE
11:21:46.0386 3264  C:\Windows\System32\TCPSVCS.EXE - ok
11:21:46.0399 3264  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
11:21:46.0399 3264  C:\Windows\SysWOW64\mswsock.dll - ok
11:21:46.0412 3264  [ 4E5FB7AE0C82B65BDA97BE1774F56B31 ] C:\Windows\System32\simptcp.dll
11:21:46.0412 3264  C:\Windows\System32\simptcp.dll - ok
11:21:46.0422 3264  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
11:21:46.0422 3264  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
11:21:46.0432 3264  [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
11:21:46.0433 3264  C:\Windows\System32\NapiNSP.dll - ok
11:21:46.0444 3264  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
11:21:46.0444 3264  C:\Windows\SysWOW64\cryptsp.dll - ok
11:21:46.0453 3264  [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
11:21:46.0453 3264  C:\Windows\System32\pnrpnsp.dll - ok
11:21:46.0464 3264  [ 7C15061CD0372487903B07B9BB03AFAD ] C:\Program Files (x86)\Skype\Updater\Updater.exe
11:21:46.0464 3264  C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
11:21:46.0474 3264  [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
11:21:46.0475 3264  C:\Windows\System32\winrnr.dll - ok
11:21:46.0485 3264  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
11:21:46.0485 3264  C:\Windows\SysWOW64\rsaenh.dll - ok
11:21:46.0500 3264  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
11:21:46.0500 3264  C:\Windows\SysWOW64\oleaut32.dll - ok
11:21:46.0508 3264  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
11:21:46.0508 3264  C:\Windows\SysWOW64\psapi.dll - ok
11:21:46.0519 3264  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
11:21:46.0519 3264  C:\Windows\SysWOW64\userenv.dll - ok
11:21:46.0526 3264  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
11:21:46.0526 3264  C:\Windows\SysWOW64\version.dll - ok
11:21:46.0538 3264  [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
11:21:46.0538 3264  C:\Windows\SysWOW64\wtsapi32.dll - ok
11:21:46.0550 3264  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
11:21:46.0550 3264  C:\Windows\SysWOW64\clbcatq.dll - ok
11:21:46.0557 3264  [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
11:21:46.0558 3264  C:\Windows\System32\drivers\srvnet.sys - ok
11:21:46.0569 3264  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
11:21:46.0569 3264  C:\Windows\System32\ssdpsrv.dll - ok
11:21:46.0583 3264  [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
11:21:46.0583 3264  C:\Windows\SysWOW64\RpcRtRemote.dll - ok
11:21:46.0591 3264  [ DF687E3D8836BFB04FCC0615BF15A519 ] C:\Windows\System32\drivers\tcpipreg.sys
11:21:46.0591 3264  C:\Windows\System32\drivers\tcpipreg.sys - ok
11:21:46.0602 3264  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
11:21:46.0602 3264  C:\Windows\System32\wiaservc.dll - ok
11:21:46.0613 3264  [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
11:21:46.0614 3264  C:\Windows\System32\trkwks.dll - ok
11:21:46.0623 3264  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
11:21:46.0623 3264  C:\Windows\System32\wbem\WMIsvc.dll - ok
11:21:46.0634 3264  [ 2E648163254233755035B46DD7B89123 ] C:\Windows\System32\termsrv.dll
11:21:46.0634 3264  C:\Windows\System32\termsrv.dll - ok
11:21:46.0644 3264  [ 098A91C54546A3B878DAD6A7E90A455B ] C:\Windows\System32\IPBusEnum.dll
11:21:46.0644 3264  C:\Windows\System32\IPBusEnum.dll - ok
11:21:46.0655 3264  [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
11:21:46.0655 3264  C:\Windows\System32\wiatrace.dll - ok
11:21:46.0665 3264  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
11:21:46.0665 3264  C:\Windows\System32\wbemcomn.dll - ok
11:21:46.0676 3264  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
11:21:46.0676 3264  C:\Windows\System32\drivers\srv2.sys - ok
11:21:46.0686 3264  [ 7E236CC26FF0C2513819FA453E2C5371 ] C:\Windows\System32\icaapi.dll
11:21:46.0686 3264  C:\Windows\System32\icaapi.dll - ok
11:21:46.0697 3264  [ 988121D083B7AB61D4A7E244290BAAB0 ] C:\Windows\System32\lsmproxy.dll
11:21:46.0697 3264  C:\Windows\System32\lsmproxy.dll - ok
11:21:46.0709 3264  [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
11:21:46.0709 3264  C:\Windows\System32\fdProxy.dll - ok
11:21:46.0719 3264  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] C:\Windows\System32\Mcx2Svc.dll
11:21:46.0719 3264  C:\Windows\System32\Mcx2Svc.dll - ok
11:21:46.0729 3264  [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
11:21:46.0729 3264  C:\Windows\System32\sqmapi.dll - ok
11:21:46.0740 3264  [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
11:21:46.0740 3264  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
11:21:46.0750 3264  [ E377BBA01F34E4183C32E5BBD688CE83 ] C:\Windows\System32\regapi.dll
11:21:46.0751 3264  C:\Windows\System32\regapi.dll - ok
11:21:46.0762 3264  [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
11:21:46.0762 3264  C:\Windows\System32\wmi.dll - ok
11:21:46.0771 3264  [ 6D5DCC1579B3961D791ABDE286A1CB5E ] C:\Windows\System32\rdpwsx.dll
11:21:46.0771 3264  C:\Windows\System32\rdpwsx.dll - ok
11:21:46.0782 3264  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
11:21:46.0782 3264  C:\Windows\System32\wbem\fastprox.dll - ok
11:21:46.0792 3264  [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
11:21:46.0792 3264  C:\Windows\System32\wdscore.dll - ok
11:21:46.0803 3264  [ 4D842C5081F06E61BFF461CF87D13525 ] C:\Windows\ehome\ehtrace.dll
11:21:46.0803 3264  C:\Windows\ehome\ehtrace.dll - ok
11:21:46.0809 3264  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
11:21:46.0809 3264  C:\Windows\System32\netprofm.dll - ok
11:21:46.0820 3264  [ 1B4A711265FEA91259553D7B4E83394B ] C:\Windows\System32\tlscsp.dll
11:21:46.0821 3264  C:\Windows\System32\tlscsp.dll - ok
11:21:46.0831 3264  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
11:21:46.0831 3264  C:\Windows\System32\drivers\srv.sys - ok
11:21:46.0845 3264  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
11:21:46.0846 3264  C:\Windows\System32\wbem\WinMgmtR.dll - ok
11:21:46.0853 3264  [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
11:21:46.0854 3264  C:\Windows\System32\netcfgx.dll - ok
11:21:46.0864 3264  [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
11:21:46.0864 3264  C:\Windows\System32\fdPnp.dll - ok
11:21:46.0875 3264  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
11:21:46.0875 3264  C:\Windows\System32\hnetcfg.dll - ok
11:21:46.0886 3264  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
11:21:46.0886 3264  C:\Windows\System32\ntdsapi.dll - ok
11:21:46.0896 3264  [ 5B236296E233CAA6BF86BE0C6501A224 ] C:\Windows\System32\rdpcorekmts.dll
11:21:46.0896 3264  C:\Windows\System32\rdpcorekmts.dll - ok
11:21:46.0906 3264  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
11:21:46.0907 3264  C:\Windows\System32\wbem\wbemprox.dll - ok
11:21:46.0917 3264  [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
11:21:46.0917 3264  C:\Windows\System32\srvsvc.dll - ok
11:21:46.0928 3264  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] C:\Windows\System32\drivers\tdtcp.sys
11:21:46.0928 3264  C:\Windows\System32\drivers\tdtcp.sys - ok
11:21:46.0943 3264  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
11:21:46.0943 3264  C:\Windows\System32\browser.dll - ok
11:21:46.0950 3264  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] C:\Windows\System32\drivers\tssecsrv.sys
11:21:46.0950 3264  C:\Windows\System32\drivers\tssecsrv.sys - ok
11:21:46.0960 3264  [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
11:21:46.0960 3264  C:\Windows\System32\netmsg.dll - ok
11:21:46.0972 3264  [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
11:21:46.0972 3264  C:\Windows\System32\nci.dll - ok
11:21:46.0981 3264  [ E61608AA35E98999AF9AAEEEA6114B0A ] C:\Windows\System32\drivers\rdpwd.sys
11:21:46.0982 3264  C:\Windows\System32\drivers\rdpwd.sys - ok
11:21:46.0992 3264  [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
11:21:46.0992 3264  C:\Windows\System32\sscore.dll - ok
11:21:47.0003 3264  [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
11:21:47.0003 3264  C:\Windows\System32\clusapi.dll - ok
11:21:47.0013 3264  [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
11:21:47.0013 3264  C:\Windows\System32\resutils.dll - ok
11:21:47.0024 3264  [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
11:21:47.0024 3264  C:\Windows\System32\wbem\wbemcore.dll - ok
11:21:47.0036 3264  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
11:21:47.0036 3264  C:\Windows\System32\wbem\esscli.dll - ok
11:21:47.0046 3264  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
11:21:47.0046 3264  C:\Windows\System32\wbem\wbemsvc.dll - ok
11:21:47.0057 3264  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
11:21:47.0057 3264  C:\Windows\System32\wbem\wmiutils.dll - ok
11:21:47.0063 3264  [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
11:21:47.0063 3264  C:\Windows\System32\wbem\repdrvfs.dll - ok
11:21:47.0076 3264  [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
11:21:47.0076 3264  C:\Windows\System32\rasadhlp.dll - ok
11:21:47.0085 3264  [ F17D1D393BBC69C5322FBFAFACA28C7F ] C:\Windows\System32\certprop.dll
11:21:47.0085 3264  C:\Windows\System32\certprop.dll - ok
11:21:47.0095 3264  [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
11:21:47.0095 3264  C:\Windows\System32\wdi.dll - ok
11:21:47.0106 3264  [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
11:21:47.0106 3264  C:\Windows\System32\diagperf.dll - ok
11:21:47.0119 3264  [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
11:21:47.0119 3264  C:\Windows\System32\hidserv.dll - ok
11:21:47.0133 3264  [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
11:21:47.0133 3264  C:\Windows\System32\perftrack.dll - ok
11:21:47.0140 3264  [ 0B6231BF38174A1628C4AC812CC75804 ] C:\Windows\System32\SessEnv.dll
11:21:47.0140 3264  C:\Windows\System32\SessEnv.dll - ok
11:21:47.0151 3264  [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
11:21:47.0151 3264  C:\Windows\System32\wpdbusenum.dll - ok
11:21:47.0158 3264  [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
11:21:47.0158 3264  C:\Windows\System32\PortableDeviceApi.dll - ok
11:21:47.0169 3264  [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
11:21:47.0169 3264  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
11:21:47.0180 3264  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
11:21:47.0180 3264  C:\Windows\System32\wer.dll - ok
11:21:47.0191 3264  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
11:21:47.0191 3264  C:\Windows\System32\ncobjapi.dll - ok
11:21:47.0202 3264  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
11:21:47.0203 3264  C:\Windows\System32\npmproxy.dll - ok
11:21:47.0214 3264  [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
11:21:47.0214 3264  C:\Windows\System32\pnpts.dll - ok
11:21:47.0226 3264  [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
11:21:47.0226 3264  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
11:21:47.0236 3264  [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
11:21:47.0236 3264  C:\Windows\System32\wdiasqmmodule.dll - ok
11:21:47.0247 3264  [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
11:21:47.0247 3264  C:\Windows\System32\Apphlpdm.dll - ok
11:21:47.0258 3264  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
11:21:47.0258 3264  C:\Windows\System32\wbem\wbemess.dll - ok
11:21:47.0272 3264  [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
11:21:47.0272 3264  C:\Windows\System32\taskhost.exe - ok
11:21:47.0282 3264  [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
11:21:47.0283 3264  C:\Windows\System32\dimsjob.dll - ok
11:21:47.0293 3264  [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
11:21:47.0293 3264  C:\Windows\System32\pautoenr.dll - ok
11:21:47.0304 3264  [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
11:21:47.0305 3264  C:\Windows\System32\certcli.dll - ok
11:21:47.0316 3264  [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
11:21:47.0316 3264  C:\Windows\System32\CertEnroll.dll - ok
11:21:47.0323 3264  [ 7A1F4E069433D17D1747B456089E71A4 ] C:\Windows\System32\VBoxNetFltNobj.dll
11:21:47.0323 3264  C:\Windows\System32\VBoxNetFltNobj.dll - ok
11:21:47.0334 3264  [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
11:21:47.0334 3264  C:\Windows\System32\ndiscapCfg.dll - ok
11:21:47.0346 3264  [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
11:21:47.0346 3264  C:\Windows\System32\rascfg.dll - ok
11:21:47.0356 3264  [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
11:21:47.0356 3264  C:\Windows\System32\mprapi.dll - ok
11:21:47.0367 3264  [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
11:21:47.0367 3264  C:\Windows\System32\mprmsg.dll - ok
11:21:47.0384 3264  [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
11:21:47.0384 3264  C:\Windows\System32\tcpipcfg.dll - ok
11:21:47.0394 3264  [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
11:21:47.0394 3264  C:\Windows\System32\wlaninst.dll - ok
11:21:47.0402 3264  [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
11:21:47.0402 3264  C:\Windows\System32\wwaninst.dll - ok
11:21:47.0413 3264  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
11:21:47.0413 3264  C:\Windows\System32\dllhost.exe - ok
11:21:47.0424 3264  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
11:21:47.0424 3264  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
11:21:47.0435 3264  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
11:21:47.0435 3264  C:\Windows\System32\IDStore.dll - ok
11:21:47.0445 3264  [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
11:21:47.0446 3264  C:\Windows\System32\taskeng.exe - ok
11:21:47.0456 3264  [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
11:21:47.0456 3264  C:\Windows\System32\HotStartUserAgent.dll - ok
11:21:47.0467 3264  [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
11:21:47.0467 3264  C:\Windows\System32\localspl.dll - ok
11:21:47.0477 3264  [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
11:21:47.0477 3264  C:\Windows\System32\AtBroker.exe - ok
11:21:47.0487 3264  [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
11:21:47.0488 3264  C:\Windows\System32\PlaySndSrv.dll - ok
11:21:47.0498 3264  [ C5CE5CE799387E82B7698A0EE5544A6D ] C:\Windows\System32\slui.exe
11:21:47.0498 3264  C:\Windows\System32\slui.exe - ok
11:21:47.0509 3264  [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
11:21:47.0509 3264  C:\Windows\System32\spoolss.dll - ok
11:21:47.0519 3264  [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
11:21:47.0520 3264  C:\Windows\System32\winspool.drv - ok
11:21:47.0530 3264  [ 2CA49731C5CCB033288B78A2592DE27F ] C:\Windows\System32\sppcommdlg.dll
11:21:47.0530 3264  C:\Windows\System32\sppcommdlg.dll - ok
11:21:47.0540 3264  [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
11:21:47.0540 3264  C:\Windows\System32\PrintIsolationProxy.dll - ok
11:21:47.0551 3264  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
11:21:47.0551 3264  C:\Windows\System32\MsCtfMonitor.dll - ok
11:21:47.0562 3264  [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
11:21:47.0562 3264  C:\Windows\System32\TSChannel.dll - ok
11:21:47.0568 3264  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
11:21:47.0568 3264  C:\Windows\System32\msutb.dll - ok
11:21:47.0580 3264  [ 6C5604ECB59009D69E984891E435B62A ] C:\Windows\System32\CNCALAM.DLL
11:21:47.0580 3264  C:\Windows\System32\CNCALAM.DLL - ok
11:21:47.0592 3264  [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
11:21:47.0592 3264  C:\Windows\System32\sppc.dll - ok
11:21:47.0602 3264  [ 93B9E4D0B7BD601372C5B50FE0381533 ] C:\Windows\System32\CNMLMAM.DLL
11:21:47.0602 3264  C:\Windows\System32\CNMLMAM.DLL - ok
11:21:47.0614 3264  [ 1EBD4C8A55DF87F62DBC7609F6933985 ] C:\Program Files\pia_manager\pia_manager.exe
11:21:47.0615 3264  C:\Program Files\pia_manager\pia_manager.exe - ok
11:21:47.0626 3264  [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
11:21:47.0626 3264  C:\Windows\System32\FXSMON.dll - ok
11:21:47.0638 3264  [ 067FA52BFB59A56110A12312EF9AF243 ] C:\Windows\System32\sppcomapi.dll
11:21:47.0638 3264  C:\Windows\System32\sppcomapi.dll - ok
11:21:47.0650 3264  [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
11:21:47.0650 3264  C:\Windows\System32\tcpmon.dll - ok
11:21:47.0667 3264  [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
11:21:47.0667 3264  C:\Windows\System32\snmpapi.dll - ok
11:21:47.0673 3264  [ 6F5BE3F67D7F66FFA861ABBFC6A8C973 ] C:\Windows\System32\sppcext.dll
11:21:47.0673 3264  C:\Windows\System32\sppcext.dll - ok
11:21:47.0685 3264  [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
11:21:47.0685 3264  C:\Windows\System32\wsnmp32.dll - ok
11:21:47.0696 3264  [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
11:21:47.0696 3264  C:\Windows\System32\usbmon.dll - ok
11:21:47.0711 3264  [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
11:21:47.0711 3264  C:\Windows\System32\WSDMon.dll - ok
11:21:47.0719 3264  [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
11:21:47.0719 3264  C:\Windows\System32\tapi32.dll - ok
11:21:47.0730 3264  [ 4C1244FEF74C60A4B1B151C76609CBE2 ] C:\Windows\System32\wsdchngr.dll
11:21:47.0730 3264  C:\Windows\System32\wsdchngr.dll - ok
11:21:47.0740 3264  [ 6A16BCE3C09496650BE881C467611653 ] C:\Windows\System32\msi.dll
11:21:47.0740 3264  C:\Windows\System32\msi.dll - ok
11:21:47.0750 3264  [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
11:21:47.0750 3264  C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
11:21:47.0761 3264  [ 2AC11BE0F5D9A01433732AAB8BA21774 ] C:\Windows\System32\win32spl.dll
11:21:47.0762 3264  C:\Windows\System32\win32spl.dll - ok
11:21:47.0777 3264  [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
11:21:47.0777 3264  C:\Windows\System32\inetpp.dll - ok
11:21:47.0789 3264  [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
11:21:47.0789 3264  C:\Windows\System32\cscapi.dll - ok
11:21:47.0796 3264  [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
11:21:47.0796 3264  C:\Windows\System32\slwga.dll - ok
11:21:47.0809 3264  [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
11:21:47.0809 3264  C:\Windows\System32\sppsvc.exe - ok
11:21:47.0817 3264  [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
11:21:47.0817 3264  C:\Windows\System32\drivers\spsys.sys - ok
11:21:47.0826 3264  [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
11:21:47.0826 3264  C:\Windows\System32\sppwinob.dll - ok
11:21:47.0837 3264  [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
11:21:47.0837 3264  C:\Windows\SysWOW64\apphelp.dll - ok
11:21:47.0849 3264  [ 8427660024F6CB0C34FFA4FC32B63B66 ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\bin\rubyw.exe
11:21:47.0849 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\bin\rubyw.exe - ok
11:21:47.0868 3264  [ 4F40DBA49266F6E5AC1A595FA7B5700F ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\bin\msvcrt-ruby191.dll
11:21:47.0868 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\bin\msvcrt-ruby191.dll - ok
11:21:47.0876 3264  [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
11:21:47.0877 3264  C:\Windows\SysWOW64\imagehlp.dll - ok
11:21:47.0888 3264  [ E71499CDBDD5595ED39E2740B6B1C86F ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
11:21:47.0888 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so - ok
11:21:47.0902 3264  [ 8557D7599B42F2122F6D795128DF4D37 ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
11:21:47.0902 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so - ok
11:21:47.0914 3264  [ 7FA7685A6F1ABC213CBC003ABC4AD780 ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
11:21:47.0914 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so - ok
11:21:47.0926 3264  [ 6D92F90FF5D0A6373247BACBAD34B9A1 ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\src\rgloader\rgloader193.mswin.so
11:21:47.0926 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\src\rgloader\rgloader193.mswin.so - ok
11:21:47.0937 3264  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
11:21:47.0937 3264  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
11:21:47.0948 3264  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
11:21:47.0948 3264  C:\Windows\SysWOW64\winnsi.dll - ok
11:21:47.0959 3264  [ DF9511D8602CA90AEA943D7030E38CC8 ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
11:21:47.0960 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so - ok
11:21:47.0972 3264  [ 6D92F90FF5D0A6373247BACBAD34B9A1 ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
11:21:47.0972 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so - ok
11:21:47.0984 3264  [ FBABEA8C8091B7D303DC31C6BB2CCF8A ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
11:21:47.0984 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so - ok
11:21:47.0996 3264  [ EB304E51640097128153B148767C4A00 ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
11:21:47.0996 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so - ok
11:21:48.0009 3264  [ 9B9E8441E8A4157ADFC7647ACEE904F5 ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
11:21:48.0009 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so - ok
11:21:48.0016 3264  [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll
11:21:48.0016 3264  C:\Windows\System32\sppobjs.dll - ok
11:21:48.0024 3264  [ 2A50FBC06367FF32B84937DEBE366AFA ] C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
11:21:48.0024 3264  C:\Users\NotNick\AppData\Local\Temp\ocrC476.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so - ok
11:21:48.0041 3264  [ D69A9ABBB0D795F21995C2F48C1EB560 ] C:\Windows\SysWOW64\reg.exe
11:21:48.0041 3264  C:\Windows\SysWOW64\reg.exe - ok
11:21:48.0049 3264  [ 94BDCAFBD584C979B385ADEE14B08AB4 ] C:\Windows\SysWOW64\taskkill.exe
11:21:48.0049 3264  C:\Windows\SysWOW64\taskkill.exe - ok
11:21:48.0060 3264  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
11:21:48.0060 3264  C:\Windows\SysWOW64\mpr.dll - ok
11:21:48.0070 3264  [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
11:21:48.0070 3264  C:\Windows\SysWOW64\secur32.dll - ok
11:21:48.0076 3264  [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\SysWOW64\framedynos.dll
11:21:48.0076 3264  C:\Windows\SysWOW64\framedynos.dll - ok
11:21:48.0089 3264  [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
11:21:48.0090 3264  C:\Windows\SysWOW64\netapi32.dll - ok
11:21:48.0101 3264  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
11:21:48.0102 3264  C:\Windows\SysWOW64\netutils.dll - ok
11:21:48.0112 3264  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
11:21:48.0112 3264  C:\Windows\SysWOW64\srvcli.dll - ok
11:21:48.0124 3264  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
11:21:48.0124 3264  C:\Windows\SysWOW64\wkscli.dll - ok
11:21:48.0134 3264  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
11:21:48.0135 3264  C:\Windows\SysWOW64\dbghelp.dll - ok
11:21:48.0145 3264  [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
11:21:48.0145 3264  C:\Windows\System32\oleacc.dll - ok
11:21:48.0157 3264  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
11:21:48.0157 3264  C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
11:21:48.0168 3264  [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
11:21:48.0168 3264  C:\Windows\SysWOW64\wbemcomn.dll - ok
11:21:48.0180 3264  [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
11:21:48.0180 3264  C:\Windows\SysWOW64\winsta.dll - ok
11:21:48.0192 3264  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
11:21:48.0192 3264  C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
11:21:48.0202 3264  [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
11:21:48.0202 3264  C:\Windows\SysWOW64\wbem\fastprox.dll - ok
11:21:48.0214 3264  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
11:21:48.0214 3264  C:\Windows\SysWOW64\ntdsapi.dll - ok
11:21:48.0226 3264  [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
11:21:48.0226 3264  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
11:21:48.0237 3264  [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
11:21:48.0237 3264  C:\Windows\System32\wbem\cimwin32.dll - ok
11:21:48.0248 3264  [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
11:21:48.0248 3264  C:\Windows\System32\framedynos.dll - ok
11:21:48.0261 3264  [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
11:21:48.0261 3264  C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
11:21:48.0273 3264  [ 8427660024F6CB0C34FFA4FC32B63B66 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\rubyw.exe
11:21:48.0273 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\rubyw.exe - ok
11:21:48.0285 3264  [ 4F40DBA49266F6E5AC1A595FA7B5700F ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\msvcrt-ruby191.dll
11:21:48.0285 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\msvcrt-ruby191.dll - ok
11:21:48.0297 3264  [ E71499CDBDD5595ED39E2740B6B1C86F ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
11:21:48.0297 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so - ok
11:21:48.0309 3264  [ 8557D7599B42F2122F6D795128DF4D37 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
11:21:48.0309 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so - ok
11:21:48.0321 3264  [ 7FA7685A6F1ABC213CBC003ABC4AD780 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
11:21:48.0322 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so - ok
11:21:48.0328 3264  [ 6D92F90FF5D0A6373247BACBAD34B9A1 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\src\rgloader\rgloader193.mswin.so
11:21:48.0328 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\src\rgloader\rgloader193.mswin.so - ok
11:21:48.0341 3264  [ 6D92F90FF5D0A6373247BACBAD34B9A1 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
11:21:48.0341 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so - ok
11:21:48.0353 3264  [ 584D9305CFEB7736D4E1E8E94F8D50A9 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
11:21:48.0353 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so - ok
11:21:48.0366 3264  [ 34C8A2E153A3C051B64C32A64C60F485 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
11:21:48.0366 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so - ok
11:21:48.0381 3264  [ 5E34E2B83B6A3711F3881A1A4C11CD8D ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
11:21:48.0381 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so - ok
11:21:48.0393 3264  [ AD58847A07330112A406063F67DCCBD1 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
11:21:48.0393 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so - ok
11:21:48.0405 3264  [ 97369C268F7C594463AAE9A2FEC165C9 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\libeay32-1.0.0-msvcrt.dll
11:21:48.0405 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\libeay32-1.0.0-msvcrt.dll - ok
11:21:48.0417 3264  [ 7C28B9760CD6310BB202865AC268B353 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\ssleay32-1.0.0-msvcrt.dll
11:21:48.0417 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\ssleay32-1.0.0-msvcrt.dll - ok
11:21:48.0429 3264  [ 461ACE2B4D93393093779F72AB58A4D0 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\ZLIB1.dll
11:21:48.0429 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\bin\ZLIB1.dll - ok
11:21:48.0440 3264  [ 5268346FC5BC4888030CACAFB3A76BA8 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
11:21:48.0440 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so - ok
11:21:48.0452 3264  [ E4C841FD18251EA91DA7B4304CFAD722 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
11:21:48.0452 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so - ok
11:21:48.0465 3264  [ DF9511D8602CA90AEA943D7030E38CC8 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
11:21:48.0465 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so - ok
11:21:48.0478 3264  [ 6EF192CA33FC95CDBA057E687E93E4DD ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
11:21:48.0479 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so - ok
11:21:48.0493 3264  [ A447E34EB1D5C984B387CFFD68202665 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
11:21:48.0493 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so - ok
11:21:48.0505 3264  [ 4E1B4D84D83E0161AF3B595A855163AD ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
11:21:48.0506 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so - ok
11:21:48.0518 3264  [ B9992BD2C88BFFB40407873E5DA19200 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
11:21:48.0518 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so - ok
11:21:48.0531 3264  [ E0C0E90757AF406A6E0E317A8F25265B ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
11:21:48.0531 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so - ok
11:21:48.0544 3264  [ 8F8EE6CBE042B9D773924F2DB4707CCE ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
11:21:48.0544 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so - ok
11:21:48.0556 3264  [ FBABEA8C8091B7D303DC31C6BB2CCF8A ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
11:21:48.0556 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so - ok
11:21:48.0569 3264  [ EB304E51640097128153B148767C4A00 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
11:21:48.0569 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so - ok
11:21:48.0582 3264  [ 9B9E8441E8A4157ADFC7647ACEE904F5 ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
11:21:48.0582 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so - ok
11:21:48.0590 3264  [ 2A50FBC06367FF32B84937DEBE366AFA ] C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
11:21:48.0590 3264  C:\Users\NotNick\AppData\Local\Temp\ocrCEB3.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so - ok
11:21:48.0601 3264  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
11:21:48.0601 3264  C:\Windows\SysWOW64\wship6.dll - ok
11:21:48.0612 3264  [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\SysWOW64\wshqos.dll
11:21:48.0612 3264  C:\Windows\SysWOW64\wshqos.dll - ok
11:21:48.0624 3264  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
11:21:48.0624 3264  C:\Windows\SysWOW64\rasadhlp.dll - ok
11:21:48.0631 3264  [ CABB20E171770FF64614A54C1F31C033 ] C:\Windows\SysWOW64\ipconfig.exe
11:21:48.0631 3264  C:\Windows\SysWOW64\ipconfig.exe - ok
11:21:48.0637 3264  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
11:21:48.0637 3264  C:\Windows\SysWOW64\dnsapi.dll - ok
11:21:48.0649 3264  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
11:21:48.0649 3264  C:\Windows\SysWOW64\dhcpcsvc.dll - ok
11:21:48.0655 3264  [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
11:21:48.0655 3264  C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
11:21:48.0666 3264  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
11:21:48.0666 3264  C:\Windows\System32\mpr.dll - ok
11:21:48.0677 3264  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
11:21:48.0677 3264  C:\Windows\System32\userinit.exe - ok
11:21:48.0683 3264  [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
11:21:48.0683 3264  C:\Windows\System32\dwm.exe - ok
11:21:48.0694 3264  [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
11:21:48.0694 3264  C:\Windows\System32\dwmredir.dll - ok
11:21:48.0704 3264  [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
11:21:48.0704 3264  C:\Windows\System32\dwmcore.dll - ok
11:21:48.0715 3264  [ D63BEE2A8B22482F7080A8D3F2E1A733 ] C:\Windows\System32\d3d10_1.dll
11:21:48.0715 3264  C:\Windows\System32\d3d10_1.dll - ok
11:21:48.0725 3264  [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
11:21:48.0726 3264  C:\Windows\System32\d3d10_1core.dll - ok
11:21:48.0736 3264  [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
11:21:48.0736 3264  C:\Windows\System32\dxgi.dll - ok
11:21:48.0746 3264  [ AC4C51EB24AA95B77F705AB159189E24 ] C:\Windows\explorer.exe
11:21:48.0746 3264  C:\Windows\explorer.exe - ok
11:21:48.0758 3264  [ D1F1D20DADF0C6882306126026E54EE2 ] C:\Windows\System32\aticfx64.dll
11:21:48.0758 3264  C:\Windows\System32\aticfx64.dll - ok
11:21:48.0769 3264  [ 1C045AA40FC86CAF02D64B6218DC1DD6 ] C:\Windows\System32\atiuxp64.dll
11:21:48.0769 3264  C:\Windows\System32\atiuxp64.dll - ok
11:21:48.0776 3264  [ 6935BD1DD8CD2149DAC2C395F33EFF08 ] C:\Windows\System32\atidxx64.dll
11:21:48.0776 3264  C:\Windows\System32\atidxx64.dll - ok
11:21:48.0782 3264  [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
11:21:48.0782 3264  C:\Windows\System32\ExplorerFrame.dll - ok
11:21:48.0793 3264  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
11:21:48.0793 3264  C:\Windows\System32\EhStorShell.dll - ok
11:21:48.0804 3264  [ 7BBF670114373CE6A203FA155A9E0D0A ] C:\Windows\System32\ntshrui.dll
11:21:48.0804 3264  C:\Windows\System32\ntshrui.dll - ok
11:21:48.0814 3264  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
11:21:48.0814 3264  C:\Windows\System32\IconCodecService.dll - ok
11:21:48.0826 3264  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
11:21:48.0826 3264  C:\Windows\System32\appinfo.dll - ok
11:21:48.0837 3264  [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
11:21:48.0837 3264  C:\Windows\System32\runonce.exe - ok
11:21:48.0843 3264  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
11:21:48.0843 3264  C:\Windows\SysWOW64\runonce.exe - ok
11:21:48.0855 3264  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
11:21:48.0855 3264  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
11:21:48.0866 3264  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
11:21:48.0866 3264  C:\Windows\SysWOW64\setupapi.dll - ok
11:21:48.0876 3264  [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
11:21:48.0876 3264  C:\Windows\SysWOW64\cfgmgr32.dll - ok
11:21:48.0889 3264  [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
11:21:48.0889 3264  C:\Windows\SysWOW64\devobj.dll - ok
11:21:48.0901 3264  [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
11:21:48.0901 3264  C:\Windows\SysWOW64\propsys.dll - ok
11:21:48.0912 3264  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
11:21:48.0912 3264  C:\Windows\SysWOW64\ntmarta.dll - ok
11:21:48.0924 3264  [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
11:21:48.0924 3264  C:\Windows\SysWOW64\Wldap32.dll - ok
11:21:48.0934 3264  [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
11:21:48.0935 3264  C:\Windows\SysWOW64\urlmon.dll - ok
11:21:48.0946 3264  [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
11:21:48.0946 3264  C:\Windows\SysWOW64\iertutil.dll - ok
11:21:48.0958 3264  [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
11:21:48.0958 3264  C:\Windows\SysWOW64\wininet.dll - ok
11:21:48.0970 3264  [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
11:21:48.0970 3264  C:\Windows\SysWOW64\cmd.exe - ok
11:21:48.0993 3264  [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe
11:21:48.0993 3264  C:\Windows\System32\conhost.exe - ok
11:21:49.0003 3264  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
11:21:49.0003 3264  C:\Windows\SysWOW64\winbrand.dll - ok
11:21:49.0010 3264  [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
11:21:49.0010 3264  C:\Windows\SysWOW64\ieframe.dll - ok
11:21:49.0021 3264  [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
11:21:49.0021 3264  C:\Windows\SysWOW64\oleacc.dll - ok
11:21:49.0032 3264  [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
11:21:49.0032 3264  C:\Windows\SysWOW64\shdocvw.dll - ok
11:21:49.0046 3264  [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
11:21:49.0046 3264  C:\Windows\System32\aelupsvc.dll - ok
11:21:49.0057 3264  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\NotNick\AppData\Local\Temp\049EC327-34AE-4D3D-9843-AD9A8FF7198E.exe
11:21:49.0057 3264  C:\Users\NotNick\AppData\Local\Temp\049EC327-34AE-4D3D-9843-AD9A8FF7198E.exe - ok
11:21:49.0069 3264  [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll
11:21:49.0069 3264  C:\Windows\SysWOW64\ncrypt.dll - ok
11:21:49.0080 3264  [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
11:21:49.0080 3264  C:\Windows\SysWOW64\bcrypt.dll - ok
11:21:49.0096 3264  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
11:21:49.0096 3264  C:\Windows\SysWOW64\bcryptprimitives.dll - ok
11:21:49.0108 3264  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
11:21:49.0108 3264  C:\Windows\SysWOW64\gpapi.dll - ok
11:21:49.0120 3264  [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
11:21:49.0120 3264  C:\Windows\SysWOW64\cryptnet.dll - ok
11:21:49.0131 3264  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
11:21:49.0131 3264  C:\Windows\SysWOW64\SensApi.dll - ok
11:21:49.0142 3264  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
11:21:49.0142 3264  C:\Windows\SysWOW64\uxtheme.dll - ok
11:21:49.0153 3264  [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
11:21:49.0153 3264  C:\Windows\SysWOW64\WindowsCodecs.dll - ok
11:21:49.0164 3264  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
11:21:49.0164 3264  C:\Windows\SysWOW64\EhStorShell.dll - ok
11:21:49.0174 3264  [ EB77DB354791A5932CA559B6F6374E95 ] C:\Windows\SysWOW64\ntshrui.dll
11:21:49.0175 3264  C:\Windows\SysWOW64\ntshrui.dll - ok
11:21:49.0186 3264  [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
11:21:49.0186 3264  C:\Windows\SysWOW64\cscapi.dll - ok
11:21:49.0198 3264  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
11:21:49.0198 3264  C:\Windows\SysWOW64\slc.dll - ok
11:21:49.0210 3264  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
11:21:49.0210 3264  C:\Windows\SysWOW64\imageres.dll - ok
11:21:49.0222 3264  [ 1660D2C7B4654FFBBF67624A5DF0C86A ] C:\Program Files\pia_manager\pia_tray\pia_tray.exe
11:21:49.0222 3264  C:\Program Files\pia_manager\pia_tray\pia_tray.exe - ok
11:21:49.0239 3264  [ 244C6722289F4869068992FD7D8A8832 ] C:\Windows\SysWOW64\wbem\wbemdisp.dll
11:21:49.0239 3264  C:\Windows\SysWOW64\wbem\wbemdisp.dll - ok
11:21:49.0246 3264  [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
11:21:49.0246 3264  C:\Windows\SysWOW64\sxs.dll - ok
11:21:49.0258 3264  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
11:21:49.0258 3264  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
11:21:49.0279 3264  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
11:21:49.0279 3264  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
11:21:49.0293 3264  [ 16A25AA3959E5B0B697466D33A012874 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
11:21:49.0293 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll - ok
11:21:49.0302 3264  [ 4134DEAFBADBFB85D8194CBC13585F25 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
11:21:49.0302 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll - ok
11:21:49.0316 3264  [ 481A58139271D2390CE2134641C392CD ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.dll
11:21:49.0316 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\WebKit.dll - ok
11:21:49.0330 3264  [ 4CBF12973F99583A9309F1184324FC76 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\icuuc40.dll
11:21:49.0330 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\icuuc40.dll - ok
11:21:49.0344 3264  [ D78E06A5721AF6D0D0559F06232A30A9 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\icudt40.dll
11:21:49.0344 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\icudt40.dll - ok
11:21:49.0352 3264  [ 148B4D4290D91CBEBEFFC5BFA95B999E ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
11:21:49.0352 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll - ok
11:21:49.0365 3264  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
11:21:49.0365 3264  C:\Windows\SysWOW64\sfc.dll - ok
11:21:49.0378 3264  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
11:21:49.0378 3264  C:\Windows\SysWOW64\sfc_os.dll - ok
11:21:49.0389 3264  [ 3D36FBEBDB24D51C8318CEAE83AB0AF7 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\icuin40.dll
11:21:49.0389 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\icuin40.dll - ok
11:21:49.0402 3264  [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
11:21:49.0402 3264  C:\Windows\SysWOW64\devrtl.dll - ok
11:21:49.0413 3264  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
11:21:49.0413 3264  C:\Windows\SysWOW64\winhttp.dll - ok
11:21:49.0423 3264  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
11:21:49.0424 3264  C:\Windows\SysWOW64\webio.dll - ok
11:21:49.0435 3264  [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
11:21:49.0435 3264  C:\Windows\System32\ie4uinit.exe - ok
11:21:49.0446 3264  [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
11:21:49.0446 3264  C:\Windows\System32\iedkcs32.dll - ok
11:21:49.0457 3264  [ A618E6E58C787606C4E249D7408B1338 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\pthreadVC2.dll
11:21:49.0457 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\pthreadVC2.dll - ok
11:21:49.0468 3264  [ 1FCB1A72BF5C784F7358E6BEF38E4571 ] C:\Windows\System32\timedate.cpl
11:21:49.0469 3264  C:\Windows\System32\timedate.cpl - ok
11:21:49.0481 3264  [ D0A40BE95461FC0F0457B3AB7B54ED94 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\JavaScriptCore.dll
11:21:49.0481 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\JavaScriptCore.dll - ok
11:21:49.0492 3264  [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
11:21:49.0492 3264  C:\Windows\System32\actxprxy.dll - ok
11:21:49.0503 3264  [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
11:21:49.0503 3264  C:\Windows\SysWOW64\winmm.dll - ok
11:21:49.0516 3264  [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
11:21:49.0516 3264  C:\Windows\System32\shdocvw.dll - ok
11:21:49.0529 3264  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
11:21:49.0529 3264  C:\Windows\System32\linkinfo.dll - ok
11:21:49.0547 3264  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
11:21:49.0548 3264  C:\Windows\SysWOW64\credssp.dll - ok
11:21:49.0557 3264  [ 4E6B70917F8B454811B2FB55C5C51A71 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libcurl.dll
11:21:49.0557 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libcurl.dll - ok
11:21:49.0569 3264  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
11:21:49.0569 3264  C:\Windows\System32\msftedit.dll - ok
11:21:49.0582 3264  [ 92807A14BFF8509216D650E076B7146E ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libeay32.dll
11:21:49.0582 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libeay32.dll - ok
11:21:49.0595 3264  [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
11:21:49.0596 3264  C:\Windows\System32\msls31.dll - ok
11:21:49.0603 3264  [ BCE2A71224A345B558078FB31F1068CA ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\ssleay32.dll
11:21:49.0603 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\ssleay32.dll - ok
11:21:49.0615 3264  [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
11:21:49.0615 3264  C:\Windows\System32\DeviceCenter.dll - ok
11:21:49.0626 3264  [ 29C81875332F7084321C3A82A9A7BF9F ] C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
11:21:49.0626 3264  C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe - ok
11:21:49.0639 3264  [ CFF84E167E27327D66E6D06BDC23C907 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
11:21:49.0639 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll - ok
11:21:49.0655 3264  [ AD039BD721859550F23064D42E7DDA44 ] C:\Users\NotNick\AppData\Roaming\uTorrent\uTorrent.exe
11:21:49.0655 3264  C:\Users\NotNick\AppData\Roaming\uTorrent\uTorrent.exe - ok
11:21:49.0663 3264  [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
11:21:49.0663 3264  C:\Windows\System32\networkexplorer.dll - ok
11:21:49.0674 3264  [ 5343A19C618BC515CEB1695586C6C137 ] C:\Windows\SysWOW64\msvbvm60.dll
11:21:49.0674 3264  C:\Windows\SysWOW64\msvbvm60.dll - ok
11:21:49.0685 3264  [ 4CB7CEE3F7540B0BEDBD158D75F06509 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
11:21:49.0685 3264  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok
11:21:49.0696 3264  [ 16C484268AFE34B6573A88AAFC455811 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
11:21:49.0697 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll - ok
11:21:49.0707 3264  [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
11:21:49.0707 3264  C:\Windows\SysWOW64\comdlg32.dll - ok
11:21:49.0718 3264  [ 8608FB2C0383CDECD405E2611F04ED68 ] C:\Windows\SysWOW64\atiadlxy.dll
11:21:49.0718 3264  C:\Windows\SysWOW64\atiadlxy.dll - ok
11:21:49.0732 3264  [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
11:21:49.0732 3264  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
11:21:49.0741 3264  [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
11:21:49.0741 3264  C:\Windows\System32\ieframe.dll - ok
11:21:49.0752 3264  [ 368B2BEE3F88BFB883D2C74A258DE6F6 ] C:\Windows\AppPatch\AcLayers.dll
11:21:49.0752 3264  C:\Windows\AppPatch\AcLayers.dll - ok
11:21:49.0763 3264  [ 1E09DFA4048196C9D3CC40C485A39422 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
11:21:49.0763 3264  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - ok
11:21:49.0779 3264  [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
11:21:49.0779 3264  C:\Windows\System32\mscoree.dll - ok
11:21:49.0785 3264  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
11:21:49.0785 3264  C:\Windows\SysWOW64\winspool.drv - ok
11:21:49.0797 3264  [ 667224FF4FD48B182F574AA96E93267C ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
11:21:49.0797 3264  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
11:21:49.0809 3264  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
11:21:49.0809 3264  C:\Windows\SysWOW64\msimg32.dll - ok
11:21:49.0820 3264  [ 3DBEAEE8645FAF1232CE464C2CAC12EF ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
11:21:49.0820 3264  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll - ok
11:21:49.0831 3264  [ 088CF5B6380FB9002F2A4246F812225D ] C:\Windows\SysWOW64\asycfilt.dll
11:21:49.0831 3264  C:\Windows\SysWOW64\asycfilt.dll - ok
11:21:49.0842 3264  [ AD31942BDF3D594C404874613BC2FE4D ] C:\Windows\System32\SearchIndexer.exe
11:21:49.0842 3264  C:\Windows\System32\SearchIndexer.exe - ok
11:21:49.0848 3264  [ 6C597496AB646EB9F31C68241050F771 ] C:\Windows\System32\tquery.dll
11:21:49.0848 3264  C:\Windows\System32\tquery.dll - ok
11:21:49.0859 3264  [ 017F5CE9BC2333FE0FB738B0A9C13C2F ] C:\Windows\System32\mssrch.dll
11:21:49.0859 3264  C:\Windows\System32\mssrch.dll - ok
11:21:49.0870 3264  [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
11:21:49.0870 3264  C:\Windows\System32\drprov.dll - ok
11:21:49.0879 3264  [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
11:21:49.0880 3264  C:\Windows\System32\gameux.dll - ok
11:21:49.0887 3264  [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
11:21:49.0887 3264  C:\Windows\SysWOW64\FirewallAPI.dll - ok
11:21:49.0898 3264  [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
11:21:49.0898 3264  C:\Windows\System32\msvcr100_clr0400.dll - ok
11:21:49.0909 3264  [ 104A1070E90F1C530328E69B49718841 ] C:\Windows\SysWOW64\nlaapi.dll
11:21:49.0909 3264  C:\Windows\SysWOW64\nlaapi.dll - ok
11:21:49.0919 3264  [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
11:21:49.0919 3264  C:\Windows\SysWOW64\NapiNSP.dll - ok
11:21:49.0935 3264  [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
11:21:49.0935 3264  C:\Windows\SysWOW64\pnrpnsp.dll - ok
11:21:49.0942 3264  [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
11:21:49.0942 3264  C:\Windows\SysWOW64\winrnr.dll - ok
11:21:49.0953 3264  [ D63F0353F632FB1EDE724173BE6DB5B5 ] C:\Windows\System32\esent.dll
11:21:49.0953 3264  C:\Windows\System32\esent.dll - ok
11:21:49.0966 3264  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
11:21:49.0966 3264  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
11:21:49.0976 3264  [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\SysWOW64\hnetcfg.dll
11:21:49.0976 3264  C:\Windows\SysWOW64\hnetcfg.dll - ok
11:21:49.0987 3264  [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
11:21:49.0988 3264  C:\Windows\System32\stobject.dll - ok
11:21:49.0999 3264  [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
11:21:50.0000 3264  C:\Windows\SysWOW64\atl.dll - ok
11:21:50.0010 3264  [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
11:21:50.0010 3264  C:\Windows\SysWOW64\npmproxy.dll - ok
11:21:50.0023 3264  [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
11:21:50.0023 3264  C:\Windows\System32\batmeter.dll - ok
11:21:50.0032 3264  [ 635958B47D579344DC023AE324E05B43 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\5eeca24ada8f0fed132d1450c01f880a\mscorlib.ni.dll
11:21:50.0032 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\5eeca24ada8f0fed132d1450c01f880a\mscorlib.ni.dll - ok
11:21:50.0042 3264  [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
11:21:50.0042 3264  C:\Windows\System32\ntlanman.dll - ok
11:21:50.0052 3264  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
11:21:50.0052 3264  C:\Windows\SysWOW64\riched20.dll - ok
11:21:50.0063 3264  [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
11:21:50.0063 3264  C:\Windows\System32\davclnt.dll - ok
11:21:50.0076 3264  [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
11:21:50.0076 3264  C:\Windows\System32\davhlpr.dll - ok
11:21:50.0090 3264  [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
11:21:50.0090 3264  C:\Windows\System32\msidle.dll - ok
11:21:50.0098 3264  [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
11:21:50.0098 3264  C:\Windows\System32\msiltcfg.dll - ok
11:21:50.0111 3264  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
11:21:50.0111 3264  C:\Windows\System32\prnfldr.dll - ok
11:21:50.0121 3264  [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
11:21:50.0121 3264  C:\Windows\System32\mssprxy.dll - ok
11:21:50.0132 3264  [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\SysWOW64\mssprxy.dll
11:21:50.0132 3264  C:\Windows\SysWOW64\mssprxy.dll - ok
11:21:50.0142 3264  [ 71603E3987CCBE3BC5F1F577AD3A0A84 ] C:\Users\NotNick\Desktop\minerd.exe
11:21:50.0142 3264  C:\Users\NotNick\Desktop\minerd.exe - ok
11:21:50.0153 3264  [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
11:21:50.0153 3264  C:\Windows\System32\DXP.dll - ok
11:21:50.0169 3264  [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
11:21:50.0169 3264  C:\Windows\System32\en-US\tquery.dll.mui - ok
11:21:50.0176 3264  [ 42BE6B74C7C49D105573CD333E2AC6D8 ] C:\Program Files\CCleaner\CCleaner64.exe
11:21:50.0176 3264  C:\Program Files\CCleaner\CCleaner64.exe - ok
11:21:50.0188 3264  [ F040037B149FD0F5A5044AE563390FA7 ] C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:21:50.0188 3264  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - ok
11:21:50.0195 3264  [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\SysWOW64\svchost.exe
11:21:50.0195 3264  C:\Windows\SysWOW64\svchost.exe - ok
11:21:50.0206 3264  [ 9217D874131AE6FF8F642F124F00A555 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:21:50.0206 3264  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe - ok
11:21:50.0219 3264  [ D88040F816FDA31C3B466F0FA0918F29 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:21:50.0219 3264  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - ok
11:21:50.0230 3264  [ D1CEEA2B47CB998321C579651CE3E4F8 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:21:50.0230 3264  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe - ok
11:21:50.0241 3264  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:21:50.0242 3264  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
11:21:50.0253 3264  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:21:50.0253 3264  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
11:21:50.0264 3264  [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\SysWOW64\dllhost.exe
11:21:50.0265 3264  C:\Windows\SysWOW64\dllhost.exe - ok
11:21:50.0275 3264  [ C4002B6B41975F057D98C439030CEA07 ] C:\Windows\ehome\ehrecvr.exe
11:21:50.0275 3264  C:\Windows\ehome\ehrecvr.exe - ok
11:21:50.0285 3264  [ 4705E8EF9934482C5BB488CE28AFC681 ] C:\Windows\ehome\ehsched.exe
11:21:50.0285 3264  C:\Windows\ehome\ehsched.exe - ok
11:21:50.0296 3264  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
11:21:50.0296 3264  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe - ok
11:21:50.0307 3264  [ 4374B2528BCBB8F95FB12CC6C8FF0773 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
11:21:50.0307 3264  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll - ok
11:21:50.0319 3264  [ 1CF03C69B49ACB70C722DF92755C0C8C ] C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:21:50.0319 3264  C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - ok
11:21:50.0329 3264  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
11:21:50.0330 3264  C:\Windows\System32\Syncreg.dll - ok
11:21:50.0340 3264  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:21:50.0340 3264  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe - ok
11:21:50.0351 3264  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
11:21:50.0351 3264  C:\Windows\ehome\ehSSO.dll - ok
11:21:50.0359 3264  [ 852D67A27E454BD389FA7F02A8CBE23F ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
11:21:50.0359 3264  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
11:21:50.0370 3264  [ 836B8F87DC42AD95D4FE95BD1E374DF2 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
11:21:50.0370 3264  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll - ok
11:21:50.0381 3264  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
11:21:50.0381 3264  C:\Windows\System32\AltTab.dll - ok
11:21:50.0391 3264  [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
11:21:50.0391 3264  C:\Windows\System32\ActionCenter.dll - ok
11:21:50.0402 3264  [ 825BF0E46B4470A463AEB641480C5FCA ] C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:21:50.0402 3264  C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe - ok
11:21:50.0413 3264  [ EEE470F2A771FC0B543BDEEF74FCECA0 ] C:\Windows\SysWOW64\msiexec.exe
11:21:50.0413 3264  C:\Windows\SysWOW64\msiexec.exe - ok
11:21:50.0424 3264  [ D22CD77D4F0D63D1169BB35911BFF12D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:21:50.0424 3264  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe - ok
11:21:50.0435 3264  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
11:21:50.0435 3264  C:\Windows\System32\FXSST.dll - ok
11:21:50.0445 3264  [ 6D137963730144698CBD10F202E9F251 ] C:\Windows\System32\wersvc.dll
11:21:50.0445 3264  C:\Windows\System32\wersvc.dll - ok
11:21:50.0456 3264  [ EC322186D8FCE3D632F3F597D67747DD ] C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
11:21:50.0456 3264  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe - ok
11:21:50.0466 3264  [ E495E408C93141E8FC72DC0C6046DDFA ] C:\Windows\SysWOW64\perfhost.exe
11:21:50.0467 3264  C:\Windows\SysWOW64\perfhost.exe - ok
11:21:50.0477 3264  [ 8784236EED5079493DA9FC95B28B89F8 ] C:\Windows\System32\WerFault.exe
11:21:50.0477 3264  C:\Windows\System32\WerFault.exe - ok
11:21:50.0487 3264  [ F5AAA8CDDA25B6387AF590D676D25BAD ] C:\Windows\SysWOW64\TCPSVCS.EXE
11:21:50.0488 3264  C:\Windows\SysWOW64\TCPSVCS.EXE - ok
11:21:50.0498 3264  [ F152755F131ADFE452D534F4E9383590 ] C:\Windows\System32\Faultrep.dll
11:21:50.0498 3264  C:\Windows\System32\Faultrep.dll - ok
11:21:50.0509 3264  [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
11:21:50.0509 3264  C:\Windows\System32\FXSAPI.dll - ok
11:21:50.0520 3264  [ 16A7E1A301267CD3D10BBAD1314F9009 ] C:\Program Files (x86)\Common Files\Steam\SteamService.exe
11:21:50.0520 3264  C:\Program Files (x86)\Common Files\Steam\SteamService.exe - ok
11:21:50.0531 3264  [ 574F49708811ED34DB860188FC0B3450 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c6dbe316570cf378d1a33ffdb62ee83f\System.ni.dll
11:21:50.0531 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c6dbe316570cf378d1a33ffdb62ee83f\System.ni.dll - ok
11:21:50.0542 3264  [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
11:21:50.0542 3264  C:\Windows\System32\SensApi.dll - ok
11:21:50.0554 3264  [ 9BF787638F80B1C9B244640EC88B146F ] C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
11:21:50.0554 3264  C:\Program Files\Oracle\VirtualBox\VirtualBox.exe - ok
11:21:50.0565 3264  [ BB676D2C7AD5E7131D12417E4691F9B9 ] C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
11:21:50.0565 3264  C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe - ok
11:21:50.0577 3264  [ 773212B2AAA24C1E31F10246B15B276C ] C:\Windows\servicing\TrustedInstaller.exe
11:21:50.0577 3264  C:\Windows\servicing\TrustedInstaller.exe - ok
11:21:50.0587 3264  [ 5CF95B35E59E2A38023836FFF31BE64C ] C:\Windows\SysWOW64\drivers\wimmount.sys
11:21:50.0588 3264  C:\Windows\SysWOW64\drivers\wimmount.sys - ok
11:21:50.0598 3264  [ 622D95520182F6D3D05310D5810CA8B3 ] C:\Windows\SysWOW64\SearchIndexer.exe
11:21:50.0598 3264  C:\Windows\SysWOW64\SearchIndexer.exe - ok
11:21:50.0605 3264  [ 459BBFB53B8721624E4CCEAC16A505C2 ] C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
11:21:50.0605 3264  C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll - ok
11:21:50.0617 3264  [ FB659A1B94E43D1B26B5D24F73A2CA93 ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
11:21:50.0618 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll - ok
11:21:50.0629 3264  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
11:21:50.0630 3264  C:\Windows\System32\FXSRESM.dll - ok
11:21:50.0640 3264  [ F48A4FD8EE5951C7D4CC9B7B1608C8B6 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\98c139c6c6dfeff5eba1e3c07c8d898e\System.Drawing.ni.dll
11:21:50.0641 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\98c139c6c6dfeff5eba1e3c07c8d898e\System.Drawing.ni.dll - ok
11:21:50.0652 3264  [ 7CBFC2B05F91E2725F29055C7A6D3C5B ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
11:21:50.0652 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll - ok
11:21:50.0664 3264  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
11:21:50.0664 3264  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
11:21:50.0675 3264  [ 0114F28CFAA28FC676E985C06D6B01D7 ] C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
11:21:50.0675 3264  C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll - ok
11:21:50.0686 3264  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
11:21:50.0686 3264  C:\Windows\System32\netshell.dll - ok
11:21:50.0698 3264  [ 87010EBFE663BA6443BA5B40BE1769DA ] C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
11:21:50.0698 3264  C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll - ok
11:21:50.0709 3264  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
11:21:50.0710 3264  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
11:21:50.0721 3264  [ 0F503D796EE6A1F70A9EEB5054319BA2 ] C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
11:21:50.0721 3264  C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll - ok
11:21:50.0733 3264  [ A02AAB839EE19D32C919E66B8E71B80D ] C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
11:21:50.0733 3264  C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll - ok
11:21:50.0744 3264  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\80860059.sys
11:21:50.0744 3264  C:\Windows\System32\drivers\80860059.sys - ok
11:21:50.0755 3264  [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
11:21:50.0755 3264  C:\Windows\System32\pnidui.dll - ok
11:21:50.0765 3264  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
11:21:50.0765 3264  C:\Windows\SysWOW64\duser.dll - ok
11:21:50.0776 3264  [ F733391EF57B2E5A42A06ED64ACF6440 ] C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
11:21:50.0776 3264  C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll - ok
11:21:50.0787 3264  [ 0CE4D3BD306DA6D1F6F233C403F5B667 ] C:\Windows\SysWOW64\msi.dll
11:21:50.0787 3264  C:\Windows\SysWOW64\msi.dll - ok
11:21:50.0797 3264  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
11:21:50.0797 3264  C:\Windows\SysWOW64\dui70.dll - ok
11:21:50.0807 3264  [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
11:21:50.0807 3264  C:\Windows\System32\QUTIL.DLL - ok
11:21:50.0818 3264  [ F380682F24410D82FAF4FEEA8041A67A ] C:\Windows\System32\IPBusEnumProxy.dll
11:21:50.0818 3264  C:\Windows\System32\IPBusEnumProxy.dll - ok
11:21:50.0829 3264  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
11:21:50.0830 3264  C:\Windows\SysWOW64\dwmapi.dll - ok
11:21:50.0840 3264  [ 7BF5EA753D4CC056B9462A02AC51B160 ] C:\Windows\SysWOW64\xmllite.dll
11:21:50.0840 3264  C:\Windows\SysWOW64\xmllite.dll - ok
11:21:50.0852 3264  [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\SysWOW64\msftedit.dll
11:21:50.0852 3264  C:\Windows\SysWOW64\msftedit.dll - ok
11:21:50.0858 3264  [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
11:21:50.0858 3264  C:\Windows\System32\WPDShServiceObj.dll - ok
11:21:50.0869 3264  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
11:21:50.0869 3264  C:\Windows\System32\PortableDeviceTypes.dll - ok
11:21:50.0880 3264  [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
11:21:50.0880 3264  C:\Windows\SysWOW64\msls31.dll - ok
11:21:50.0890 3264  [ 01300E303C7A5426FC21C479CE3E1B18 ] C:\Users\NotNick\Desktop\RogueKillerX64.exe
11:21:50.0890 3264  C:\Users\NotNick\Desktop\RogueKillerX64.exe - ok
11:21:50.0900 3264  [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
11:21:50.0901 3264  C:\Windows\SysWOW64\linkinfo.dll - ok
11:21:50.0911 3264  [ 6581B52E133CC6D00661C58968C7E212 ] C:\Windows\SysWOW64\SearchFolder.dll
11:21:50.0911 3264  C:\Windows\SysWOW64\SearchFolder.dll - ok
11:21:50.0922 3264  [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
11:21:50.0922 3264  C:\Windows\System32\bthprops.cpl - ok
11:21:50.0932 3264  [ 6A1E8DEB746912DF47CF651E138401D7 ] C:\Windows\SysWOW64\StructuredQuery.dll
11:21:50.0933 3264  C:\Windows\SysWOW64\StructuredQuery.dll - ok
11:21:50.0943 3264  [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
11:21:50.0943 3264  C:\Windows\System32\srchadmin.dll - ok
11:21:50.0954 3264  [ 285354B4C28567054F9E382EAC540D05 ] C:\Windows\SysWOW64\mssvp.dll
11:21:50.0954 3264  C:\Windows\SysWOW64\mssvp.dll - ok
11:21:50.0967 3264  [ B77E2893CFD6755622219B7779F0674D ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\835734fd00fb5b939b40a8005673bf27\System.Runtime.Remoting.ni.dll
11:21:50.0967 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\835734fd00fb5b939b40a8005673bf27\System.Runtime.Remoting.ni.dll - ok
11:21:50.0978 3264  [ B0F69B9DE0AEBFD7E4CEADE6758DF627 ] C:\Windows\System32\SearchFolder.dll
11:21:50.0978 3264  C:\Windows\System32\SearchFolder.dll - ok
11:21:50.0989 3264  [ 0819EF7DB96DAB8AC3DACE567ED1B99E ] C:\Windows\System32\werui.dll
11:21:50.0989 3264  C:\Windows\System32\werui.dll - ok
11:21:50.0999 3264  [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\SysWOW64\thumbcache.dll
11:21:50.0999 3264  C:\Windows\SysWOW64\thumbcache.dll - ok
11:21:51.0009 3264  [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
11:21:51.0009 3264  C:\Windows\System32\riched20.dll - ok
11:21:51.0020 3264  [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\SysWOW64\mapi32.dll
11:21:51.0020 3264  C:\Windows\SysWOW64\mapi32.dll - ok
11:21:51.0030 3264  [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\SysWOW64\networkexplorer.dll
11:21:51.0030 3264  C:\Windows\SysWOW64\networkexplorer.dll - ok
11:21:51.0040 3264  [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
11:21:51.0040 3264  C:\Windows\System32\msxml3.dll - ok
11:21:51.0051 3264  [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
11:21:51.0051 3264  C:\Windows\System32\shfolder.dll - ok
11:21:51.0061 3264  [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
11:21:51.0062 3264  C:\Windows\System32\wbem\NCProv.dll - ok
11:21:51.0073 3264  [ 74CDE657245C114B98816E89B8D4CCD1 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
11:21:51.0073 3264  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - ok
11:21:51.0084 3264  [ DB16A7C0A453F7E220A5F29E42572FD8 ] C:\Windows\AppPatch\AppPatch64\AcGenral.dll
11:21:51.0084 3264  C:\Windows\AppPatch\AppPatch64\AcGenral.dll - ok
11:21:51.0095 3264  [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
11:21:51.0095 3264  C:\Windows\SysWOW64\samcli.dll - ok
11:21:51.0106 3264  [ C8C937D647F82ABD94FE9E84B2D4CA74 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\8ba8df1eee51f27863f8994f219e4fed\System.Windows.Forms.ni.dll
11:21:51.0106 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\8ba8df1eee51f27863f8994f219e4fed\System.Windows.Forms.ni.dll - ok
11:21:51.0113 3264  [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
11:21:51.0113 3264  C:\Windows\SysWOW64\samlib.dll - ok
11:21:51.0123 3264  [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\SysWOW64\drprov.dll
11:21:51.0124 3264  C:\Windows\SysWOW64\drprov.dll - ok
11:21:51.0134 3264  [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\SysWOW64\ntlanman.dll
11:21:51.0134 3264  C:\Windows\SysWOW64\ntlanman.dll - ok
11:21:51.0145 3264  [ 990EA3103E06D68CE0E755A9C3D70107 ] C:\Windows\System32\dbgeng.dll
11:21:51.0145 3264  C:\Windows\System32\dbgeng.dll - ok
11:21:51.0155 3264  [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\SysWOW64\davclnt.dll
11:21:51.0155 3264  C:\Windows\SysWOW64\davclnt.dll - ok
11:21:51.0165 3264  [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\SysWOW64\davhlpr.dll
11:21:51.0165 3264  C:\Windows\SysWOW64\davhlpr.dll - ok
11:21:51.0176 3264  [ 145642B84939D50AFDA2D6163406CCED ] C:\Windows\SysWOW64\networkitemfactory.dll
11:21:51.0176 3264  C:\Windows\SysWOW64\networkitemfactory.dll - ok
11:21:51.0186 3264  [ 0795AAF84172C2E3B605CCB3A6E91D4A ] C:\Windows\SysWOW64\dtsh.dll
11:21:51.0186 3264  C:\Windows\SysWOW64\dtsh.dll - ok
11:21:51.0196 3264  [ 181F69BC9C406B7FB5C0ADE8031630AC ] C:\Windows\SysWOW64\wpdshext.dll
11:21:51.0196 3264  C:\Windows\SysWOW64\wpdshext.dll - ok
11:21:51.0207 3264  [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
11:21:51.0207 3264  C:\Windows\System32\dbghelp.dll - ok
11:21:51.0218 3264  [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\SysWOW64\fundisc.dll
11:21:51.0218 3264  C:\Windows\SysWOW64\fundisc.dll - ok
11:21:51.0229 3264  [ 09D7E226FF57AF8140AB78105D479A28 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\61a9c166bf7f6534a308eddd021679f9\System.Core.ni.dll
11:21:51.0229 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\61a9c166bf7f6534a308eddd021679f9\System.Core.ni.dll - ok
11:21:51.0241 3264  [ D9A9702E43A5859896F34898D5FD3FEC ] C:\Windows\SysWOW64\msxml6.dll
11:21:51.0241 3264  C:\Windows\SysWOW64\msxml6.dll - ok
11:21:51.0251 3264  [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\SysWOW64\PortableDeviceApi.dll
11:21:51.0251 3264  C:\Windows\SysWOW64\PortableDeviceApi.dll - ok
11:21:51.0263 3264  [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\SysWOW64\fdProxy.dll
11:21:51.0263 3264  C:\Windows\SysWOW64\fdProxy.dll - ok
11:21:51.0273 3264  [ 4634B0EE4098F0F2B972BDAC19A802E7 ] C:\Windows\SysWOW64\audiodev.dll
11:21:51.0274 3264  C:\Windows\SysWOW64\audiodev.dll - ok
11:21:51.0284 3264  [ 516BEB000047F7647F265BC8A71D8C19 ] C:\Windows\SysWOW64\fdWCN.dll
11:21:51.0284 3264  C:\Windows\SysWOW64\fdWCN.dll - ok
11:21:51.0295 3264  [ DE789E037D4A587117EC119E86719523 ] C:\Program Files\pia_manager\openvpn.exe
11:21:51.0295 3264  C:\Program Files\pia_manager\openvpn.exe - ok
11:21:51.0306 3264  [ C7D5B4171C77DD0B26C5571E7777C355 ] C:\Windows\SysWOW64\WcnApi.dll
11:21:51.0306 3264  C:\Windows\SysWOW64\WcnApi.dll - ok
11:21:51.0317 3264  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] C:\Windows\System32\wcncsvc.dll
11:21:51.0317 3264  C:\Windows\System32\wcncsvc.dll - ok
11:21:51.0328 3264  [ 62CBF36E3E10BAA74224BC7A6DD998B5 ] C:\Program Files (x86)\Internet Explorer\ieproxy.dll
11:21:51.0328 3264  C:\Program Files (x86)\Internet Explorer\ieproxy.dll - ok
11:21:51.0339 3264  [ 9EEEAB29FAD8EF06DE605748F5895252 ] C:\Windows\SysWOW64\fdWNet.dll
11:21:51.0339 3264  C:\Windows\SysWOW64\fdWNet.dll - ok
11:21:51.0349 3264  [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
11:21:51.0349 3264  C:\Program Files\Internet Explorer\ieproxy.dll - ok
11:21:51.0360 3264  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
11:21:51.0360 3264  C:\Windows\System32\wlanhlp.dll - ok
11:21:51.0366 3264  [ 0F416E23DD2EB4DEBE70608020CFD283 ] C:\Windows\SysWOW64\WMVCORE.DLL
11:21:51.0366 3264  C:\Windows\SysWOW64\WMVCORE.DLL - ok
11:21:51.0378 3264  [ BA89664ED643D392D640B62531347E39 ] C:\Program Files\pia_manager\libeay32.dll
11:21:51.0378 3264  C:\Program Files\pia_manager\libeay32.dll - ok
11:21:51.0391 3264  [ 21C485436FB95A759771E2B51D53F26C ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\c5f6c5c81e1ef928ce943c9afd6a87c8\System.Web.ni.dll
11:21:51.0391 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\c5f6c5c81e1ef928ce943c9afd6a87c8\System.Web.ni.dll - ok
11:21:51.0402 3264  [ A7DD56261518373F70F23079EB3CD0A2 ] C:\Windows\SysWOW64\WMASF.DLL
11:21:51.0402 3264  C:\Windows\SysWOW64\WMASF.DLL - ok
11:21:51.0411 3264  [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
11:21:51.0411 3264  C:\Windows\System32\upnp.dll - ok
11:21:51.0422 3264  [ 7AA994D0757EF3FDB4F3F7656E1E4D60 ] C:\Windows\SysWOW64\dfscli.dll
11:21:51.0422 3264  C:\Windows\SysWOW64\dfscli.dll - ok
11:21:51.0433 3264  [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\SysWOW64\browcli.dll
11:21:51.0433 3264  C:\Windows\SysWOW64\browcli.dll - ok
11:21:51.0444 3264  [ 1060D60CCA69A8136A87DBE3C8F4A467 ] C:\Windows\SysWOW64\EhStorAPI.dll
11:21:51.0444 3264  C:\Windows\SysWOW64\EhStorAPI.dll - ok
11:21:51.0455 3264  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
11:21:51.0455 3264  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
11:21:51.0467 3264  [ AFAEAD8EECBC3E59279E110FA24BB381 ] C:\Program Files\pia_manager\ssleay32.dll
11:21:51.0467 3264  C:\Program Files\pia_manager\ssleay32.dll - ok
11:21:51.0478 3264  [ C61D476C867D215FB9CE136CE6BF0C14 ] C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
11:21:51.0478 3264  C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll - ok
11:21:51.0489 3264  [ CA9EB74EB97D9CB38851822A7B7B26BA ] C:\Program Files\pia_manager\lzo2.dll
11:21:51.0489 3264  C:\Program Files\pia_manager\lzo2.dll - ok
11:21:51.0500 3264  [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
11:21:51.0500 3264  C:\Windows\System32\webcheck.dll - ok
11:21:51.0510 3264  [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
11:21:51.0510 3264  C:\Windows\System32\SyncCenter.dll - ok
11:21:51.0522 3264  [ DCBE2CBAE9055A7C7EDF8B648CE6ABFD ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\36157f58e13ec07a258cbdbf37f8a8dc\System.Xml.ni.dll
11:21:51.0522 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\36157f58e13ec07a258cbdbf37f8a8dc\System.Xml.ni.dll - ok
11:21:51.0533 3264  [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
11:21:51.0533 3264  C:\Windows\System32\qmgr.dll - ok
11:21:51.0543 3264  [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
11:21:51.0544 3264  C:\Windows\System32\bitsperf.dll - ok
11:21:51.0554 3264  [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
11:21:51.0555 3264  C:\Windows\System32\imapi2.dll - ok
11:21:51.0565 3264  [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
11:21:51.0565 3264  C:\Windows\System32\bitsigd.dll - ok
11:21:51.0576 3264  [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
11:21:51.0576 3264  C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
11:21:51.0586 3264  [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
11:21:51.0586 3264  C:\Windows\System32\hgcpl.dll - ok
11:21:51.0597 3264  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
11:21:51.0597 3264  C:\Windows\System32\FXSSVC.exe - ok
11:21:51.0607 3264  [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
11:21:51.0608 3264  C:\Windows\SysWOW64\mscoree.dll - ok
11:21:51.0618 3264  [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
11:21:51.0618 3264  C:\Windows\System32\netman.dll - ok
11:21:51.0625 3264  [ 42EC9065D9BF266ADE924B066C783A56 ] C:\Windows\System32\SearchProtocolHost.exe
11:21:51.0625 3264  C:\Windows\System32\SearchProtocolHost.exe - ok
11:21:51.0635 3264  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] C:\Windows\System32\FntCache.dll
11:21:51.0635 3264  C:\Windows\System32\FntCache.dll - ok
11:21:51.0646 3264  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
11:21:51.0646 3264  C:\Windows\System32\rasdlg.dll - ok
11:21:51.0657 3264  [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
11:21:51.0657 3264  C:\Windows\System32\msshooks.dll - ok
11:21:51.0667 3264  [ 52D56D1013D4F1B99102679314CC5325 ] C:\Windows\System32\SearchFilterHost.exe
11:21:51.0667 3264  C:\Windows\System32\SearchFilterHost.exe - ok
11:21:51.0677 3264  [ ABDBABE3A7D2222B3A0DB1B8B9CAD16E ] C:\Windows\System32\mssph.dll
11:21:51.0677 3264  C:\Windows\System32\mssph.dll - ok
11:21:51.0688 3264  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
11:21:51.0688 3264  C:\Windows\System32\dot3api.dll - ok
11:21:51.0698 3264  [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
11:21:51.0698 3264  C:\Windows\System32\mapi32.dll - ok
11:21:51.0709 3264  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
11:21:51.0709 3264  C:\Windows\System32\WWanAPI.dll - ok
11:21:51.0720 3264  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
11:21:51.0720 3264  C:\Windows\System32\wwapi.dll - ok
11:21:51.0731 3264  [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
11:21:51.0731 3264  C:\Windows\System32\QAGENT.DLL - ok
11:21:51.0743 3264  [ 563DCA8F87235ADEB6442F0D48D98335 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\e81dee3d4dd82874263cf44b62b93e5d\System.Configuration.ni.dll
11:21:51.0743 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\e81dee3d4dd82874263cf44b62b93e5d\System.Configuration.ni.dll - ok
11:21:51.0754 3264  [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
11:21:51.0755 3264  C:\Program Files\Windows Defender\MpSvc.dll - ok
11:21:51.0765 3264  [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
11:21:51.0765 3264  C:\Program Files\Windows Defender\MpClient.dll - ok
11:21:51.0779 3264  [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
11:21:51.0779 3264  C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
11:21:51.0788 3264  [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
11:21:51.0788 3264  C:\Windows\System32\wsock32.dll - ok
11:21:51.0800 3264  [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
11:21:51.0800 3264  C:\Windows\System32\wmdrmdev.dll - ok
11:21:51.0811 3264  [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
11:21:51.0811 3264  C:\Windows\System32\drmv2clt.dll - ok
11:21:51.0822 3264  [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
11:21:51.0822 3264  C:\Windows\System32\wscsvc.dll - ok
11:21:51.0834 3264  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
11:21:51.0834 3264  C:\Windows\System32\wuaueng.dll - ok
11:21:51.0845 3264  [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
11:21:51.0845 3264  C:\Windows\System32\cabinet.dll - ok
11:21:51.0855 3264  [ 97A891E2BF7FDA830BCFC6269DA3F5E9 ] C:\Windows\System32\blackbox.dll
11:21:51.0855 3264  C:\Windows\System32\blackbox.dll - ok
11:21:51.0867 3264  [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
11:21:51.0867 3264  C:\Windows\System32\mspatcha.dll - ok
11:21:51.0874 3264  [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
11:21:51.0874 3264  C:\Windows\System32\wuapi.dll - ok
11:21:51.0885 3264  [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
11:21:51.0885 3264  C:\Windows\System32\wups.dll - ok
11:21:51.0896 3264  [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
11:21:51.0896 3264  C:\Windows\System32\wmp.dll - ok
11:21:51.0907 3264  [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
11:21:51.0908 3264  C:\Windows\System32\wmploc.DLL - ok
11:21:51.0918 3264  [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
11:21:51.0918 3264  C:\Windows\System32\wmpps.dll - ok
11:21:51.0929 3264  [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
11:21:51.0929 3264  C:\Windows\System32\wmpmde.dll - ok
11:21:51.0940 3264  [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
11:21:51.0940 3264  C:\Windows\System32\wups2.dll - ok
11:21:51.0950 3264  [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
11:21:51.0950 3264  C:\Windows\System32\WinSATAPI.dll - ok
11:21:51.0960 3264  [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
11:21:51.0961 3264  C:\Windows\System32\MSMPEG2ENC.DLL - ok
11:21:51.0971 3264  [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
11:21:51.0971 3264  C:\Windows\System32\devenum.dll - ok
11:21:51.0982 3264  [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
11:21:51.0982 3264  C:\Windows\System32\msdmo.dll - ok
11:21:51.0993 3264  [ 99D66187969E53540E8A7AA835C7D129 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
11:21:51.0993 3264  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe - ok
11:21:52.0005 3264  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\msvcr100.dll
11:21:52.0005 3264  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\msvcr100.dll - ok
11:21:52.0016 3264  [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
11:21:52.0016 3264  C:\Windows\System32\upnphost.dll - ok
11:21:52.0027 3264  [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\SysWOW64\quartz.dll
11:21:52.0027 3264  C:\Windows\SysWOW64\quartz.dll - ok
11:21:52.0040 3264  [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
11:21:52.0040 3264  C:\Windows\SysWOW64\d3d9.dll - ok
11:21:52.0048 3264  [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
11:21:52.0049 3264  C:\Windows\SysWOW64\d3d8thk.dll - ok
11:21:52.0059 3264  [ AA0AC5B8C45AF41D1215B156272FC869 ] C:\Windows\SysWOW64\aticfx32.dll
11:21:52.0060 3264  C:\Windows\SysWOW64\aticfx32.dll - ok
11:21:52.0070 3264  [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
11:21:52.0070 3264  C:\Windows\System32\wbem\wmiprov.dll - ok
11:21:52.0082 3264  [ E29F8C496BCE3F3BB894CC2A48481F0C ] C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\59c19260f2a179483d080f84b4f33a4f\WindowsBase.ni.dll
11:21:52.0082 3264  C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\59c19260f2a179483d080f84b4f33a4f\WindowsBase.ni.dll - ok
11:21:52.0093 3264  [ 5D09A0DCE86829EB91A82EA13691CAC6 ] C:\Windows\SysWOW64\atiu9pag.dll
11:21:52.0093 3264  C:\Windows\SysWOW64\atiu9pag.dll - ok
11:21:52.0104 3264  [ EB9F220E8DC22310B199AE6A49B7E168 ] C:\Windows\SysWOW64\atiumdag.dll
11:21:52.0104 3264  C:\Windows\SysWOW64\atiumdag.dll - ok
11:21:52.0115 3264  [ 2402608897A8BCBAC7469A7DB1C874DA ] C:\Windows\SysWOW64\atiumdva.dll
11:21:52.0115 3264  C:\Windows\SysWOW64\atiumdva.dll - ok
11:21:52.0125 3264  [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
11:21:52.0125 3264  C:\Program Files\Windows Defender\MpRTP.dll - ok
11:21:52.0132 3264  [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
11:21:52.0132 3264  C:\Windows\System32\tdh.dll - ok
11:21:52.0142 3264  [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
11:21:52.0142 3264  C:\Windows\System32\udhisapi.dll - ok
11:21:52.0154 3264  [ E5AC79743E58A973CB0A140CDD1B3DC0 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{215A2FCB-72AE-4BDC-B0C7-152BD5E6AE5D}\mpengine.dll
11:21:52.0154 3264  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{215A2FCB-72AE-4BDC-B0C7-152BD5E6AE5D}\mpengine.dll - ok
11:21:52.0164 3264  [ 1F27643C4C626457FCE8F047AE1CD7E1 ] C:\Windows\SysWOW64\dxva2.dll
11:21:52.0164 3264  C:\Windows\SysWOW64\dxva2.dll - ok
11:21:52.0175 3264  [ 66ADDF8355C54BC22462EC5F39B4C4FB ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{215A2FCB-72AE-4BDC-B0C7-152BD5E6AE5D}\mpasbase.vdm
11:21:52.0175 3264  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{215A2FCB-72AE-4BDC-B0C7-152BD5E6AE5D}\mpasbase.vdm - ok
11:21:52.0187 3264  [ B5D68743C83CEEE6BE7F54FFD1843971 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{215A2FCB-72AE-4BDC-B0C7-152BD5E6AE5D}\mpasdlta.vdm
11:21:52.0187 3264  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{215A2FCB-72AE-4BDC-B0C7-152BD5E6AE5D}\mpasdlta.vdm - ok
11:21:52.0198 3264  [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
11:21:52.0198 3264  C:\Program Files\Windows Defender\MsMpLics.dll - ok
11:21:52.0209 3264  [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
11:21:52.0209 3264  C:\Windows\System32\wscapi.dll - ok
11:21:52.0220 3264  [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
11:21:52.0220 3264  C:\Windows\System32\wscisvif.dll - ok
11:21:52.0231 3264  [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
11:21:52.0231 3264  C:\Windows\System32\wscproxystub.dll - ok
11:21:52.0237 3264  ============================================================
11:21:52.0237 3264  Scan finished
11:21:52.0237 3264  ============================================================
11:21:52.0258 3632  Detected object count: 6
11:21:52.0258 3632  Actual detected object count: 6
11:22:38.0276 3632  C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe - copied to quarantine
11:22:38.0277 3632  DirMngr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:22:38.0315 3632  C:\Windows\system32\epmntdrv.sys - copied to quarantine
11:22:38.0315 3632  epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:22:38.0339 3632  C:\Windows\system32\EuGdiDrv.sys - copied to quarantine
11:22:38.0340 3632  EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:22:38.0405 3632  C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine
11:22:38.0406 3632  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:22:38.0406 3632  OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
11:22:38.0407 3632  OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:22:38.0434 3632  C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe - copied to quarantine
11:22:38.0435 3632  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
 

Also highjack this continues to detect around 30 threats, here's that log aswell:

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 10:55:52
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : NotNick - NOTNICK-PC
# Boot Mode : Normal
# Running from : C:\Users\NotNick\Desktop\adwcleaner(2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\NotNick\AppData\Local\Conduit
Folder Deleted : C:\Users\NotNick\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\NotNick\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1807 octets] - [28/05/2013 10:55:52]

########## EOF - C:\AdwCleaner[S1].txt - [1867 octets] ##########



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 PM

Posted 29 May 2013 - 07:47 AM


Lets continue.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 PM

Posted 04 June 2013 - 09:12 AM

Are you still with me?

#7 ihackedthegibson

ihackedthegibson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 06 June 2013 - 09:57 AM

Are you still with me?

I ran combofix for 6 hours and it wasn't even halfway through scanning my C drive



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 PM

Posted 06 June 2013 - 10:10 AM

This tool should run faster.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.

#9 ihackedthegibson

ihackedthegibson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 06 June 2013 - 11:09 AM

OTL.txt:

OTL logfile created on: 6/6/2013 8:44:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\NotNick\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 82.99% Memory free
15.72 Gb Paging File | 14.38 Gb Available in Paging File | 91.49% Paging File free
Paging file location(s): c:\pagefile.sys 12000 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.96 Gb Total Space | 6.31 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive F: | 48.16 Gb Total Space | 32.93 Gb Free Space | 68.36% Space Free | Partition Type: EXT3
Drive K: | 244.96 Gb Total Space | 6.31 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive V: | 162.61 Gb Total Space | 5.50 Gb Free Space | 3.38% Space Free | Partition Type: EXT3
 
Computer Name: NOTNICK-PC | User Name: NotNick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/06 08:36:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NotNick\Desktop\OTL(1).exe
PRC - [2013/06/04 08:42:36 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\bin\rubyw.exe
PRC - [2013/06/04 08:42:34 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\bin\rubyw.exe
PRC - [2013/05/29 11:10:31 | 000,176,128 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
PRC - [2013/05/29 11:10:30 | 009,184,240 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
PRC - [2013/05/29 11:10:30 | 000,510,464 | ---- | M] () -- C:\Program Files\pia_manager\openvpn.exe
PRC - [2013/05/16 01:40:52 | 000,339,968 | ---- | M] (g10 Code GmbH) -- C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe
PRC - [2013/05/16 01:40:52 | 000,304,128 | ---- | M] (g10 Code GmbH) -- C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
PRC - [2013/04/17 06:09:20 | 000,635,392 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/04 08:42:39 | 000,027,648 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2013/06/04 08:42:37 | 000,274,944 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
MOD - [2013/06/04 08:42:37 | 000,126,976 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2013/06/04 08:42:37 | 000,120,832 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
MOD - [2013/06/04 08:42:37 | 000,118,784 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
MOD - [2013/06/04 08:42:37 | 000,094,208 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2013/06/04 08:42:37 | 000,087,552 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2013/06/04 08:42:37 | 000,036,352 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
MOD - [2013/06/04 08:42:37 | 000,029,184 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2013/06/04 08:42:37 | 000,026,624 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
MOD - [2013/06/04 08:42:37 | 000,023,552 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
MOD - [2013/06/04 08:42:37 | 000,015,360 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
MOD - [2013/06/04 08:42:37 | 000,014,848 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2013/06/04 08:42:37 | 000,012,800 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2013/06/04 08:42:37 | 000,009,728 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2013/06/04 08:42:37 | 000,009,216 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2013/06/04 08:42:37 | 000,008,704 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
MOD - [2013/06/04 08:42:37 | 000,008,704 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
MOD - [2013/06/04 08:42:37 | 000,008,704 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
MOD - [2013/06/04 08:42:37 | 000,008,704 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
MOD - [2013/06/04 08:42:37 | 000,008,192 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
MOD - [2013/06/04 08:42:36 | 002,163,940 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\bin\libeay32-1.0.0-msvcrt.dll
MOD - [2013/06/04 08:42:36 | 000,459,458 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\bin\ssleay32-1.0.0-msvcrt.dll
MOD - [2013/06/04 08:42:36 | 000,104,448 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\bin\ZLIB1.dll
MOD - [2013/06/04 08:42:36 | 000,094,208 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2013/06/04 08:42:35 | 000,126,976 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2013/06/04 08:42:35 | 000,094,208 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2013/06/04 08:42:35 | 000,087,552 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2013/06/04 08:42:35 | 000,029,184 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2013/06/04 08:42:35 | 000,027,648 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2013/06/04 08:42:35 | 000,014,848 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2013/06/04 08:42:35 | 000,012,800 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2013/06/04 08:42:35 | 000,009,728 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2013/06/04 08:42:35 | 000,009,216 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2013/06/04 08:42:34 | 000,094,208 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2013/05/29 11:10:33 | 000,059,904 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
MOD - [2013/05/29 11:10:31 | 001,234,944 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
MOD - [2013/05/29 11:10:31 | 001,198,592 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
MOD - [2013/05/29 11:10:31 | 000,815,104 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
MOD - [2013/05/29 11:10:31 | 000,745,472 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
MOD - [2013/05/29 11:10:31 | 000,642,048 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
MOD - [2013/05/29 11:10:31 | 000,511,488 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
MOD - [2013/05/29 11:10:31 | 000,344,064 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
MOD - [2013/05/29 11:10:31 | 000,290,816 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
MOD - [2013/05/29 11:10:31 | 000,176,128 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
MOD - [2013/05/29 11:10:30 | 009,184,240 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
MOD - [2013/05/29 11:10:30 | 000,510,464 | ---- | M] () -- C:\Program Files\pia_manager\openvpn.exe
MOD - [2013/05/29 11:10:30 | 000,376,832 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
MOD - [2013/05/29 11:10:30 | 000,217,088 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
MOD - [2013/05/29 11:10:30 | 000,200,704 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
MOD - [2013/05/29 11:10:30 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
MOD - [2013/05/29 11:10:30 | 000,090,112 | ---- | M] () -- C:\Program Files\pia_manager\lzo2.dll
MOD - [2013/05/16 01:26:16 | 000,627,712 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
MOD - [2013/05/16 01:25:26 | 000,221,184 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
MOD - [2013/05/16 01:25:14 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
MOD - [2013/05/16 01:22:48 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
MOD - [2013/05/16 01:21:10 | 000,050,176 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
MOD - [2013/04/29 03:22:14 | 000,247,747 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libexpat.dll
MOD - [2013/04/17 06:09:20 | 000,635,392 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/24 12:46:40 | 002,122,224 | ---- | M] (GlavSoft LLC.) [Auto | Stopped] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/12/19 12:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/05 12:29:08 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/24 12:48:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/24 11:26:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/16 01:31:22 | 000,218,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/25 19:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2011/12/15 10:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2013/06/05 04:57:02 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013/05/11 00:23:31 | 000,041,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys -- (ERmvrDrv)
DRV:64bit: - [2013/04/12 11:41:28 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/31 02:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/12/19 13:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 12:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 04:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/10 20:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/04/13 11:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012/04/13 11:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/15 10:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/09 02:32:08 | 000,769,816 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/01 12:09:50 | 000,224,488 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2010/07/01 12:09:50 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/07 09:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/10/05 13:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 B4 D7 84 C2 BB CD 01  [binary data]
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "*"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.http: "*"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "*"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "*"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/05 14:41:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/11/08 22:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Extensions
[2012/11/06 12:34:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\extensions
[2012/11/06 12:34:05 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/05/29 10:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions
[2013/02/25 22:52:27 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/05/29 10:39:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/26 04:36:15 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/09 09:17:30 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/09 09:07:46 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/05/09 22:26:07 | 000,010,316 | ---- | M] () -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\searchplugins\duckduckgo.xml
[2013/05/24 12:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/24 12:48:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\NotNick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamlnbcjjkcgabjgbhdkjncianpaah\12.44960_0\
CHR - Extension: AdBlock = C:\Users\NotNick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found
O4 - HKU\S-1-5-21-2960442759-1352089658-152752919-1000..\Run: [uTorrent] C:\Users\NotNick\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B9460B-E16A-49E5-A94E-2164CB3AC71D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C7B7D8D-E19E-4E93-98E1-2602D4DD4877}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7008BB09-C8F3-4271-B5A6-824D822D53C6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B73E5525-1257-46C6-8EA1-E98F511D1F02}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL:  -  - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/06 08:36:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NotNick\Desktop\OTL(1).exe
[2013/06/05 14:41:41 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\Thunderbird
[2013/06/05 14:41:40 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Thunderbird
[2013/06/05 14:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/06/05 04:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013/06/04 19:45:47 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\TightVNC
[2013/06/04 19:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
[2013/06/04 19:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2013/06/04 19:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TightVNC
[2013/06/04 01:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.1
[2013/06/04 01:31:11 | 000,000,000 | ---D | C] -- C:\Python31
[2013/06/03 16:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX420 series
[2013/06/03 16:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2013/06/03 16:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/06/03 16:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013/06/03 16:03:46 | 000,315,392 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC420L.dll
[2013/06/03 16:03:46 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC420U.dll
[2013/06/03 16:03:46 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2013/06/03 16:03:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX
[2013/06/03 16:03:08 | 000,366,592 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNMNPPM.DLL
[2013/06/03 16:03:08 | 000,359,936 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6PPM.DLL
[2013/06/03 16:03:08 | 000,039,424 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6UI.DLL
[2013/06/03 16:03:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2013/06/03 16:02:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/06/03 16:02:45 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013/06/03 16:02:31 | 000,248,320 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMIUAM.DLL
[2013/06/03 16:02:19 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/06/03 14:50:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/03 14:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2013/06/03 14:39:57 | 000,000,000 | ---D | C] -- C:\Windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
[2013/05/29 23:33:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/29 22:00:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/29 22:00:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/29 22:00:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/29 22:00:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/29 22:00:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/29 13:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
[2013/05/29 13:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\HexChat
[2013/05/29 11:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2013/05/29 11:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Maker
[2013/05/29 00:41:01 | 000,000,000 | R--D | C] -- C:\Users\NotNick\Documents\Scanned Documents
[2013/05/29 00:41:00 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Fax
[2013/05/28 12:55:36 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/05/28 12:55:36 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/05/28 12:55:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/05/28 12:55:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/05/28 12:49:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/28 12:49:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/28 12:49:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/28 12:49:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/28 12:49:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/28 12:49:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/28 12:49:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/28 12:49:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/28 12:49:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/28 12:49:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/28 12:49:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/28 12:49:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/28 12:49:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/28 12:49:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/28 12:49:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/28 12:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/05/28 12:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/05/28 11:36:41 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\NotNick\Desktop\dds(1).com
[2013/05/28 11:24:22 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\ElevatedDiagnostics
[2013/05/28 11:15:24 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\NotNick\Desktop\tdsskiller(1).exe
[2013/05/28 11:06:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/28 10:49:20 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\RK_Quarantine
[2013/05/28 10:42:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\NotNick\Desktop\JRT.exe
[2013/05/28 01:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OWASP
[2013/05/28 01:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OWASP
[2013/05/27 08:08:04 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\GNU
[2013/05/27 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\.kde
[2013/05/27 08:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
[2013/05/27 08:01:54 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\gnupg
[2013/05/27 08:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GNU
[2013/05/27 08:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2013/05/26 22:26:28 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\uTorrent
[2013/05/26 05:58:24 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/05/26 05:58:24 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/05/26 05:58:23 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/26 05:58:23 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/26 05:58:12 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/26 05:58:12 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/26 05:58:11 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/26 05:58:11 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/26 05:58:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/26 05:58:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/26 05:57:59 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/26 05:57:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/26 05:57:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/26 05:57:58 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/26 05:57:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rndismpx.sys
[2013/05/26 05:57:52 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/05/26 05:57:52 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/26 05:57:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/05/26 05:57:48 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/05/26 05:57:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/05/26 05:57:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/05/26 05:57:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/05/26 05:57:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/05/26 05:57:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/05/26 05:57:46 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/05/26 05:57:33 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/05/26 05:57:32 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/26 05:57:32 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/26 05:57:31 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/26 05:57:31 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/26 05:57:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/26 05:57:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/26 04:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/26 04:00:04 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/05/26 04:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/05/26 03:55:23 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\GrantPerms
[2013/05/26 03:54:28 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\getservice
[2013/05/26 02:27:24 | 005,075,099 | R--- | C] (Swearware) -- C:\Users\NotNick\Desktop\ComboFix.exe
[2013/05/26 02:19:00 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\NotNick\Desktop\procexp.exe
[2013/05/25 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\NotNick\wireshark
[2013/05/25 15:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2013/05/25 15:57:33 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\ManyCam
[2013/05/25 15:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2013/05/25 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\ManyCam
[2013/05/25 15:57:24 | 000,044,928 | ---- | C] (ManyCam LLC) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys
[2013/05/25 15:56:05 | 000,519,304 | ---- | C] (Ask Partner Network) -- C:\Users\NotNick\Documents\APNSetup1.exe
[2013/05/25 15:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/05/25 15:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2013/05/24 21:08:55 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/05/24 21:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/05/24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pidgin-otr
[2013/05/24 20:45:25 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\.purple
[2013/05/24 20:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2013/05/24 20:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sapphire TRIXX
[2013/05/24 12:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/24 12:39:40 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\cgminer-3.1.0-windows
[2013/05/24 11:46:09 | 013,946,234 | ---- | C] (MSI Co., LTD                                                ) -- C:\Users\NotNick\Desktop\MSI_Kombustor_Setup_2.5.0.exe
[2013/05/24 11:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/05/24 11:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/05/24 11:09:25 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\cgminer-3.1.1-windows
[2013/05/24 08:05:51 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\Apple Computer
[2013/05/24 08:05:50 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Titanium
[2013/05/24 08:05:50 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Apple Computer
[2013/05/24 08:05:29 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
[2013/05/24 08:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\pia_manager
[2013/05/11 02:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/11 01:43:38 | 000,000,000 | ---D | C] -- C:\Users\NotNick\kaminanda
[2013/05/10 17:27:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Netwide Assembler 2.10.07
[2013/05/10 17:27:12 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\nasm
[2013/05/10 17:26:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Subversion
[2013/05/10 16:12:22 | 001,045,128 | ---- | C] (Microsoft Corporation) -- C:\Users\NotNick\Desktop\dbghelp.dll
[2013/05/10 00:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013/05/10 00:07:01 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Downloads
[2013/05/10 00:06:59 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\HexChat
[2013/05/09 19:54:51 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Untitledr
[2013/05/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Videos
[2013/05/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Podcasts
[2013/05/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Music
[2013/05/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Audiobooks
[2013/05/09 16:24:27 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\gtk-2.0
[2013/05/09 16:20:45 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\.cache
[2013/05/09 16:20:23 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\banshee-1
[2013/05/09 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[8 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\NotNick\*.tmp files -> C:\Users\NotNick\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/06 08:41:01 | 000,000,600 | ---- | M] () -- C:\Users\NotNick\AppData\Local\PUTTY.RND
[2013/06/06 08:40:00 | 000,000,218 | ---- | M] () -- C:\Users\NotNick\AppData\Local\recently-used.xbel
[2013/06/06 08:36:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NotNick\Desktop\OTL(1).exe
[2013/06/06 08:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/06 08:04:49 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 08:04:49 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/05 14:41:48 | 000,002,110 | ---- | M] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/06/05 14:41:37 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013/06/05 07:26:24 | 000,669,481 | ---- | M] () -- C:\Users\NotNick\Desktop\KERNELBASE.udd
[2013/06/05 07:26:24 | 000,079,061 | ---- | M] () -- C:\Users\NotNick\Desktop\ChromeSetup.udd
[2013/06/05 07:26:24 | 000,007,490 | ---- | M] () -- C:\Users\NotNick\Desktop\ollydbg.ini
[2013/06/05 07:26:24 | 000,000,157 | ---- | M] () -- C:\Users\NotNick\Desktop\ntdll.udd
[2013/06/05 05:33:52 | 000,005,899 | ---- | M] () -- C:\Users\NotNick\Desktop\test.asm
[2013/06/05 04:57:06 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013/06/05 04:57:02 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013/06/05 04:33:41 | 000,079,060 | ---- | M] () -- C:\Users\NotNick\Desktop\ChromeSetup.bak
[2013/06/04 15:07:15 | 000,718,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/04 15:07:15 | 000,612,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/04 15:07:15 | 000,110,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/04 13:08:11 | 000,319,542 | ---- | M] () -- C:\Users\NotNick\Desktop\IEDiag.cab
[2013/06/04 01:40:38 | 000,007,788 | ---- | M] () -- C:\Users\NotNick\Desktop\test.py
[2013/06/03 23:52:30 | 000,002,935 | ---- | M] () -- C:\Users\NotNick\Desktop\nig.py
[2013/06/03 21:56:17 | 000,000,820 | ---- | M] () -- C:\Users\NotNick\Desktop\nig1.py
[2013/06/03 16:03:48 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2013/06/03 14:49:04 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013/06/03 14:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 14:48:10 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/30 04:50:13 | 448,372,736 | ---- | M] () -- C:\Users\NotNick\Documents\capture-18.camrec
[2013/05/30 04:49:43 | 000,005,632 | ---- | M] () -- C:\Users\NotNick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/29 22:13:08 | 005,075,099 | R--- | M] (Swearware) -- C:\Users\NotNick\Desktop\ComboFix.exe
[2013/05/29 11:55:24 | 000,001,060 | ---- | M] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2013/05/29 11:55:24 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013/05/28 14:48:03 | 286,887,936 | ---- | M] () -- C:\Users\NotNick\Documents\capture-17.camrec
[2013/05/28 14:06:19 | 000,272,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/28 13:21:23 | 000,785,994 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/28 10:42:45 | 000,632,031 | ---- | M] () -- C:\Users\NotNick\Desktop\adwcleaner(2).exe
[2013/05/28 10:42:41 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\NotNick\Desktop\JRT.exe
[2013/05/28 10:42:33 | 000,791,040 | ---- | M] () -- C:\Users\NotNick\Desktop\RogueKillerX64.exe
[2013/05/28 09:40:27 | 129,818,624 | ---- | M] () -- C:\Users\NotNick\Documents\capture-15.camrec
[2013/05/28 09:40:25 | 129,818,624 | ---- | M] () -- C:\Users\NotNick\Documents\capture-16.camrec
[2013/05/28 01:03:11 | 000,002,034 | ---- | M] () -- C:\Users\NotNick\Desktop\OWASP ZAP 2.1.0.lnk
[2013/05/26 22:28:16 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/26 22:28:16 | 000,000,835 | ---- | M] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/05/26 05:10:27 | 000,258,842 | ---- | M] () -- C:\Users\NotNick\Documents\cc_20130526_051023.reg
[2013/05/26 04:22:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/26 04:00:04 | 000,002,985 | ---- | M] () -- C:\Users\NotNick\Desktop\HiJackThis.lnk
[2013/05/26 02:43:18 | 000,000,000 | ---- | M] () -- C:\Users\NotNick\defogger_reenable
[2013/05/26 02:27:36 | 000,062,565 | ---- | M] () -- C:\Users\NotNick\Documents\Vba32ArkitLog.html
[2013/05/26 02:27:36 | 000,008,040 | ---- | M] () -- C:\Users\NotNick\Documents\Vba32ArkitLog.zip
[2013/05/26 02:17:54 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\NotNick\Desktop\dds(1).com
[2013/05/26 02:17:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\NotNick\Desktop\tdsskiller(1).exe
[2013/05/26 00:05:55 | 000,001,326 | ---- | M] () -- C:\Users\NotNick\Documents\gfd.reg
[2013/05/26 00:02:48 | 000,001,604 | ---- | M] () -- C:\Users\NotNick\Documents\asdf.reg
[2013/05/26 00:02:27 | 000,001,414 | ---- | M] () -- C:\Users\NotNick\Documents\gfhf.reg
[2013/05/25 15:57:53 | 000,001,101 | ---- | M] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/05/25 15:57:53 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/05/24 22:08:06 | 000,000,000 | ---- | M] () -- C:\Users\NotNick\test.py
[2013/05/24 22:08:06 | 000,000,000 | ---- | M] () -- C:\Users\NotNick\%WinDir%
[2013/05/24 22:08:06 | 000,000,000 | ---- | M] () -- C:\Users\NotNick\%temp%
[2013/05/24 11:52:09 | 000,001,086 | ---- | M] () -- C:\Users\NotNick\Desktop\MSI Afterburner.lnk
[2013/05/24 11:26:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/24 11:26:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/24 07:11:59 | 000,000,289 | ---- | M] () -- C:\Users\NotNick\Desktop\cfg.json
[2013/05/23 18:37:34 | 000,011,515 | ---- | M] () -- C:\Users\NotNick\Desktop\report.html
[2013/05/11 00:23:31 | 000,041,328 | ---- | M] () -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys
[2013/05/10 17:27:12 | 000,001,906 | ---- | M] () -- C:\Users\NotNick\Desktop\nasm.lnk
[2013/05/10 15:51:52 | 000,207,687 | ---- | M] () -- C:\Users\NotNick\Desktop\peel.py
[2013/05/10 00:17:56 | 159,243,728 | ---- | M] () -- C:\Users\NotNick\Documents\capture-15.avi
[2013/05/09 19:32:19 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Install Microsoft Mouse and Keyboard Center.lnk
[2013/05/09 16:06:17 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/09 09:41:32 | 000,047,164 | ---- | M] () -- C:\Users\NotNick\Desktop\Untitled.png
[2013/05/09 09:40:23 | 000,039,559 | ---- | M] () -- C:\Users\NotNick\Untitled.png
[2013/05/09 09:21:19 | 005,439,488 | ---- | M] () -- C:\Users\NotNick\Desktop\bbb.dat
[8 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\NotNick\*.tmp files -> C:\Users\NotNick\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/06 08:40:00 | 000,000,218 | ---- | C] () -- C:\Users\NotNick\AppData\Local\recently-used.xbel
[2013/06/05 14:41:37 | 000,002,110 | ---- | C] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/06/05 14:41:37 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013/06/05 14:41:37 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013/06/05 07:26:24 | 000,669,481 | ---- | C] () -- C:\Users\NotNick\Desktop\KERNELBASE.udd
[2013/06/05 07:26:24 | 000,000,157 | ---- | C] () -- C:\Users\NotNick\Desktop\ntdll.udd
[2013/06/05 05:02:35 | 000,005,899 | ---- | C] () -- C:\Users\NotNick\Desktop\test.asm
[2013/06/05 04:33:41 | 000,079,061 | ---- | C] () -- C:\Users\NotNick\Desktop\ChromeSetup.udd
[2013/06/05 04:33:41 | 000,079,060 | ---- | C] () -- C:\Users\NotNick\Desktop\ChromeSetup.bak
[2013/06/05 04:28:07 | 000,007,490 | ---- | C] () -- C:\Users\NotNick\Desktop\ollydbg.ini
[2013/06/05 03:42:08 | 000,011,515 | ---- | C] () -- C:\Users\NotNick\Desktop\report.html
[2013/06/04 13:08:11 | 000,319,542 | ---- | C] () -- C:\Users\NotNick\Desktop\IEDiag.cab
[2013/06/04 03:47:15 | 000,078,116 | ---- | C] () -- C:\Users\NotNick\Desktop\start.exe
[2013/06/04 01:33:35 | 000,007,788 | ---- | C] () -- C:\Users\NotNick\Desktop\test.py
[2013/06/03 21:56:17 | 000,000,820 | ---- | C] () -- C:\Users\NotNick\Desktop\nig1.py
[2013/06/03 21:43:18 | 000,002,935 | ---- | C] () -- C:\Users\NotNick\Desktop\nig.py
[2013/06/03 16:03:48 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2013/06/03 16:03:46 | 000,015,104 | ---- | C] () -- C:\Windows\SysWow64\CNC174FD.TBL
[2013/05/30 04:49:59 | 448,372,736 | ---- | C] () -- C:\Users\NotNick\Documents\capture-18.camrec
[2013/05/29 22:00:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/29 22:00:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/29 22:00:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/29 22:00:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/29 22:00:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/29 12:01:48 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013/05/28 14:47:55 | 286,887,936 | ---- | C] () -- C:\Users\NotNick\Documents\capture-17.camrec
[2013/05/28 10:58:13 | 000,272,872 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/28 10:42:28 | 000,791,040 | ---- | C] () -- C:\Users\NotNick\Desktop\RogueKillerX64.exe
[2013/05/28 10:42:22 | 000,632,031 | ---- | C] () -- C:\Users\NotNick\Desktop\adwcleaner(2).exe
[2013/05/28 09:40:19 | 129,818,624 | ---- | C] () -- C:\Users\NotNick\Documents\capture-16.camrec
[2013/05/28 09:40:16 | 129,818,624 | ---- | C] () -- C:\Users\NotNick\Documents\capture-15.camrec
[2013/05/28 01:03:11 | 000,002,034 | ---- | C] () -- C:\Users\NotNick\Desktop\OWASP ZAP 2.1.0.lnk
[2013/05/26 22:28:16 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/26 22:28:16 | 000,000,835 | ---- | C] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/05/26 05:10:25 | 000,258,842 | ---- | C] () -- C:\Users\NotNick\Documents\cc_20130526_051023.reg
[2013/05/26 04:22:16 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/26 04:00:04 | 000,002,985 | ---- | C] () -- C:\Users\NotNick\Desktop\HiJackThis.lnk
[2013/05/26 02:43:18 | 000,000,000 | ---- | C] () -- C:\Users\NotNick\defogger_reenable
[2013/05/26 02:19:00 | 000,072,154 | ---- | C] () -- C:\Users\NotNick\Desktop\procexp.chm
[2013/05/26 00:25:28 | 000,062,565 | ---- | C] () -- C:\Users\NotNick\Documents\Vba32ArkitLog.html
[2013/05/26 00:25:28 | 000,008,040 | ---- | C] () -- C:\Users\NotNick\Documents\Vba32ArkitLog.zip
[2013/05/26 00:05:55 | 000,001,326 | ---- | C] () -- C:\Users\NotNick\Documents\gfd.reg
[2013/05/26 00:02:48 | 000,001,604 | ---- | C] () -- C:\Users\NotNick\Documents\asdf.reg
[2013/05/26 00:02:27 | 000,001,414 | ---- | C] () -- C:\Users\NotNick\Documents\gfhf.reg
[2013/05/25 15:57:53 | 000,001,101 | ---- | C] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/05/25 15:57:53 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/05/24 22:36:45 | 000,000,000 | ---- | C] () -- C:\Users\NotNick\%temp%
[2013/05/24 22:10:01 | 000,000,000 | ---- | C] () -- C:\Users\NotNick\%WinDir%
[2013/05/24 22:08:06 | 000,000,000 | ---- | C] () -- C:\Users\NotNick\test.py
[2013/05/24 20:45:10 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2013/05/24 11:52:09 | 000,001,086 | ---- | C] () -- C:\Users\NotNick\Desktop\MSI Afterburner.lnk
[2013/05/24 11:46:09 | 009,180,976 | ---- | C] () -- C:\Users\NotNick\Desktop\MSIAfterburnerSetup231.exe
[2013/05/11 00:23:31 | 000,041,328 | ---- | C] () -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys
[2013/05/10 19:34:43 | 000,798,720 | ---- | C] () -- C:\Windows\yasm.exe
[2013/05/10 17:27:12 | 000,001,906 | ---- | C] () -- C:\Users\NotNick\Desktop\nasm.lnk
[2013/05/10 16:12:35 | 001,117,696 | ---- | C] () -- C:\Users\NotNick\Desktop\OLLYDBG.EXE
[2013/05/10 16:12:22 | 000,063,488 | ---- | C] () -- C:\Users\NotNick\Desktop\Cmdline.dll
[2013/05/10 16:12:22 | 000,055,808 | ---- | C] () -- C:\Users\NotNick\Desktop\BOOKMARK.DLL
[2013/05/10 15:51:50 | 000,207,687 | ---- | C] () -- C:\Users\NotNick\Desktop\peel.py
[2013/05/10 00:21:27 | 159,243,728 | ---- | C] () -- C:\Users\NotNick\Documents\capture-15.avi
[2013/05/10 00:20:09 | 000,001,060 | ---- | C] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2013/05/10 00:20:09 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013/05/09 19:32:19 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Install Microsoft Mouse and Keyboard Center.lnk
[2013/05/09 16:06:17 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/09 09:40:23 | 000,039,559 | ---- | C] () -- C:\Users\NotNick\Untitled.png
[2013/05/09 09:21:15 | 005,439,488 | ---- | C] () -- C:\Users\NotNick\Desktop\bbb.dat
[2013/04/01 03:00:18 | 000,802,816 | ---- | C] () -- C:\Users\NotNick\__db.005
[2013/04/01 03:00:18 | 000,270,336 | ---- | C] () -- C:\Users\NotNick\__db.003
[2013/04/01 03:00:18 | 000,212,992 | ---- | C] () -- C:\Users\NotNick\__db.002
[2013/04/01 03:00:18 | 000,163,840 | ---- | C] () -- C:\Users\NotNick\__db.004
[2013/04/01 03:00:18 | 000,049,152 | ---- | C] () -- C:\Users\NotNick\__db.006
[2013/04/01 03:00:18 | 000,024,576 | ---- | C] () -- C:\Users\NotNick\__db.001
[2013/04/01 02:58:50 | 000,802,816 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.005
[2013/04/01 02:58:50 | 000,270,336 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.003
[2013/04/01 02:58:50 | 000,212,992 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.002
[2013/04/01 02:58:50 | 000,163,840 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.004
[2013/04/01 02:58:50 | 000,049,152 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.006
[2013/04/01 02:58:50 | 000,024,576 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.001
[2013/03/16 17:37:27 | 010,485,760 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\log.0000000001
[2013/03/16 17:34:43 | 010,485,760 | ---- | C] () -- C:\Users\NotNick\log.0000000001
[2013/01/18 04:25:41 | 000,326,747 | ---- | C] () -- C:\Users\NotNick\SatoshiRoller - Copy.wallet
[2013/01/17 19:57:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/01/05 11:42:44 | 008,151,040 | ---- | C] () -- C:\Users\NotNick\wallet.dat
[2013/01/04 16:28:48 | 000,876,544 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\wallet1.dat
[2013/01/03 03:23:22 | 000,005,632 | ---- | C] () -- C:\Users\NotNick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/02 22:30:27 | 000,009,758 | ---- | C] () -- C:\Users\NotNick\secring.gpg
[2013/01/02 22:30:27 | 000,007,856 | ---- | C] () -- C:\Users\NotNick\gpg.conf
[2013/01/02 22:30:27 | 000,004,442 | ---- | C] () -- C:\Users\NotNick\pubring.gpg~
[2013/01/02 22:30:27 | 000,004,442 | ---- | C] () -- C:\Users\NotNick\pubring.gpg
[2013/01/02 22:30:27 | 000,001,360 | ---- | C] () -- C:\Users\NotNick\trustdb.gpg
[2013/01/02 22:30:27 | 000,000,600 | ---- | C] () -- C:\Users\NotNick\random_seed
[2013/01/02 22:29:50 | 000,006,710 | ---- | C] () -- C:\Users\NotNick\nick-privkey.asc
[2013/01/02 22:29:50 | 000,003,109 | ---- | C] () -- C:\Users\NotNick\nick-pubkey.asc
[2012/12/31 14:07:50 | 000,000,111 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\profiles.ini
[2012/12/18 08:05:40 | 000,001,049 | ---- | C] () -- C:\Users\NotNick\Documents - Shortcut.lnk
[2012/12/18 07:45:41 | 000,007,596 | ---- | C] () -- C:\Users\NotNick\AppData\Local\resmon.resmoncfg
[2012/12/17 20:26:17 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/12/17 20:26:17 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/12/17 20:26:17 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/12/17 20:26:17 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/12/17 20:26:17 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/11/27 22:23:46 | 000,000,600 | ---- | C] () -- C:\Users\NotNick\AppData\Local\PUTTY.RND
[2012/11/11 15:29:25 | 000,000,095 | ---- | C] () -- C:\Users\NotNick\AppData\Local\fusioncache.dat
[2012/11/07 10:41:59 | 000,785,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/05 19:21:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/28 12:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/07/03 22:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/03 22:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/27 08:08:39 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\.kde
[2012/12/28 01:49:10 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\.minecraft
[2013/06/06 08:40:31 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\.purple
[2013/01/10 01:23:28 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Arduino
[2013/05/25 00:35:26 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\banshee-1
[2013/05/27 08:31:52 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Bitcoin
[2012/12/31 14:07:50 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Crash Reports
[2013/05/26 04:26:56 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\FileZilla
[2013/06/04 04:27:01 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\gnupg
[2013/06/06 08:39:59 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\HexChat
[2013/06/04 23:51:24 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Litecoin
[2012/11/05 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\LolClient
[2013/05/25 15:58:15 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\ManyCam
[2013/02/01 23:17:36 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\NetBeans
[2012/11/20 21:37:01 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Notepad++
[2012/11/21 22:47:15 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\poclbm
[2012/11/19 11:42:43 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\PowerISO
[2013/05/09 13:45:32 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\PPCoin
[2012/12/31 14:07:50 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Profiles
[2013/05/10 17:26:13 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Subversion
[2013/01/03 03:57:10 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\TechSmith
[2013/06/05 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Thunderbird
[2013/06/04 19:45:47 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\TightVNC
[2013/05/24 08:05:50 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Titanium
[2013/05/09 15:07:26 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\TrueCrypt
[2013/06/04 10:07:18 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\uTorrent
[2012/12/01 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\X-Chat 2
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/01 22:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 21:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 20:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 20:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 20:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 20:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 20:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: SERVICES  >
[2013/05/25 22:16:22 | 002,582,484 | ---- | M] () MD5=20FB933A196966A5039142927475F343 -- C:\Users\NotNick\wireshark\services
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\System32\drivers\etc\services
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7601.17514_none_62ab07dd0dfa85aa\services
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\System32\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.17514_none_2d85c5d6e3e88b4b\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/20 09:03:50 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\System32\en-US\services.exe.mui
[2010/11/20 09:03:50 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c8234c863c94b802\services.exe.mui
[2011/04/12 01:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 01:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.JAVA.VIR  >
[2012/12/29 03:34:32 | 000,007,330 | ---- | M] () MD5=C022C9C5477DA9D8C2B16B21A4042541 -- C:\Qoobox\Quarantine\C\Users\NotNick\123\adt-bundle-linux-x86_64\sdk\sources\android-17\org\apache\harmony\security\fortress\Services.java.vir
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\System32\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.17514_none_2d85c5d6e3e88b4b\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 01:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 01:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 01:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 01:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.17514_none_2d85c5d6e3e88b4b\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.SETTINGS  >
[2013/02/01 23:31:46 | 000,001,622 | ---- | M] () MD5=81E136EBBD0008284F9A2F23402FF2CF -- C:\Users\NotNick\AppData\Roaming\NetBeans\7.2.1\config\Windows2Local\Components\services.settings
 
< MD5 for: SERVICES.WSTCGRP  >
[2013/02/01 23:31:46 | 000,000,224 | ---- | M] () MD5=4C0234F9B3F49A3484CE64025050D7A7 -- C:\Users\NotNick\AppData\Roaming\NetBeans\7.2.1\config\Windows2Local\Groups\OpenedProjects\services.wstcgrp
[2013/02/01 23:31:46 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\NotNick\AppData\Roaming\NetBeans\7.2.1\config\Windows2Local\Groups\InitialLayout\services.wstcgrp
 
< MD5 for: SERVICES.WSTCREF  >
[2013/02/01 23:31:46 | 000,000,129 | ---- | M] () MD5=73E5717A2B2C3FF0F7ED6EFDD0A658B3 -- C:\Users\NotNick\AppData\Roaming\NetBeans\7.2.1\config\Windows2Local\Modes\explorer\services.wstcref
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\System32\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17514_none_13e15f101bed4826\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\System32\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\System32\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Recovery\ea9ab443-27ae-11e2-8dd1-96c26eec6b9f\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< End of report >
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 PM

Posted 06 June 2013 - 12:51 PM

We will remove these items from the registry.

Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
CHR - Extension: Ask Toolbar = C:\Users\NotNick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamlnbcjjkcgabjgbhdkjncianpaah\12.44960_0\
O3 - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21 - SSODL:  -  - No CLSID value found.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Please close all running programs and run the DDS tool one more time.
Do not enable these options this time.
#Option Extended Search is enabled.
#Option Whitelisting is disabled.

===

While I check your logs run this on-line scan.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#11 ihackedthegibson

ihackedthegibson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 06 June 2013 - 01:23 PM

OTL:

OTL logfile created on: 6/6/2013 10:56:04 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\NotNick\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 49.18% Memory free
15.72 Gb Paging File | 12.63 Gb Available in Paging File | 80.33% Paging File free
Paging file location(s): c:\pagefile.sys 12000 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.96 Gb Total Space | 5.70 Gb Free Space | 2.33% Space Free | Partition Type: NTFS
Drive F: | 48.16 Gb Total Space | 32.93 Gb Free Space | 68.36% Space Free | Partition Type: EXT3
Drive K: | 244.96 Gb Total Space | 5.70 Gb Free Space | 2.33% Space Free | Partition Type: NTFS
Drive V: | 162.61 Gb Total Space | 5.50 Gb Free Space | 3.38% Space Free | Partition Type: EXT3
 
Computer Name: NOTNICK-PC | User Name: NotNick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/06 08:36:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NotNick\Desktop\OTL(1).exe
PRC - [2013/06/05 12:29:08 | 001,641,896 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/06/05 12:29:08 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/06/04 08:42:36 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\bin\rubyw.exe
PRC - [2013/06/04 08:42:34 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\bin\rubyw.exe
PRC - [2013/05/29 11:10:31 | 000,176,128 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
PRC - [2013/05/29 11:10:30 | 009,184,240 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
PRC - [2013/05/29 11:10:30 | 000,510,464 | ---- | M] () -- C:\Program Files\pia_manager\openvpn.exe
PRC - [2013/05/26 22:28:16 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\NotNick\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/05/24 12:48:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 01:40:52 | 000,339,968 | ---- | M] (g10 Code GmbH) -- C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe
PRC - [2013/05/16 01:40:52 | 000,304,128 | ---- | M] (g10 Code GmbH) -- C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
PRC - [2013/04/29 01:46:48 | 000,567,310 | ---- | M] () -- C:\Users\NotNick\Desktop\cgminer-3.1.0-windows\cgminer.exe
PRC - [2013/04/17 06:09:20 | 000,635,392 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
PRC - [2012/11/18 10:10:22 | 001,634,304 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/05 12:29:08 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/06/04 08:42:39 | 000,027,648 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2013/06/04 08:42:37 | 000,274,944 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
MOD - [2013/06/04 08:42:37 | 000,126,976 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2013/06/04 08:42:37 | 000,120,832 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
MOD - [2013/06/04 08:42:37 | 000,118,784 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
MOD - [2013/06/04 08:42:37 | 000,094,208 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2013/06/04 08:42:37 | 000,087,552 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2013/06/04 08:42:37 | 000,036,352 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
MOD - [2013/06/04 08:42:37 | 000,029,184 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2013/06/04 08:42:37 | 000,026,624 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
MOD - [2013/06/04 08:42:37 | 000,023,552 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
MOD - [2013/06/04 08:42:37 | 000,015,360 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
MOD - [2013/06/04 08:42:37 | 000,014,848 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2013/06/04 08:42:37 | 000,012,800 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2013/06/04 08:42:37 | 000,009,728 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2013/06/04 08:42:37 | 000,009,216 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2013/06/04 08:42:37 | 000,008,704 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
MOD - [2013/06/04 08:42:37 | 000,008,704 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
MOD - [2013/06/04 08:42:37 | 000,008,704 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
MOD - [2013/06/04 08:42:37 | 000,008,704 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
MOD - [2013/06/04 08:42:37 | 000,008,192 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
MOD - [2013/06/04 08:42:36 | 002,163,940 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\bin\libeay32-1.0.0-msvcrt.dll
MOD - [2013/06/04 08:42:36 | 000,459,458 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\bin\ssleay32-1.0.0-msvcrt.dll
MOD - [2013/06/04 08:42:36 | 000,104,448 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\bin\ZLIB1.dll
MOD - [2013/06/04 08:42:36 | 000,094,208 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrCCF3.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2013/06/04 08:42:35 | 000,126,976 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2013/06/04 08:42:35 | 000,094,208 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2013/06/04 08:42:35 | 000,087,552 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2013/06/04 08:42:35 | 000,029,184 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2013/06/04 08:42:35 | 000,027,648 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2013/06/04 08:42:35 | 000,014,848 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2013/06/04 08:42:35 | 000,012,800 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2013/06/04 08:42:35 | 000,009,728 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2013/06/04 08:42:35 | 000,009,216 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2013/06/04 08:42:34 | 000,094,208 | ---- | M] () -- C:\Users\NotNick\AppData\Local\Temp\ocrC600.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2013/05/29 11:10:33 | 000,059,904 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
MOD - [2013/05/29 11:10:31 | 001,234,944 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
MOD - [2013/05/29 11:10:31 | 001,198,592 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
MOD - [2013/05/29 11:10:31 | 000,815,104 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
MOD - [2013/05/29 11:10:31 | 000,745,472 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
MOD - [2013/05/29 11:10:31 | 000,642,048 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
MOD - [2013/05/29 11:10:31 | 000,511,488 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
MOD - [2013/05/29 11:10:31 | 000,344,064 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
MOD - [2013/05/29 11:10:31 | 000,290,816 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
MOD - [2013/05/29 11:10:31 | 000,176,128 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
MOD - [2013/05/29 11:10:30 | 009,184,240 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
MOD - [2013/05/29 11:10:30 | 000,510,464 | ---- | M] () -- C:\Program Files\pia_manager\openvpn.exe
MOD - [2013/05/29 11:10:30 | 000,376,832 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
MOD - [2013/05/29 11:10:30 | 000,217,088 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
MOD - [2013/05/29 11:10:30 | 000,200,704 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
MOD - [2013/05/29 11:10:30 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
MOD - [2013/05/29 11:10:30 | 000,090,112 | ---- | M] () -- C:\Program Files\pia_manager\lzo2.dll
MOD - [2013/05/24 12:48:14 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 01:26:16 | 000,627,712 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
MOD - [2013/05/16 01:25:26 | 000,221,184 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
MOD - [2013/05/16 01:25:14 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
MOD - [2013/05/16 01:22:48 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
MOD - [2013/05/16 01:21:10 | 000,050,176 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
MOD - [2013/05/15 18:48:40 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2013/05/15 18:48:40 | 001,241,088 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2013/05/06 18:05:20 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/04/29 03:22:14 | 000,247,747 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\libexpat.dll
MOD - [2013/04/29 01:46:50 | 000,192,512 | ---- | M] () -- C:\Users\NotNick\Desktop\cgminer-3.1.0-windows\libidn-11.dll
MOD - [2013/04/29 01:46:50 | 000,084,992 | ---- | M] () -- C:\Users\NotNick\Desktop\cgminer-3.1.0-windows\zlib1.dll
MOD - [2013/04/29 01:46:48 | 000,567,310 | ---- | M] () -- C:\Users\NotNick\Desktop\cgminer-3.1.0-windows\cgminer.exe
MOD - [2013/04/17 06:09:20 | 000,635,392 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
MOD - [2013/03/26 17:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/11 10:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 10:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 10:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/11/18 06:53:26 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/09/21 13:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011/07/18 14:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/24 12:46:40 | 002,122,224 | ---- | M] (GlavSoft LLC.) [Auto | Stopped] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/12/19 12:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/05 12:29:08 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/24 12:48:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/24 11:26:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/16 01:31:22 | 000,218,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/25 19:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2011/12/15 10:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2013/06/05 04:57:02 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013/05/11 00:23:31 | 000,041,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys -- (ERmvrDrv)
DRV:64bit: - [2013/04/12 11:41:28 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/31 02:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/12/19 13:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 12:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 04:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/10 20:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/04/13 11:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012/04/13 11:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/15 10:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/09 02:32:08 | 000,769,816 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/01 12:09:50 | 000,224,488 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2010/07/01 12:09:50 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/07 09:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/10/05 13:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 B4 D7 84 C2 BB CD 01  [binary data]
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2960442759-1352089658-152752919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "94.102.50.58"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.http: "94.102.50.58"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, en.lichess.org, kernelmode.info, 4chan.org, itschessti.me, whatismyipaddress.com, 64.31.48.46"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "94.102.50.58"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "94.102.50.58"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/05 14:41:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/11/08 22:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Extensions
[2012/11/06 12:34:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\extensions
[2012/11/06 12:34:05 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/05/29 10:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions
[2013/02/25 22:52:27 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/05/29 10:39:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/26 04:36:15 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/09 09:17:30 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/09 09:07:46 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/05/09 22:26:07 | 000,010,316 | ---- | M] () -- C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\searchplugins\duckduckgo.xml
[2013/05/24 12:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/24 12:48:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\NotNick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found
O4 - HKU\S-1-5-21-2960442759-1352089658-152752919-1000..\Run: [uTorrent] C:\Users\NotNick\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B9460B-E16A-49E5-A94E-2164CB3AC71D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C7B7D8D-E19E-4E93-98E1-2602D4DD4877}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7008BB09-C8F3-4271-B5A6-824D822D53C6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B73E5525-1257-46C6-8EA1-E98F511D1F02}: DhcpNameServer = 8.8.8.8 8.8.4.4
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL:  -  - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/06 10:55:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/06 08:36:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NotNick\Desktop\OTL(1).exe
[2013/06/05 14:41:41 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\Thunderbird
[2013/06/05 14:41:40 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Thunderbird
[2013/06/05 14:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/06/05 04:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013/06/04 19:45:47 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\TightVNC
[2013/06/04 19:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
[2013/06/04 19:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2013/06/04 19:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TightVNC
[2013/06/04 01:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.1
[2013/06/04 01:31:11 | 000,000,000 | ---D | C] -- C:\Python31
[2013/06/03 16:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX420 series
[2013/06/03 16:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2013/06/03 16:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/06/03 16:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013/06/03 16:03:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX
[2013/06/03 16:03:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2013/06/03 16:02:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/06/03 16:02:45 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013/06/03 16:02:19 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/06/03 14:50:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/03 14:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2013/06/03 14:39:57 | 000,000,000 | ---D | C] -- C:\Windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
[2013/05/29 23:33:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/29 22:00:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/29 22:00:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/29 22:00:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/29 22:00:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/29 22:00:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/29 13:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
[2013/05/29 13:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\HexChat
[2013/05/29 11:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2013/05/29 11:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Maker
[2013/05/29 00:41:01 | 000,000,000 | R--D | C] -- C:\Users\NotNick\Documents\Scanned Documents
[2013/05/29 00:41:00 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Fax
[2013/05/28 12:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/05/28 12:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/05/28 11:36:41 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\NotNick\Desktop\dds(1).com
[2013/05/28 11:24:22 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\ElevatedDiagnostics
[2013/05/28 11:15:24 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\NotNick\Desktop\tdsskiller(1).exe
[2013/05/28 11:06:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/28 10:49:20 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\RK_Quarantine
[2013/05/28 10:42:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\NotNick\Desktop\JRT.exe
[2013/05/28 01:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OWASP
[2013/05/28 01:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OWASP
[2013/05/27 08:08:04 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\GNU
[2013/05/27 08:07:42 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\.kde
[2013/05/27 08:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
[2013/05/27 08:01:54 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\gnupg
[2013/05/27 08:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GNU
[2013/05/27 08:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2013/05/26 22:26:28 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\uTorrent
[2013/05/26 04:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/26 04:00:04 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/05/26 04:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/05/26 03:55:23 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\GrantPerms
[2013/05/26 03:54:28 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\getservice
[2013/05/26 02:27:24 | 005,075,099 | R--- | C] (Swearware) -- C:\Users\NotNick\Desktop\ComboFix.exe
[2013/05/26 02:19:00 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\NotNick\Desktop\procexp.exe
[2013/05/25 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\NotNick\wireshark
[2013/05/25 15:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2013/05/25 15:57:33 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\ManyCam
[2013/05/25 15:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2013/05/25 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\ManyCam
[2013/05/25 15:57:24 | 000,044,928 | ---- | C] (ManyCam LLC) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys
[2013/05/25 15:56:05 | 000,519,304 | ---- | C] (Ask Partner Network) -- C:\Users\NotNick\Documents\APNSetup1.exe
[2013/05/25 15:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/05/25 15:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2013/05/24 21:08:55 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/05/24 21:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2013/05/24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pidgin-otr
[2013/05/24 20:45:25 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\.purple
[2013/05/24 20:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2013/05/24 20:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sapphire TRIXX
[2013/05/24 12:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/24 12:39:40 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\cgminer-3.1.0-windows
[2013/05/24 11:46:09 | 013,946,234 | ---- | C] (MSI Co., LTD                                                ) -- C:\Users\NotNick\Desktop\MSI_Kombustor_Setup_2.5.0.exe
[2013/05/24 11:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/05/24 11:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/05/24 11:09:25 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Desktop\cgminer-3.1.1-windows
[2013/05/24 08:05:51 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\Apple Computer
[2013/05/24 08:05:50 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Titanium
[2013/05/24 08:05:50 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Apple Computer
[2013/05/24 08:05:29 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
[2013/05/24 08:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\pia_manager
[2013/05/11 02:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/11 01:43:38 | 000,000,000 | ---D | C] -- C:\Users\NotNick\kaminanda
[2013/05/10 17:27:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Netwide Assembler 2.10.07
[2013/05/10 17:27:12 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\nasm
[2013/05/10 17:26:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\Subversion
[2013/05/10 00:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013/05/10 00:07:01 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Downloads
[2013/05/10 00:06:59 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\HexChat
[2013/05/09 19:54:51 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Untitledr
[2013/05/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Videos
[2013/05/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Podcasts
[2013/05/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Music
[2013/05/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\Audiobooks
[2013/05/09 16:24:27 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Local\gtk-2.0
[2013/05/09 16:20:45 | 000,000,000 | ---D | C] -- C:\Users\NotNick\Documents\.cache
[2013/05/09 16:20:23 | 000,000,000 | ---D | C] -- C:\Users\NotNick\AppData\Roaming\banshee-1
[2013/05/09 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[8 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\NotNick\*.tmp files -> C:\Users\NotNick\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/06 10:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/06 10:04:49 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 10:04:49 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 08:41:01 | 000,000,600 | ---- | M] () -- C:\Users\NotNick\AppData\Local\PUTTY.RND
[2013/06/06 08:40:00 | 000,000,218 | ---- | M] () -- C:\Users\NotNick\AppData\Local\recently-used.xbel
[2013/06/06 08:36:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NotNick\Desktop\OTL(1).exe
[2013/06/05 14:41:48 | 000,002,110 | ---- | M] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/06/05 14:41:37 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013/06/05 07:26:24 | 000,669,481 | ---- | M] () -- C:\Users\NotNick\Desktop\KERNELBASE.udd
[2013/06/05 07:26:24 | 000,079,061 | ---- | M] () -- C:\Users\NotNick\Desktop\ChromeSetup.udd
[2013/06/05 07:26:24 | 000,007,490 | ---- | M] () -- C:\Users\NotNick\Desktop\ollydbg.ini
[2013/06/05 07:26:24 | 000,000,157 | ---- | M] () -- C:\Users\NotNick\Desktop\ntdll.udd
[2013/06/05 05:33:52 | 000,005,899 | ---- | M] () -- C:\Users\NotNick\Desktop\test.asm
[2013/06/05 04:57:06 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013/06/05 04:57:02 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013/06/05 04:33:41 | 000,079,060 | ---- | M] () -- C:\Users\NotNick\Desktop\ChromeSetup.bak
[2013/06/04 15:07:15 | 000,718,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/04 15:07:15 | 000,612,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/04 15:07:15 | 000,110,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/04 13:08:11 | 000,319,542 | ---- | M] () -- C:\Users\NotNick\Desktop\IEDiag.cab
[2013/06/04 01:40:38 | 000,007,788 | ---- | M] () -- C:\Users\NotNick\Desktop\test.py
[2013/06/03 23:52:30 | 000,002,935 | ---- | M] () -- C:\Users\NotNick\Desktop\nig.py
[2013/06/03 21:56:17 | 000,000,820 | ---- | M] () -- C:\Users\NotNick\Desktop\nig1.py
[2013/06/03 16:03:48 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2013/06/03 14:49:04 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013/06/03 14:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 14:48:10 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/30 04:50:13 | 448,372,736 | ---- | M] () -- C:\Users\NotNick\Documents\capture-18.camrec
[2013/05/30 04:49:43 | 000,005,632 | ---- | M] () -- C:\Users\NotNick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/29 22:13:08 | 005,075,099 | R--- | M] (Swearware) -- C:\Users\NotNick\Desktop\ComboFix.exe
[2013/05/29 11:55:24 | 000,001,060 | ---- | M] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2013/05/29 11:55:24 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013/05/28 14:48:03 | 286,887,936 | ---- | M] () -- C:\Users\NotNick\Documents\capture-17.camrec
[2013/05/28 14:06:19 | 000,272,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/28 13:21:23 | 000,785,994 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/28 10:42:45 | 000,632,031 | ---- | M] () -- C:\Users\NotNick\Desktop\adwcleaner(2).exe
[2013/05/28 10:42:41 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\NotNick\Desktop\JRT.exe
[2013/05/28 10:42:33 | 000,791,040 | ---- | M] () -- C:\Users\NotNick\Desktop\RogueKillerX64.exe
[2013/05/28 09:40:27 | 129,818,624 | ---- | M] () -- C:\Users\NotNick\Documents\capture-15.camrec
[2013/05/28 09:40:25 | 129,818,624 | ---- | M] () -- C:\Users\NotNick\Documents\capture-16.camrec
[2013/05/28 01:03:11 | 000,002,034 | ---- | M] () -- C:\Users\NotNick\Desktop\OWASP ZAP 2.1.0.lnk
[2013/05/26 22:28:16 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/26 22:28:16 | 000,000,835 | ---- | M] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/05/26 05:10:27 | 000,258,842 | ---- | M] () -- C:\Users\NotNick\Documents\cc_20130526_051023.reg
[2013/05/26 04:22:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/26 04:00:04 | 000,002,985 | ---- | M] () -- C:\Users\NotNick\Desktop\HiJackThis.lnk
[2013/05/26 02:43:18 | 000,000,000 | ---- | M] () -- C:\Users\NotNick\defogger_reenable
[2013/05/26 02:27:36 | 000,062,565 | ---- | M] () -- C:\Users\NotNick\Documents\Vba32ArkitLog.html
[2013/05/26 02:27:36 | 000,008,040 | ---- | M] () -- C:\Users\NotNick\Documents\Vba32ArkitLog.zip
[2013/05/26 02:17:54 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\NotNick\Desktop\dds(1).com
[2013/05/26 02:17:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\NotNick\Desktop\tdsskiller(1).exe
[2013/05/26 00:05:55 | 000,001,326 | ---- | M] () -- C:\Users\NotNick\Documents\gfd.reg
[2013/05/26 00:02:48 | 000,001,604 | ---- | M] () -- C:\Users\NotNick\Documents\asdf.reg
[2013/05/26 00:02:27 | 000,001,414 | ---- | M] () -- C:\Users\NotNick\Documents\gfhf.reg
[2013/05/25 15:57:53 | 000,001,101 | ---- | M] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/05/25 15:57:53 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/05/24 22:08:06 | 000,000,000 | ---- | M] () -- C:\Users\NotNick\test.py
[2013/05/24 22:08:06 | 000,000,000 | ---- | M] () -- C:\Users\NotNick\%WinDir%
[2013/05/24 22:08:06 | 000,000,000 | ---- | M] () -- C:\Users\NotNick\%temp%
[2013/05/24 11:52:09 | 000,001,086 | ---- | M] () -- C:\Users\NotNick\Desktop\MSI Afterburner.lnk
[2013/05/24 07:11:59 | 000,000,289 | ---- | M] () -- C:\Users\NotNick\Desktop\cfg.json
[2013/05/23 18:37:34 | 000,011,515 | ---- | M] () -- C:\Users\NotNick\Desktop\report.html
[2013/05/11 00:23:31 | 000,041,328 | ---- | M] () -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys
[2013/05/10 17:27:12 | 000,001,906 | ---- | M] () -- C:\Users\NotNick\Desktop\nasm.lnk
[2013/05/10 15:51:52 | 000,207,687 | ---- | M] () -- C:\Users\NotNick\Desktop\peel.py
[2013/05/10 00:17:56 | 159,243,728 | ---- | M] () -- C:\Users\NotNick\Documents\capture-15.avi
[2013/05/09 19:32:19 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Install Microsoft Mouse and Keyboard Center.lnk
[2013/05/09 16:06:17 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/09 09:41:32 | 000,047,164 | ---- | M] () -- C:\Users\NotNick\Desktop\Untitled.png
[2013/05/09 09:40:23 | 000,039,559 | ---- | M] () -- C:\Users\NotNick\Untitled.png
[2013/05/09 09:21:19 | 005,439,488 | ---- | M] () -- C:\Users\NotNick\Desktop\bbb.dat
[8 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\NotNick\*.tmp files -> C:\Users\NotNick\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/06 08:40:00 | 000,000,218 | ---- | C] () -- C:\Users\NotNick\AppData\Local\recently-used.xbel
[2013/06/05 14:41:37 | 000,002,110 | ---- | C] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/06/05 14:41:37 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013/06/05 14:41:37 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013/06/05 07:26:24 | 000,669,481 | ---- | C] () -- C:\Users\NotNick\Desktop\KERNELBASE.udd
[2013/06/05 07:26:24 | 000,000,157 | ---- | C] () -- C:\Users\NotNick\Desktop\ntdll.udd
[2013/06/05 05:02:35 | 000,005,899 | ---- | C] () -- C:\Users\NotNick\Desktop\test.asm
[2013/06/05 04:33:41 | 000,079,061 | ---- | C] () -- C:\Users\NotNick\Desktop\ChromeSetup.udd
[2013/06/05 04:33:41 | 000,079,060 | ---- | C] () -- C:\Users\NotNick\Desktop\ChromeSetup.bak
[2013/06/05 04:28:07 | 000,007,490 | ---- | C] () -- C:\Users\NotNick\Desktop\ollydbg.ini
[2013/06/05 03:42:08 | 000,011,515 | ---- | C] () -- C:\Users\NotNick\Desktop\report.html
[2013/06/04 13:08:11 | 000,319,542 | ---- | C] () -- C:\Users\NotNick\Desktop\IEDiag.cab
[2013/06/04 03:47:15 | 000,078,116 | ---- | C] () -- C:\Users\NotNick\Desktop\start.exe
[2013/06/04 01:33:35 | 000,007,788 | ---- | C] () -- C:\Users\NotNick\Desktop\test.py
[2013/06/03 21:56:17 | 000,000,820 | ---- | C] () -- C:\Users\NotNick\Desktop\nig1.py
[2013/06/03 21:43:18 | 000,002,935 | ---- | C] () -- C:\Users\NotNick\Desktop\nig.py
[2013/06/03 16:03:48 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2013/06/03 16:03:46 | 000,015,104 | ---- | C] () -- C:\Windows\SysWow64\CNC174FD.TBL
[2013/05/30 04:49:59 | 448,372,736 | ---- | C] () -- C:\Users\NotNick\Documents\capture-18.camrec
[2013/05/29 22:00:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/29 22:00:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/29 22:00:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/29 22:00:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/29 22:00:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/29 12:01:48 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013/05/28 14:47:55 | 286,887,936 | ---- | C] () -- C:\Users\NotNick\Documents\capture-17.camrec
[2013/05/28 10:58:13 | 000,272,872 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/28 10:42:28 | 000,791,040 | ---- | C] () -- C:\Users\NotNick\Desktop\RogueKillerX64.exe
[2013/05/28 10:42:22 | 000,632,031 | ---- | C] () -- C:\Users\NotNick\Desktop\adwcleaner(2).exe
[2013/05/28 09:40:19 | 129,818,624 | ---- | C] () -- C:\Users\NotNick\Documents\capture-16.camrec
[2013/05/28 09:40:16 | 129,818,624 | ---- | C] () -- C:\Users\NotNick\Documents\capture-15.camrec
[2013/05/28 01:03:11 | 000,002,034 | ---- | C] () -- C:\Users\NotNick\Desktop\OWASP ZAP 2.1.0.lnk
[2013/05/26 22:28:16 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/05/26 22:28:16 | 000,000,835 | ---- | C] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/05/26 05:10:25 | 000,258,842 | ---- | C] () -- C:\Users\NotNick\Documents\cc_20130526_051023.reg
[2013/05/26 04:22:16 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/26 04:00:04 | 000,002,985 | ---- | C] () -- C:\Users\NotNick\Desktop\HiJackThis.lnk
[2013/05/26 02:43:18 | 000,000,000 | ---- | C] () -- C:\Users\NotNick\defogger_reenable
[2013/05/26 02:19:00 | 000,072,154 | ---- | C] () -- C:\Users\NotNick\Desktop\procexp.chm
[2013/05/26 00:25:28 | 000,062,565 | ---- | C] () -- C:\Users\NotNick\Documents\Vba32ArkitLog.html
[2013/05/26 00:25:28 | 000,008,040 | ---- | C] () -- C:\Users\NotNick\Documents\Vba32ArkitLog.zip
[2013/05/26 00:05:55 | 000,001,326 | ---- | C] () -- C:\Users\NotNick\Documents\gfd.reg
[2013/05/26 00:02:48 | 000,001,604 | ---- | C] () -- C:\Users\NotNick\Documents\asdf.reg
[2013/05/26 00:02:27 | 000,001,414 | ---- | C] () -- C:\Users\NotNick\Documents\gfhf.reg
[2013/05/25 15:57:53 | 000,001,101 | ---- | C] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/05/25 15:57:53 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/05/24 22:36:45 | 000,000,000 | ---- | C] () -- C:\Users\NotNick\%temp%
[2013/05/24 22:10:01 | 000,000,000 | ---- | C] () -- C:\Users\NotNick\%WinDir%
[2013/05/24 22:08:06 | 000,000,000 | ---- | C] () -- C:\Users\NotNick\test.py
[2013/05/24 20:45:10 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2013/05/24 11:52:09 | 000,001,086 | ---- | C] () -- C:\Users\NotNick\Desktop\MSI Afterburner.lnk
[2013/05/24 11:46:09 | 009,180,976 | ---- | C] () -- C:\Users\NotNick\Desktop\MSIAfterburnerSetup231.exe
[2013/05/11 00:23:31 | 000,041,328 | ---- | C] () -- C:\Windows\SysNative\drivers\ERKRmvrDrv.sys
[2013/05/10 19:34:43 | 000,798,720 | ---- | C] () -- C:\Windows\yasm.exe
[2013/05/10 17:27:12 | 000,001,906 | ---- | C] () -- C:\Users\NotNick\Desktop\nasm.lnk
[2013/05/10 16:12:35 | 001,117,696 | ---- | C] () -- C:\Users\NotNick\Desktop\OLLYDBG.EXE
[2013/05/10 16:12:22 | 000,063,488 | ---- | C] () -- C:\Users\NotNick\Desktop\Cmdline.dll
[2013/05/10 16:12:22 | 000,055,808 | ---- | C] () -- C:\Users\NotNick\Desktop\BOOKMARK.DLL
[2013/05/10 15:51:50 | 000,207,687 | ---- | C] () -- C:\Users\NotNick\Desktop\peel.py
[2013/05/10 00:21:27 | 159,243,728 | ---- | C] () -- C:\Users\NotNick\Documents\capture-15.avi
[2013/05/10 00:20:09 | 000,001,060 | ---- | C] () -- C:\Users\NotNick\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2013/05/10 00:20:09 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013/05/09 19:32:19 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Install Microsoft Mouse and Keyboard Center.lnk
[2013/05/09 16:06:17 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/09 09:40:23 | 000,039,559 | ---- | C] () -- C:\Users\NotNick\Untitled.png
[2013/05/09 09:21:15 | 005,439,488 | ---- | C] () -- C:\Users\NotNick\Desktop\bbb.dat
[2013/04/01 03:00:18 | 000,802,816 | ---- | C] () -- C:\Users\NotNick\__db.005
[2013/04/01 03:00:18 | 000,270,336 | ---- | C] () -- C:\Users\NotNick\__db.003
[2013/04/01 03:00:18 | 000,212,992 | ---- | C] () -- C:\Users\NotNick\__db.002
[2013/04/01 03:00:18 | 000,163,840 | ---- | C] () -- C:\Users\NotNick\__db.004
[2013/04/01 03:00:18 | 000,049,152 | ---- | C] () -- C:\Users\NotNick\__db.006
[2013/04/01 03:00:18 | 000,024,576 | ---- | C] () -- C:\Users\NotNick\__db.001
[2013/04/01 02:58:50 | 000,802,816 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.005
[2013/04/01 02:58:50 | 000,270,336 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.003
[2013/04/01 02:58:50 | 000,212,992 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.002
[2013/04/01 02:58:50 | 000,163,840 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.004
[2013/04/01 02:58:50 | 000,049,152 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.006
[2013/04/01 02:58:50 | 000,024,576 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\__db.001
[2013/03/16 17:37:27 | 010,485,760 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\log.0000000001
[2013/03/16 17:34:43 | 010,485,760 | ---- | C] () -- C:\Users\NotNick\log.0000000001
[2013/01/18 04:25:41 | 000,326,747 | ---- | C] () -- C:\Users\NotNick\SatoshiRoller - Copy.wallet
[2013/01/17 19:57:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/01/05 11:42:44 | 008,151,040 | ---- | C] () -- C:\Users\NotNick\wallet.dat
[2013/01/04 16:28:48 | 000,876,544 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\wallet1.dat
[2013/01/03 03:23:22 | 000,005,632 | ---- | C] () -- C:\Users\NotNick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/02 22:30:27 | 000,009,758 | ---- | C] () -- C:\Users\NotNick\secring.gpg
[2013/01/02 22:30:27 | 000,007,856 | ---- | C] () -- C:\Users\NotNick\gpg.conf
[2013/01/02 22:30:27 | 000,004,442 | ---- | C] () -- C:\Users\NotNick\pubring.gpg~
[2013/01/02 22:30:27 | 000,004,442 | ---- | C] () -- C:\Users\NotNick\pubring.gpg
[2013/01/02 22:30:27 | 000,001,360 | ---- | C] () -- C:\Users\NotNick\trustdb.gpg
[2013/01/02 22:30:27 | 000,000,600 | ---- | C] () -- C:\Users\NotNick\random_seed
[2013/01/02 22:29:50 | 000,006,710 | ---- | C] () -- C:\Users\NotNick\nick-privkey.asc
[2013/01/02 22:29:50 | 000,003,109 | ---- | C] () -- C:\Users\NotNick\nick-pubkey.asc
[2012/12/31 14:07:50 | 000,000,111 | ---- | C] () -- C:\Users\NotNick\AppData\Roaming\profiles.ini
[2012/12/18 08:05:40 | 000,001,049 | ---- | C] () -- C:\Users\NotNick\Documents - Shortcut.lnk
[2012/12/18 07:45:41 | 000,007,596 | ---- | C] () -- C:\Users\NotNick\AppData\Local\resmon.resmoncfg
[2012/12/17 20:26:17 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/12/17 20:26:17 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/12/17 20:26:17 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/12/17 20:26:17 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/12/17 20:26:17 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/11/27 22:23:46 | 000,000,600 | ---- | C] () -- C:\Users\NotNick\AppData\Local\PUTTY.RND
[2012/11/11 15:29:25 | 000,000,095 | ---- | C] () -- C:\Users\NotNick\AppData\Local\fusioncache.dat
[2012/11/07 10:41:59 | 000,785,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/05 19:21:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/28 12:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/07/03 22:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/03 22:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/27 08:08:39 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\.kde
[2012/12/28 01:49:10 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\.minecraft
[2013/06/06 08:40:31 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\.purple
[2013/01/10 01:23:28 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Arduino
[2013/05/25 00:35:26 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\banshee-1
[2013/05/27 08:31:52 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Bitcoin
[2012/12/31 14:07:50 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Crash Reports
[2013/05/26 04:26:56 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\FileZilla
[2013/06/04 04:27:01 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\gnupg
[2013/06/06 08:39:59 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\HexChat
[2013/06/04 23:51:24 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Litecoin
[2012/11/05 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\LolClient
[2013/05/25 15:58:15 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\ManyCam
[2013/02/01 23:17:36 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\NetBeans
[2012/11/20 21:37:01 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Notepad++
[2012/11/21 22:47:15 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\poclbm
[2012/11/19 11:42:43 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\PowerISO
[2013/05/09 13:45:32 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\PPCoin
[2012/12/31 14:07:50 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Profiles
[2013/05/10 17:26:13 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Subversion
[2013/01/03 03:57:10 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\TechSmith
[2013/06/05 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Thunderbird
[2013/06/04 19:45:47 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\TightVNC
[2013/05/24 08:05:50 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\Titanium
[2013/05/09 15:07:26 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\TrueCrypt
[2013/06/06 10:59:38 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\uTorrent
[2012/12/01 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\NotNick\AppData\Roaming\X-Chat 2
 
========== Purity Check ==========
 
 

< End of report >
 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by NotNick at 11:20:11 on 2013-06-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.3012 [GMT -7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe
C:\Windows\explorer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uRun: [uTorrent] "C:\Users\NotNick\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{51B9460B-E16A-49E5-A94E-2164CB3AC71D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5C7B7D8D-E19E-4E93-98E1-2602D4DD4877} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7008BB09-C8F3-4271-B5A6-824D822D53C6} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{8F3B287D-A94B-430B-81C6-EDFAC44A4854} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B73E5525-1257-46C6-8EA1-E98F511D1F02} : DHCPNameServer = 8.8.8.8 8.8.4.4
SSODL:  - clsid is not listed - N/A
x64-Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NotNick\AppData\Roaming\Mozilla\Firefox\Profiles\5pzsmk0i.default-1356987280212\
FF - prefs.js: network.proxy.ftp - 94.102.50.58
FF - prefs.js: network.proxy.ftp_port - 8888
FF - prefs.js: network.proxy.http - 94.102.50.58
FF - prefs.js: network.proxy.http_port - 8888
FF - prefs.js: network.proxy.socks - 94.102.50.58
FF - prefs.js: network.proxy.socks_port - 8888
FF - prefs.js: network.proxy.ssl - 94.102.50.58
FF - prefs.js: network.proxy.ssl_port - 8888
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Ext2Fsd;Linux ext2 file system driver;C:\Windows\System32\drivers\ext2fsd.sys [2012-12-28 769816]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-5-25 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2010-1-7 676864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-16 218112]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2013-5-24 2122224]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-11-5 46136]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-12-17 16776]
S3 ERmvrDrv;ESET standalone malware removal tool kernel-mode driver;C:\Windows\System32\drivers\ERKRmvrDrv.sys [2013-5-11 41328]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-12-17 9096]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;C:\Windows\System32\drivers\RTL2832U_IRHID.sys [2009-10-5 44320]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;C:\Windows\System32\drivers\RTL2832UBDA.sys [2010-7-1 224488]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;C:\Windows\System32\drivers\RTL2832UUSB.sys [2010-7-1 39016]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-4-12 106256]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-6 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2013-06-06 17:55:21    --------    d-----w-    C:\_OTL
2013-06-05 21:41:41    --------    d-----w-    C:\Users\NotNick\AppData\Local\Thunderbird
2013-06-05 11:56:43    --------    d-----w-    C:\Program Files\TrueCrypt
2013-06-05 02:45:47    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\TightVNC
2013-06-05 02:44:54    --------    d-----w-    C:\Program Files\TightVNC
2013-06-05 02:44:53    --------    d-----w-    C:\ProgramData\TightVNC
2013-06-04 08:31:11    --------    d-----w-    C:\Python31
2013-06-03 23:03:48    --------    d-----w-    C:\ProgramData\Canon IJ Network Tool
2013-06-03 23:03:47    --------    d-----w-    C:\Program Files (x86)\Canon
2013-06-03 23:03:46    315392    ----a-w-    C:\Windows\SysWow64\CNC420L.dll
2013-06-03 23:03:46    15872    ----a-w-    C:\Windows\SysWow64\CNHMCA.dll
2013-06-03 23:03:46    106496    ----a-w-    C:\Windows\SysWow64\CNC420U.dll
2013-06-03 23:03:36    --------    d--h--w-    C:\ProgramData\CanonIJFAX
2013-06-03 23:03:08    39424    ----a-w-    C:\Windows\System32\CNMN6UI.DLL
2013-06-03 23:03:08    366592    ----a-w-    C:\Windows\SysWow64\CNMNPPM.DLL
2013-06-03 23:03:08    359936    ----a-w-    C:\Windows\System32\CNMN6PPM.DLL
2013-06-03 23:03:08    --------    d-----w-    C:\Windows\System32\STRING
2013-06-03 23:02:33    302080    ----a-w-    C:\Windows\System32\SET7658.tmp
2013-06-03 23:02:33    302080    ----a-w-    C:\Windows\System32\SET300A.tmp
2013-06-03 23:02:31    248320    ----a-w-    C:\Windows\System32\CNMIUAM.DLL
2013-06-03 21:50:12    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-03 21:40:40    --------    d-----w-    C:\Program Files (x86)\Belkin
2013-06-03 21:39:57    --------    d-----w-    C:\Windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2013-05-30 06:33:47    --------    d-s---w-    C:\ComboFix
2013-05-30 05:00:40    98816    ----a-w-    C:\Windows\sed.exe
2013-05-30 05:00:40    256000    ----a-w-    C:\Windows\PEV.exe
2013-05-30 05:00:40    208896    ----a-w-    C:\Windows\MBR.exe
2013-05-29 20:18:33    --------    d-----w-    C:\Program Files\HexChat
2013-05-29 19:57:12    --------    d-----w-    C:\MSI370fd.tmp
2013-05-29 19:57:12    --------    d-----w-    C:\MSI370fb.tmp
2013-05-29 18:54:26    --------    d-----w-    C:\Program Files\Oracle
2013-05-29 18:03:37    --------    d-----w-    C:\Program Files\DVD Maker
2013-05-29 17:46:27    --------    d-----w-    C:\MSI76088.tmp
2013-05-29 17:46:27    --------    d-----w-    C:\MSI76086.tmp
2013-05-29 07:37:15    --------    d-----w-    C:\MSI28f9f.tmp
2013-05-29 07:37:15    --------    d-----w-    C:\MSI28f9d.tmp
2013-05-29 07:34:11    --------    d-----w-    C:\MSIfc37b.tmp
2013-05-29 07:34:11    --------    d-----w-    C:\MSIfc379.tmp
2013-05-28 19:56:23    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-28 19:56:22    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-28 19:55:36    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-05-28 19:55:36    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-05-28 19:55:36    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-05-28 19:55:36    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-05-28 18:24:22    --------    d-----w-    C:\Users\NotNick\AppData\Local\ElevatedDiagnostics
2013-05-28 18:06:38    --------    d-----w-    C:\Windows\ERUNT
2013-05-28 08:02:42    --------    d-----w-    C:\Program Files (x86)\OWASP
2013-05-27 15:08:04    --------    d-----w-    C:\Users\NotNick\AppData\Local\GNU
2013-05-27 15:07:42    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\.kde
2013-05-27 15:01:54    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\gnupg
2013-05-27 15:01:50    --------    d-----w-    C:\ProgramData\GNU
2013-05-27 15:01:32    --------    d-----w-    C:\Program Files (x86)\GNU
2013-05-27 05:26:28    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\uTorrent
2013-05-26 12:58:24    750592    ----a-w-    C:\Windows\System32\win32spl.dll
2013-05-26 12:58:24    492032    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-05-26 12:58:23    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-26 12:58:23    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-26 12:58:23    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-26 12:58:12    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-05-26 12:58:12    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-05-26 12:58:11    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-05-26 12:58:11    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-05-26 12:58:11    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-05-26 12:58:11    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2013-05-26 11:00:04    388096    ----a-r-    C:\Users\NotNick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-26 11:00:03    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-05-26 05:15:54    --------    d-----w-    C:\Users\NotNick\wireshark
2013-05-25 22:57:33    --------    d-----w-    C:\Users\NotNick\AppData\Local\ManyCam
2013-05-25 22:57:33    --------    d-----w-    C:\ProgramData\ManyCam
2013-05-25 22:57:31    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\ManyCam
2013-05-25 22:57:24    44928    ----a-w-    C:\Windows\System32\drivers\mcvidrv_x64.sys
2013-05-25 22:56:03    --------    d-----w-    C:\Program Files (x86)\ManyCam
2013-05-25 04:08:54    --------    d-----w-    C:\Program Files (x86)\pidgin-otr
2013-05-25 03:45:25    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\.purple
2013-05-25 03:44:54    --------    d-----w-    C:\Program Files (x86)\Pidgin
2013-05-25 03:08:49    --------    d-----w-    C:\Program Files (x86)\Sapphire TRIXX
2013-05-24 15:05:51    --------    d-----w-    C:\Users\NotNick\AppData\Local\Apple Computer
2013-05-24 15:05:50    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\Titanium
2013-05-24 15:05:17    --------    d-----w-    C:\Program Files\pia_manager
2013-05-11 08:43:38    --------    d-----w-    C:\Users\NotNick\kaminanda
2013-05-11 07:23:31    41328    ----a-w-    C:\Windows\System32\drivers\ERKRmvrDrv.sys
2013-05-11 02:34:43    798720    ----a-w-    C:\Windows\yasm.exe
2013-05-11 00:27:12    --------    d-----w-    C:\Users\NotNick\AppData\Local\nasm
2013-05-11 00:26:13    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\Subversion
2013-05-10 07:20:07    237840    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2013-05-10 07:19:55    120080    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-05-10 07:06:59    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\HexChat
2013-05-10 02:54:51    --------    d-----w-    C:\Users\NotNick\Untitledr
2013-05-09 23:24:27    --------    d-----w-    C:\Users\NotNick\AppData\Local\gtk-2.0
2013-05-09 23:20:23    --------    d-----w-    C:\Users\NotNick\AppData\Roaming\banshee-1
.
==================== Find3M  ====================
.
2013-06-05 11:57:02    231376    ----a-w-    C:\Windows\System32\drivers\truecrypt.sys
2013-05-24 18:26:28    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-24 18:26:28    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-12 18:41:28    131856    ----a-w-    C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-04-12 18:40:18    146704    ----a-w-    C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-04-12 18:40:18    106256    ----a-w-    C:\Windows\System32\drivers\VBoxUSB.sys
2013-04-12 18:40:16    204048    ----a-w-    C:\Windows\System32\VBoxNetFltNobj.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-05 01:08:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 00:59:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-02-26 05:52:36    4126720    ----a-w-    C:\Program Files (x86)\GUT958B.tmp
.
============= FINISH: 11:20:31.26 ===============
Attatch:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2012 5:51:58 PM
System Uptime: 6/3/2013 2:48:03 PM (69 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A785-M
Processor: AMD Phenom™ II X4 B50 Processor | AM2 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 245 GiB total, 5.813 GiB free.
F: is FIXED (EXT3) - 48 GiB total, 32.926 GiB free.
K: is FIXED (NTFS) - 245 GiB total, 5.813 GiB free.
V: is FIXED (EXT3) - 163 GiB total, 5.501 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&377C5A3A&0&02
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #2
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&377C5A3A&0&02
Service: vwifimp
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AODDriver4.2
Device ID: ROOT\LEGACY_AODDRIVER4.2\0000
Manufacturer:
Name: AODDriver4.2
PNP Device ID: ROOT\LEGACY_AODDRIVER4.2\0000
Service: AODDriver4.2
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03\4&B2F080F&0&0050
Manufacturer: Realtek
Name: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03\4&B2F080F&0&0050
Service: RTL8167
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Bridged Networking Driver Miniport
Device ID: ROOT\SUN_VBOXNETFLTMP\0008
Manufacturer: Oracle Corporation
Name: Microsoft Virtual WiFi Miniport Adapter #2 - VirtualBox Bridged Networking Driver Miniport
PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0008
Service: VBoxNetFlt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
==== System Restore Points ===================
.
RP81: 6/6/2013 8:46:57 AM - OTL Restore Point - 6/6/2013 8:46:56 AM
RP82: 6/6/2013 9:11:50 AM - OTL Restore Point - 6/6/2013 9:11:49 AM
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
Age of Empires® III: Complete Collection
AMD Accelerated Video Transcoding
AMD APP CPU SDK Runtime
AMD APP KernelAnalyzer
AMD APP Profiler
AMD APP SDK Developer
AMD APP SDK Runtime
AMD APP SDK Samples
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Belkin F7D1101 Basic Wireless USB Adapter
Bitcoin
Borderlands
Camtasia Studio 8
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MX420 series MP Drivers
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Counter-Strike: Global Offensive
Crysis®
Ext2Fsd 0.51
FileZilla Client 3.6.0.1
Gpg4win (2.1.1-beta197)
GTK2-Runtime
HexChat (x64)
HiJackThis
Kits Configuration Installer
League of Legends
Litecoin
ManyCam 3.1.53
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MinGW-Get version 0.5-beta-20120426-1
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.6 (x86 en-US)
MSI Afterburner 2.3.1
Notepad++
OpenVPN 2.2.2
Oracle VM VirtualBox 4.2.12
OWASP ZAP 2.1.0
Pidgin
pidgin-otr 4.0.0-1
PPCoin
Private Internet Access Support Files
Python 2.7 Twisted-12.3.0
Python 3.1 (64-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Sid Meier's Civilization V
Skype™ 6.3
SpeedFan (remove only)
Steam
Subversion
Team Fortress 2
The Elder Scrolls V: Skyrim
TightVNC
TrueCrypt
VLC media player 2.0.6
Windows Driver Kit
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/6/2013 8:42:13 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
6/6/2013 8:42:13 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/5/2013 5:41:25 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/5/2013 1:33:17 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Workstation service which failed to start because of the following error:  The service has not been started.
6/4/2013 11:53:16 PM, Error: Service Control Manager [7031]  - The TightVNC Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/4/2013 11:52:26 PM, Error: Service Control Manager [7034]  - The DirMngr service terminated unexpectedly.  It has done this 1 time(s).
6/3/2013 2:50:31 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/3/2013 2:49:07 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
6/3/2013 2:49:05 PM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  %%-2147024894
6/3/2013 2:48:56 PM, Error: Service Control Manager [7000]  - The AODDriver4.2 service failed to start due to the following error:  The system cannot find the path specified.
.
==== End Of File ===========================
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 PM

Posted 07 June 2013 - 07:26 AM

Your logs are clean.

any remaining issues?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 PM

Posted 13 June 2013 - 08:33 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:26 PM

Posted 19 June 2013 - 07:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users